Windows 2003 Active Diretory (iii)--Establish a domain (1)

First, in the planning of 03 network environment, there are "workgroup" and "domain" two choices. Let's look at the following two features:

1. The fragmented network structure-Working group: The general working Group applies to small networks. A workgroup refers to a group of networked computers that share each other's resources, some of which are called Peer-to-peer networks. As you can see, under such a network structure, each computer cannot represent other computers, and can only manage its own resources. The disadvantages are as follows: 1, account management is more troublesome: for example, the network has 5 servers and 30 users, a total of 150 account data will be set up to enable all users to access the resources of each server, in addition, if any one of the changes, you have to modify 5 times to do. 2, to set the security of the computer separately: for example, to limit the user's logon period, you need to set up in front of each server.

2, the centralized network structure-domain: it can be understood that "domain" is to select a computer in the network as a "security control" server-domain controllers, domain controller accounts and security data, all included in the ad database.

Computer roles in the domain

1, domain controller. In fact, the 03 system is installed, and when the ad service is enabled, it becomes a DC, typically the first one. DC main work has: 1, the provision of ad services. 2, storage and replication of the ad database. 3, admin domain activities, including "User Login", "Authentication", and "directory Query" and so on

2, member server. When you install the 03 system, there are no computers installed with AD and domain membership. is a member server, such as file server, Application server AH. Here's the local account for the member server. The local account database is still available on the member server, and users can also log on to the server by using them. However, for domain security management, there are administrative vulnerabilities, so try not to use the local accounts of member servers and only allow domain accounts to log on.

3, workstation. Many people do not understand this, do not know how to understand. This is the workstation where any system is installed and the domain is joined. Users can take advantage of these workstations, access resources in the domain, execute applications, and so on. Also, the workstation is the database that retains the local account, and if the user logs on to the workstation with a local account, it is able to access the native resource, but cannot access resources on the domain.

Third, the establishment of the first domain

If there is no domain at the beginning of the network, the domain that is established is the "root domain"-the first domain of the entire network. Install the ad steps as follows: (actual combat came, hehe)

Open the Configuration Wizard