Multi-domain Management
I. For the independent management scope, establish the parent-child domain architecture, the Authority division, the continuous namespace;
Two. group in the local domain: Members from the entire forest, subordinate to the local territory;
Global group: Members are from the local domain and belong to the entire forest;
Deploying subdomains
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M02/83/04/wKiom1doymrxxrQeAAD-xXTMAmY713.jpg "title=" 2.jpg " alt= "Wkiom1doymrxxrqeaad-xxtmamy713.jpg"/>
DNS delegation warning is not prompted here because the parent domain contoso.com is present
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/83/04/wKiom1doyxSxvnBwAADTAGq5kbk236.jpg "title=" 3.jpg " alt= "Wkiom1doyxsxvnbwaadtagq5kbk236.jpg"/>
You can see the installation subdomain process from the Deployment Wizard
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M00/83/04/wKiom1doy9PhoNpKAAEDosbghjc747.jpg "title=" 4.jpg " alt= "Wkiom1doy9phonpkaaedosbghjc747.jpg"/>
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/83/03/wKioL1doy8LSzX8DAAECCY-brvg097.jpg "title=" 5.jpg " alt= "Wkiol1doy8lszx8daaeccy-brvg097.jpg"/>
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/83/04/wKiom1doy-uA3eC6AAEZ8JgFcDE929.jpg "title=" 6.jpg " alt= "Wkiom1doy-ua3ec6aaez8jgfcde929.jpg"/>
Log on with the administrator of the subdomain
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M02/83/03/wKioL1dozQ7gYz0mAACREKnLfxw989.jpg "title=" 7.jpg " alt= "Wkiol1dozq7gyz0maacreknlfxw989.jpg"/>
After the subdomain is established, open the DNS manager and you can see the new support name Resolver, delegating DC05 resolution in support when the user of the parent domain accesses the resources of the subdomain
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/83/04/wKioL1do0Z2w1asFAAF8CCacSow982.jpg "title=" 8.jpg " alt= "Wkiol1do0z2w1asfaaf8ccacsow982.jpg"/>
If you have a separate brand branch, we can create a tree domain
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/83/04/wKiom1doyl_D8qQ_AAD-Al168As241.jpg "title=" 1.jpg " alt= "Wkiom1doyl_d8qq_aad-al168as241.jpg"/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/83/06/wKiom1do21Pxn0euAACKecf5Fr4912.jpg "title=" 9.jpg " alt= "Wkiom1do21pxn0euaackecf5fr4912.jpg"/>
When we have completed the creation of the stand-alone management scope tree domain, the computer of the tree domain can access the computer of the headquarters root domain and its subdomains, and the computer that accesses the tree domain from the headquarters root domain needs to make a forwarder
In the Headquarters root domain DC01 can parse the subdomain, cannot parse the tree domain demo.com
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/83/05/wKioL1do20KwDy10AAGXr2Koy-8510.jpg "title=" 10.jpg "alt=" Wkiol1do20kwdy10aagxr2koy-8510.jpg "/>s
In the tree domain, the root domain and its subdomains can be resolved
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/83/06/wKiom1do3G-TKRvHAAFBQLYRkw4044.jpg "title=" 11.jpg "alt=" Wkiom1do3g-tkrvhaafbqlyrkw4044.jpg "/>
Because the DNS manager for the tree domain has already added forwarders by default
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M02/83/05/wKioL1do3ObgFYBrAAGBSV9cjtw407.jpg "title=" 12.jpg "alt=" Wkiol1do3obgfybraagbsv9cjtw407.jpg "/>
We can add conditional forwarders to complete root domain parsing of the tree domain
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M02/83/07/wKiom1do7KTBcL4wAAD73XoyDIs809.jpg "title=" 13.jpg "alt=" Wkiom1do7ktbcl4waad73xoydis809.jpg "/>
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/83/06/wKioL1do7ZGTVWlHAACruNuCXwE713.jpg "style=" float: none; "title=" 14.jpg "alt=" Wkiol1do7zgtvwlhaacrunucxwe713.jpg "/>
Parse success
650) this.width=650; "src=" http://s1.51cto.com/wyfs02/M01/83/07/wKiom1do7ZHx6vNvAACWTkj_2dM103.jpg "style=" float: none; "title=" 15.jpg "alt=" Wkiom1do7zhx6vnvaacwtkj_2dm103.jpg "/>
Another thing to note is that the administrator of the headquarters root domain belongs to the Enterprise Admins group, which can log into the DC server in any domain
650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/83/07/wKiom1do7xqAI0ZvAAIbKsPMvNg941.jpg "style=" float: none; "title=" 16.jpg "alt=" Wkiom1do7xqai0zvaaibkspmvng941.jpg "/>
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M02/83/06/wKioL1do8CmD27fyAAK0rUCdDJI023.jpg "style=" float: none; "title=" 18.jpg "alt=" Wkiol1do8cmd27fyaak0rucddji023.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/83/07/wKiom1do8CqCvI1IAAKWo2HAnHs289.jpg "style=" float: none; "title=" 19.jpg "alt=" Wkiom1do8cqcvi1iaakwo2hanhs289.jpg "/>
Administrators of subdomains or tree domains can only log on to DCs within their own domain
650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M00/83/07/wKiom1do8Gvw5f6wAAJQTo0pPDk303.jpg "title=" 20.jpg "alt=" Wkiom1do8gvw5f6waajqto0ppdk303.jpg "/>
This article from "Johnlu Microsoft technology Blog" blog, declined reprint!
Learning summary-active Directory Domain Services Management 08-multi-domain management