Installing and joining clients based on Windows R2 domain control
Experimental objectives:
1, the installation of DNS
2, domain-controlled installation
3. Join the Client
Experimental Purpose:
1. Understand what a domain environment is
2. Familiar with how domain controllers work
Experimental topology:
650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" image "src=" Http://img1.51cto.com/attachment/201408/9/1952910_1407597548E3lT.png " "674" height= "206"/>
Experimental steps:
First, the installation of DNS
A Configuration of domain-controlled network properties
As a domain control server, the IP address must be static manual configuration, absolutely not DHCP automatic acquisition, because the DHCP automatically obtain the IP address is not fixed, often change, so that the following clients have a great impact on the client is not able to work properly, do not need to configure the default gateway But DNS must be configured correctly (DNS server can be a domain control native or another server, this experiment because of the limitations of the notebook computer itself, so the use of the domain control native), because the Active Directory of the work is closely dependent on the DNS service,
650) this.width=650; "title=" clip_image004 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image004 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597556cbye.jpg "" 580 "height=" 441 "/>
Because the Windows R2 default firewall configuration is filtered based on the type of connection network, it is a good idea to change the "public network" of its network type to "private network" through "Network and Sharing Center" with the default identity.
650) this.width=650; "title=" clip_image006 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image006 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 14075975598gmy.jpg "" 576 "height="/>
Before the change
650) this.width=650; "title=" clip_image008 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image008 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597562ox1t.jpg "" 591 "height=" 222 "/>
After the change
Of course, in addition, but also to modify the computer name, because if after the installation of domain control, and then to modify the will appear a lot of strange problems, we recommend that you do not try, really helpless
650) this.width=650; "title=" clip_image010 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image010 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597566dzu7.jpg "" "height=" 438 "/>
Modify Computer Name
650) this.width=650; "title=" clip_image012 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image012 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597568j9za.jpg "" 435 "height=" 166 "/>
Note: After you modify the host name, you must restart your computer to take effect.
B Installation of DNS
Windows R2 is slightly different from Windows 2003 for the installation of DNS services and can be done with the "Server Management" role added to prepare for initialization
650) this.width=650; "title=" clip_image014 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image014 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597572x9kd.jpg "" 604 "height="/>
650) this.width=650; "title=" clip_image016 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image016 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 14075975808qix.jpg "" 606 "height=" 445 "/>
650) this.width=650; "title=" clip_image018 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image018 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597588geup.jpg "" 604 "height=" 433 "/>
650) this.width=650; "title=" clip_image020 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image020 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597593hsaw.jpg "" 607 "height=" 451 "/>
650) this.width=650; "title=" clip_image022 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image022 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597596vcme.jpg "" 610 "height=" 453 "/>
650) this.width=650; "title=" clip_image024 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image024 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597600ldz8.jpg "" 613 "height=" 456 "/>
650) this.width=650; "title=" clip_image026 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image026 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597608mqj3.jpg "" 617 "height=" 456 "/>
Installation is complete.
Second, the installation of the domain control
650) this.width=650; "title=" clip_image028 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image028 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597611gxwo.jpg "" 598 "height=" 445 "/>
650) this.width=650; "title=" clip_image030 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image030 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597617lwrj.jpg "" 603 "height=" 291 "/>
Requires the installation of the ". NET Framework 3.5.1 Feature" because ad must support this feature on window R2
650) this.width=650; "title=" clip_image032 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image032 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597622xyr1.jpg "" 594 "height=" 439 "/>
In the Active Directory Domain Services dialog box, the wizard gives you a four-point note on the tasks that you should perform before and after you install AD and the services that your ad needs.
650) this.width=650; "title=" clip_image034 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image034 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597632i0qc.jpg "" "height=" 444 "/>
Next
650) this.width=650; "title=" clip_image036 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image036 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597637ikfs.jpg "" 601 "height=" 442 "/>
Installation .....
650) this.width=650; "title=" clip_image038 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image038 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597641v9uk.jpg "" 619 "height=" 458 "/>
650) this.width=650; "title=" clip_image040 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image040 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597648aixg.jpg "" 626 "height=" 463 "/>
When the Install Results dialog box appears, if there are no errors, it proves that the ad installation is complete, but because the computer is not fully functional, you are prompted to enable the Ad Setup Wizard (Dcpromo.exe) to complete the installation. You can click "Close this wizard and start Active Directory Domain Services Setup wizard (Dcpromo.exe)" To enter the installation Wizard or click the "Close" button to manually open the Ad Installation Wizard.
Third, complete the installation of the Ad Server
1. You need to run the AD Domain Server Setup Wizard to complete the deployment of this server, so enter "Dcpromo" in the "Run" dialog box and click "OK" to start the wizard
650) this.width=650; "title=" clip_image042 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image042 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597695infy.jpg "" 530 "height=" 298 "/>
2. After the system is automatically detected, the Ad Installation Wizard Welcome screen appears. You can choose to use Standard or Advanced mode for installation in this dialog box. For advanced mode is provided to experienced users to have more control over the installation process.
650) this.width=650; "title=" clip_image044 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image044 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 140759770528yb.jpg "" 542 "height=" 477 "/>
650) this.width=650; "title=" clip_image046 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image046 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597715flkq.jpg "" 569 "height=" 498 "/>
3. Because the purpose is to subordinate the first DC in the enterprise, you should select Create new domain in New forest here. Because you need administrator permissions to create a new forest, you must be a member of the server local administrative group on which you are installing AD.
650) this.width=650; "title=" clip_image048 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image048 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597722lsak.jpg "" 565 "height=" 497 "/>
4. Naming the root domain of a domain forest requires a complete plan for the DNS infrastructure before. You must understand the full DNS name of the forest. You can install the DNS Server service before you install AD, or choose to have the Ad Setup wizard install the DNS Server service as in this instance
To have the AD Wizard install the DNS Server service, the NetBIOS name will be automatically generated using the DNS name here called the first domain in the forest. Click Next and the wizard verifies that the DNS name and NetBIOS name are unique across the network.
650) this.width=650; "title=" clip_image050 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image050 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597728tc6p.jpg "" 528 "height=" 462 "/>
5. Set the forest functional level, which determines the ability to enable ad in a domain or forest, and also limits the version of Windows servers that can run on DCs in a domain or domain forest. However, the functional level does not affect the operating system that is running on workstations and member servers that are connected to a domain or domain forest.
650) this.width=650; "title=" clip_image052 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image052 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 14075977373cs0.jpg "" 522 "height=" 455 "/>
Special attention:
After you set the domain functional level to a specific value, you cannot roll back or lower the domain functional level, except when you raise the domain functional level to win08r2 and the forest functional level is WIN08 or lower, you can roll back the domain functional level to WIN08 and only drop it from win08r2 to WIN08 , and you cannot roll it back directly to WIN03. After you set the forest functional level to a value, you cannot roll back or reduce the forest functional level, with one exception: When you raise the forest functional level to WIN08R2 and the ad Recycle Bin is not enabled, you have the option of rolling back the forest functional level to WIN08. It can only be dropped from win08r2 to WIN08, and cannot be rolled back directly to WIN03.
650) this.width=650; "title=" clip_image054 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image054 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597742ua8l.jpg "" 526 "height=" 461 "/>
It is important to note that:
If the DNS service is installed before the Ad Installation Wizard is started, but ad does not have a DNS infrastructure, the DNS service will continue to resolve the name for any file-based zone it hosts, but it will not host any ad-integrated DNS zones that are part of the domain that the domain controller resides in.
650) this.width=650; "title=" clip_image056 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image056 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597746uabe.jpg "" 518 "height=" 255 "/>
5. This dialog box appears because the DNS server option was selected when the other server was configured, and the current computer did not find the authoritative parent domain Windows DNS server for the specified domain to determine whether delegation to the specified domain was caused.
650) this.width=650; "title=" clip_image058 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image058 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597752o8fo.jpg "" 244 "height=" 214 "/>
6. Determine the location of the ad database, log files, and SYSVOL placement (19). For a database, it primarily stores information about users, computers, and other objects on the network; Log files record activities related to AD; Sysvol stores Group Policy objects and scripts, which by default are part of the operating system files that are located in the%windir% directory.
7. The wizard requires that you enter the administrator password for directory Restore Mode (20). Directory Service Restore Mode (DSRM) password is required to log on to a domain controller when AD is not running
Attention:
DSRM The password differs from the password for the domain administrator account.
650) this.width=650; "title=" clip_image060 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image060 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597759atf2.jpg "" 489 "height=" 428 "/>
Password: OOoo00))
650) this.width=650; "title=" clip_image062 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image062 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597767seub.jpg "" 475 "height=" 416 "/>
After the installation is complete, restart the server.
650) this.width=650; "title=" clip_image064 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image064 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 14075977723fd9.jpg "" 474 "height=" 313 "/>
After rebooting, enter the login screen
650) this.width=650; "title=" clip_image066 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image066 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597776btjk.jpg "" 513 "height=" 352 "/>
650) this.width=650; "title=" clip_image068 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image068 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597783gil5.jpg "" 517 "height="/>
650) this.width=650; "title=" clip_image070 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image070 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597788piye.jpg "" 520 "height="/>
650) this.width=650; "title=" clip_image072 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image072 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597791v0y1.jpg "" 540 "height=" 183 "/>
Iv. joining the client
Settings for client Network properties
650) this.width=650; "title=" clip_image074 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image074 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597799q68b.jpg "" 465 "height=" 425 "/>
Ensure that the client can communicate with the domain control
650) this.width=650; "title=" clip_image076 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image076 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597804q95q.jpg "" 480 "height=" 268 "/>
Join to Domain
650) this.width=650; "title=" clip_image078 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image078 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597811eo1t.jpg "" 518 "height=" 383 "/>
Successfully joined
650) this.width=650; "title=" clip_image080 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image080 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597819jgc5.jpg "" 501 "height=" 346 "/>
You must restart your computer
650) this.width=650; "title=" clip_image082 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image082 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597868m6ac.jpg "" 503 "height=" 324 "/>
After rebooting, enter the login screen
650) this.width=650; "title=" clip_image084 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image084 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597873qaaf.jpg "" 491 "height=" 339 "/>
For the sake of completeness, it is best to change the password
650) this.width=650; "title=" clip_image086 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image086 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597876qppq.jpg "" 456 "height=" 207 "/>
Password modified to: aaaa11!
650) this.width=650; "title=" clip_image088 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image088 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597881lggn.jpg "" 524 "height=" 364 "/>
Remember the password, the next time you log in with the new password login system
650) this.width=650; "title=" clip_image090 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image090 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597888nepd.jpg "" 575 "height=" 397 "/>
Go to System desktop
650) this.width=650; "title=" clip_image092 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image092 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597895amy1.jpg "" 573 "height=" 362 "/>
650) this.width=650; "title=" clip_image094 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image094 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597900wcz5.jpg "" 566 "height=" 426 "/>
Determine that you can ping the domain control
650) this.width=650; "title=" clip_image096 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image096 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597911us7n.jpg "" 704 "height=" 348 "/>
Determine that the client can be ping
650) this.width=650; "title=" clip_image098 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image098 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597918gbjm.jpg "" 702 "height=" 295 "/>
View DNS Records
650) this.width=650; "title=" clip_image100 "style=" border-top:0px; border-right:0px; border-bottom:0px; border-left:0px; Display:inline "border=" 0 "alt=" clip_image100 "src=" http://img1.51cto.com/attachment/201408/9/1952910_ 1407597932r82x.jpg "" 720 "height=" 296 "/>
To this end, the experiment was completed successfully.
Experiment Summary:
By doing this experiment, let me have a more in-depth understanding of domain control, domain environment, in fact, this is a process of making perfect, each experiment to do a 3 or 4 times, it is not easy to forget
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
