Windows Server 2012 Active Directory Basic Configuration and application (Novice Tutorial) 8---Create a second DC

Source: Internet
Author: User

Case Introduction: Why do I need more than one DC?

1. Select a domain account to log on to client win 7 and remember the user name;

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/8A/45/wKioL1gsUHaCPAspAAAyLWDFsOI073.jpg-wh_500x0-wm_3 -wmp_4-s_1017797234.jpg "title=" 8-1.jpg "alt=" Wkiol1gsuhacpaspaaaylwdfsoi073.jpg-wh_50 "/>

2. Modify the user's password on the DC ;

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8A/48/wKiom1gsUJ3Afpe8AADCUlUrecM935.jpg-wh_500x0-wm_3 -wmp_4-s_3387930128.jpg "title=" 8-2.jpg "alt=" Wkiom1gsuj3afpe8aadculurecm935.jpg-wh_50 "/>


3. Create a new test user on the DC ;


4. Close the DC;


5. Log out of the first step of the account, change to use the new user account login, check whether you can log in. (The Welcome screen is displayed for a long time, and the following screen appears)

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/8A/45/wKioL1gsUM7RR9b6AAAl70_yQ4M472.jpg-wh_500x0-wm_3 -wmp_4-s_3237322629.jpg "title=" 8-3.jpg "alt=" Wkiol1gsum7rr9b6aaal70_yq4m472.jpg-wh_50 "/>

6. re-use the user account that was previously logged on in win 7 (that is, the account used in the first step) to log in, using the new password, the old password, check the login interface as follows;

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/8A/48/wKiom1gsUOrwl6s6AAAjzU_C03g134.jpg-wh_500x0-wm_3 -wmp_4-s_2058042121.jpg "title=" 8-4.jpg "alt=" Wkiom1gsuorwl6s6aaajzu_c03g134.jpg-wh_50 "/>

(with new password)

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8A/48/wKiom1gsUQ6za9_HAAAqIoIsHbc342.jpg-wh_500x0-wm_3 -wmp_4-s_102064015.jpg "title=" 8-5.jpg "alt=" Wkiom1gsuq6za9_haaaqioishbc342.jpg-wh_50 "/>

(Use old password)


by the above 6 step, the following conclusions:

( 1 ) domain user login, need to go through DC "Consent" (authentication), that is, the identity information of the domain user is stored in the DC In the Active Directory database on the

( 2 Domain users log on to the client and leave a cache of login credentials on the client. By the above conclusion, consider: if The DC is closed, users will not be able to log on to the domain environment. Therefore, in order to ensure the reliability of the network, what should be done?

Task: Configure the second set for the created domain DC .

1. Copy the virtual machine 's WIN . template from the file server to the Learning number folder. After the copy is complete, open this new win2012and modify its sid (Baidu what is Sid?). And when the SID needs to be modified).

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8A/48/wKiom1gsUVLj5oEaAABU1H9m1oA172.jpg-wh_500x0-wm_3 -wmp_4-s_3222679184.jpg "title=" 8-6.jpg "alt=" Wkiom1gsuvlj5oeaaabu1h9m1oa172.jpg-wh_50 "/>

2. start DC-1. Check DC1 network parameter settings, and open the DNS Console, check the properties, data, and so on for the two forward lookup zones.

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8A/45/wKioL1gsUXnjFhCUAAD4gbbUR2U711.jpg-wh_500x0-wm_3 -wmp_4-s_3256463405.jpg "title=" 8-7.jpg "alt=" Wkiol1gsuxnjfhcuaad4gbbur2u711.jpg-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8A/45/wKioL1gsUZbhr3bMAACiIkiOgkE513.jpg-wh_500x0-wm_3 -wmp_4-s_3801184622.jpg "title=" 8-8.jpg "alt=" Wkiol1gsuzbhr3bmaaciikiogke513.jpg-wh_50 "/>

(shows a DC and the host record of the client)

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8A/45/wKioL1gsUmCRLEL8AACYyhV-lxM495.jpg-wh_500x0-wm_3 -wmp_4-s_838226801.jpg "title=" 8-9.jpg "alt=" Wkiol1gsumcrlel8aacyyhv-lxm495.jpg-wh_50 "/>

(the type of the zone is AD integration, and allow replication)

3.ModifyDC-2of theIPaddress and preferredDNSaddress. The first in the domain is modeledDCthe network parameter settings. BecauseADmust haveDNSthe support, so modeledDC1, inDC2also installed on theDNSand theAD. The difference is:DC2on theDNSand theADthe data in theDC1copied over, do not need to create manually. (Preferred and alternateDNS's settings)

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8A/45/wKioL1gsUoHQDuGkAACwF2cgWdU718.jpg-wh_500x0-wm_3 -wmp_4-s_3609574687.jpg "title=" 8-10.jpg "alt=" Wkiol1gsuohqdugkaacwf2cgwdu718.jpg-wh_50 "/>

4. Create an additional DCon the DC2 :

Add the Active Directory role through the Role Add Wizard . Until you see the following screen.

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/8A/49/wKiom1gsUqKDYepdAABdGdRbeWM626.jpg-wh_500x0-wm_3 -wmp_4-s_1649242122.jpg "title=" 8-11.jpg "alt=" Wkiom1gsuqkdyepdaabdgdrbewm626.jpg-wh_50 "/>

Select promote as a domain controller, select the deployment type and credentials:

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8A/49/wKiom1gsUsDhnvbvAABreYRVZzk740.jpg-wh_500x0-wm_3 -wmp_4-s_3752807503.jpg "title=" 8-12.jpg "alt=" Wkiom1gsusdhnvbvaabreyrvzzk740.jpg-wh_50 "/>

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/8A/45/wKioL1gsUuDT83OLAABH9nlDjhI694.jpg-wh_500x0-wm_3 -wmp_4-s_299028484.jpg "title=" 8-13.jpg "alt=" Wkiol1gsuudt83olaabh9nldjhi694.jpg-wh_50 "/>

Tick DNS and global catalogs, do not tick RODC . After setting the Restore Mode password, continue to the next step, keeping the default settings ( production environment recommended modifications section settings!!) ) until the installation begins.

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/8A/45/wKioL1gsUv-zxYEtAABozbMFQnc978.jpg-wh_500x0-wm_3 -wmp_4-s_2118208096.jpg "title=" 8-14.jpg "alt=" Wkiol1gsuv-zxyetaabozbmfqnc978.jpg-wh_50 "/>

5. after restarting, check The configuration of the DC2:AD and DNS

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8A/49/wKiom1gsUx6gjaNGAAC1m5anSA8930.jpg-wh_500x0-wm_3 -wmp_4-s_556359603.jpg "title=" 8-15.jpg "alt=" Wkiom1gsux6gjangaac1m5ansa8930.jpg-wh_50 "/>

After completion, the test is divided into the following steps:

in the DC1 on a OU under Create a new user,

** Check that the user is DC2 of the AD whether it appears in the user and Computer Management console.

in the DC2 on a OU under Create a new user,

** Check that the user is DC1 of the AD whether it appears in the user and Computer Management console.

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/8A/45/wKioL1gsUz-SaIV4AABDIOwl9bw015.jpg-wh_500x0-wm_3 -wmp_4-s_2496306407.jpg "title=" 8-16.jpg "alt=" Wkiol1gsuz-saiv4aabdiowl9bw015.jpg-wh_50 "/>

the above process is mainly to verify DC Synchronization , and the difference in sync time (with DC related to the refresh time, which involves Group Policy).

6.Check which host the client authenticates from. Open ClientWin 7, log in with an account in the domain. When you go to the desktop, you cancmdprompt, through theEcho%logonserver%"To see where the current user isDClog in to the domain. As shown, the current userUser1is throughDC2logged in. (If you can't rememberDCmay be referred to by the precedingDNSCheck the host name for the records in the server)

650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/8A/45/wKioL1gsU2Cz_eClAAAQkkvcDAk753.jpg "title=" 8-17. JPG "alt=" wkiol1gsu2cz_eclaaaqkkvcdak753.jpg "/>


This article from "Network Snail" blog, declined reprint!

Windows Server 2012 Active Directory Basic Configuration and application (Novice Tutorial) 8---Create a second DC

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.