Chapter 2 configuration and management of Domain Controllers
3.1 Introduction to Domain Controller
The domain controller contains a database composed of the Account, password, and computer information of the domain. It manages the entire Windows domain and all computers in the domain. Configure Domain Controller
It facilitates centralized Configuration Management for users in the domain and provides security protection for network shared resources. Therefore, configuring the domain controller is an important part of Windows Server 2003 Server Security Configuration.
Windows Server 2003 domain controller is closely related to active directory. To configure and manage domain controllers, you must first understand several concepts related to domain controllers.
1. Domain
To understand the domain controller, you must first understand the domain. Basic Unit of Windows Server 2003 domain model and Windows 2000
Server. In active
In directory, each Domain Name System (DNS) identifies a domain, and each domain is managed by one or more domain controllers. For example, if the domain name is "myzyy.com", you must have one
Server with domain controller function.
The role of the domain is as follows.
You can use a domain account to log on to any host in the domain.
You can log on with a domain account to access all authorized resources in the domain.
System Administrators in this domain can assign authorized domain accounts to improve system security and facilitate centralized management of accounts.
The first domain created by Windows Server 2003 is called the root domain. It is the root domain of all other domains in the domain tree. For example, a domain such as 163.com or Sina.com is the root domain. The domain is closely related to the domain level of DNS and is similar to that of DNS.
Description |
A domain is a logical unit in a network. The domain is divided into the root domain and subdomain. The domain created on the basis of the Windows Server 2003 root domain is called the subdomain of the root domain. |
2. Tree
The tree, also known as the domain tree, is a Windows Server
2003. A subdomain is associated with its root domain to form a domain tree. The appearance of the domain tree is similar to that of an inverted tree (where the root domain is located at the top), and the branches (subdomains) are expanded below. For example, a hospital named
The DNS domain of myzyy.com, and the hospital may have multiple internal logic departments, such as outpatient, hospitalization, administration, logistics and other departments. In this case, the composition of the domain tree is 3-1.
|
Figure 3-1 Composition of the domain tree |
3. Lin
Multiple Domain trees form an discontinuous namespace called a forest. For example, a hospital has three root domains: ykzyy.com, jgyy.com, and myzyy.com. These root domains are the domain trees of their branches. The branches themselves are an entity, and the domain structures of these entities are combined to form a forest.
The role of Lin is as follows.
Users in one domain tree in the forest can access resources in another domain tree in the forest.
All member domains in the forest can share information.
Managers can make full use of information resources in the forest.
4. Active Directory
Active Directory is a directory service that stores network object information. It is a Windows Server
2003. Use active
Directory can organize various resources in the network, such as users, groups, computers, printers, and sharing, and perform centralized management to facilitate searching and using network resources.
5. Domain Controller
Domain Controller (DC) is a management computer in the domain. The domain controller uses "active"
Directory Installation Wizard "create. While creating the first domain controller in the network, the first domain, the first forest, and the first site are also created, and active
Directory. On Windows Server
2003, all domain controllers in the domain are equal, and the master Domain Controller and backup domain controller are no longer distinguished. Active
Directory adopts the multi-master replication mode. Windows Server 2003 is automatically compared to active during replication
The old version of directory.
When a computer is connected to the network, the domain controller first needs to identify whether the computer belongs to this domain, whether the user's Logon account exists, and whether the password is correct. If the above information is incorrect, then the domain
The Controller rejects the user from logging on to the computer. If you cannot log on, you will not be able to access resources that are protected by permissions on the server. You can only access resources shared by windows in the same way as an Internet user.
In this way, resources on the network are protected to a certain extent.
[Responsible editor: xia shu Tel :( 010) 68476606]