Active Directory Six: implementation of a multi-domain environment (multi-site)

Through the previous installments of learning, we learned the single domain single site and multi-site design, but also learned the design of a multi-domain single site, today we will learn about multi-domain multi-site design.

Scene: Headquartered in Beijing, Shanghai and Guangdong Each has a branch, the request for Active Directory design. The forest functional level is windows2003 mode.

First, Analysis:

According to the company's actual situation, we design three domains, Beijing is the root domain, Shanghai and Guangdong are two subdomains respectively, this is the logical structure, in the physical structure of our design three sites. The specific meaning of the site, you can refer to the previous tutorial.

Subnet design: Because each site must use a different subnet, so for the Beijing site we use 10.1.1.0/24 and 10.2.1.0/24 two subnets, Shanghai site using 172.16.1.0/24 subnet, Guangdong site using 192.168.1.0/24 subnet.

GC Design: To solve the user's login problem, we have nothing but two ways, one is to design GC at each site, the second method can not schedule GC in this site, but to the site to enable the Universal group membership cache feature. We can according to the actual situation to implement, as to how to implement, please refer to the previous tutorial.

Second, the design process:

1. Root domain design: Run dcpromo on DC in Beijing, complete the installation of AD. If necessary, you can install a second or third DC. and design DNS, if more than one DC, the proposal is designed to do the same DNS server.

2. The creation of the site: in Beijing DC Open Dssite.msc, create another two sites, and create the corresponding subnet, and the corresponding subnet and site combination, must not make a mistake yo! Rename the Default-first-site-name to Beijing.

3. The design of two subdomains: to do the backup of ad database in Beijing DC, and restore its backup to a specific directory of a server in Shanghai and Guangdong, run DCPROMO/ADV in the corresponding server to complete the construction of two subdomain DCs. (Of course the corresponding subnet, etc. must be designed correctly). After you've done that, you'll find that the corresponding DC is within the site when you open the Dssite.msc.

4. GC rules: Depending on the situation, you can design a GC at each site, or enable the universal group membership cache. I want to be specific to realize I don't have to say, refer to the previous tutorial can be.

5. Child Domain delegation: Finally DNS child domain delegation work. This process refers to the "three of the Active Directory series: The implementation of a multi-domain environment (single site)".

Third, Summary:

In the design process of this scheme, the most easily overlooked is the design of GC. If you think about it here, there are not too many problems.

The whole design process is simple, no longer step-by-step diagram is resolved. If you have any questions, you can leave a message.

This article from the "Qianshan Island of the main Microsoft technology Space Station" blog, please be sure to retain this source http://jary3000.blog.51cto.com/610705/122079