What is a domain
Domain in English, which is a standalone unit in a Windows network, requires a trust relationship (that is, trusts Relation) for mutual access between domains. Trust relationships are bridges that connect between domains and domains. When a domain establishes a trust relationship with other domains, the 2 domains can not only manage each other as needed, but also distribute device resources such as files and printers across the network, so that network resources can be shared and managed between different domains.
The domain is both the logical organizational unit of the Windows network operating system and the logical organizational unit of the Internet, which is a security boundary in the Windows network operating system. A domain administrator can manage only the internal domain, and unless other domains explicitly give him administrative privileges, he can access or manage other domains, each with its own security policy and its security trust relationship with other domains.
In domain mode, at least one server is responsible for the verification work of each computer and user Tsu into the network, which is the same as a gatekeeper for a unit, known as a "domain controller, abbreviated DC." A domain controller contains a database of information, such as the account, password, and computer belonging to the domain. When the computer is linked to the network, the domain controller first to identify whether this computer belongs to this domain, the user is using the login account exists, the password is correct. If the information above is not correct, then the domain controller will deny the user from logging on to this computer. Unable to log on, the user can not access the server has rights to protect the resources, he can only be a peer user access to Windows shared resources, to some extent, to protect the resources on the network.
Installing the Domain Services role
Install the Windows Server R2 system first.
① on the Windows taskbar, click the System Manager icon;
② in the left menu bar click on "Characters", right click "Add character";
③ Prompt This wizard is to install the role to the server, click "Next";
④ because the Domain Services feature is installed, you only need to select "Active Directory Domain Services" here;
⑤ before installing active Directory Domain Services, you will also need to install the. Net Framework and click on "Add Required features";
⑥ back to select Server role interface, click "Next";
⑦ Display the domain service introduction, click "Next";
⑧ prompt to install two characters, click "Install";
⑨ soon two characters will be installed successfully, click "Close".
Configure Domain Services
After the role is installed, you also need to configure the domain service.
① back to Server Manager, you can see one more active Directory domain service in the Roles menu, with a red fork on the edge. mouse click to open;
② Click "Run active Diectory Domain Services Installation Wizard";
③ display Welcome interface, click "Next";
④ prompts the operating system for compatibility, click "Next";
⑤ Select "Create new domain in New Forest", if you have more than one domain in your network, you can select the option above. Click "Next";
⑥ Enter the name of the domain you want to create, use the. com form, and then click "Next";
⑦ forest functional level remains default, then click "Next";
⑧ domain functional level remains default, then click "Next";
⑨ other domain controller options, default to install the DNS service, click "Next";
⑩ prompt cannot create the DNS server delegation, whether you want to continue, click "Yes" here;
? Displays the database, log files, and SYSVOL installation targets, which remain the default, click "Next";
? Set the directory Service Restore Mode password, this password cannot be the same as administrator, when the domain service problems, enter the Restore mode need to use this password;
? Configure all settings to complete, click "Next";
? You need to wait for a while to configure the domain service.
? Configured, click "Done";
? You need to restart the system for active Directory Domain Services to take effect, and when you restart the login system, you can see that the domain name appears in front of the administrator user name.
Domain Common settings
Now you can configure the domain as needed.
① again into the Server Manager, click on the left menu role, you can see the Active Directory domain service to the left of the Red Fork is missing, click on "Active Directory Domain Services";
② Expand the active Directory Domain Services menu on the left, you can see the generated domain lw.com, and the following organizational structure;
③ the right mouse button on the domain name, select the menu "new"-"organizational unit";
④ Enter the new organizational unit name, name customization, if the domain is understood to be a large company, the organizational unit can be understood as a branch;
⑤ Click the right mouse button on the new organizational unit and select "New"-"group" in the menu;
⑥ Input group name, other default, click "OK";
⑦ Click the right mouse button on the new organizational unit, select the menu "new"-"user";
⑧ Enter user name information, click "Next";
⑨ Enter the password, password to meet the system's setup requirements, such as length, multi-symbol and so on. The default is the next login change password, in order to save trouble, here choose Password Never expires;
⑩ user settings completed, click "Done", will create a user;
? To facilitate the management of multiple users, you can add users to the group, double-click the Fortinet group just established;
? Click on the Members submenu and click "Add";
? Enter the username to be added to the group and click "OK";
? You can see that the user has joined the group, and if you need to join multiple users, you can click Add again. Click "OK" when you are done. Based on the above steps, you can set up multiple groups and users to easily manage users in groups.
View the domain structure
When establishing a firewall connection with a domain server, we need to enter parameters based on the domain structure.
① on the Windows taskbar, click the menu icon, and in the menu, find ADSI Edit under "Administrative Tools";
② Click "Connect to" under Menu "action";
③ the currently logged in domain, click "OK";
④ This allows you to see the entire domain structure.
Windows Server R2 Domain Services installation and configuration