Windows Network Services Architecture Series Course details (vii) multi-zone access to Windows domain environment

Experimental background:

If a company does not have a branch office, in a single domain environment can achieve most of the user needs; however, when the company's scale is more and more, in many regions have set up their own branch offices, user accounts and a variety of resources, different sub-general division of the user's requirements are not the same (such as password policy, access rights settings, etc.) , a large number of Active Directory to the management caused a certain amount of trouble, duplication between domains and so on, and the company needs unified management, which in a single domain environment is difficult to complete, maintenance is also quite difficult. Therefore, the multi-domain environment will come into being, large enterprises through a number of regions to manage the internal users and resources, and the relationship between the various regions and subordinate, the relationship between the Head Office and branch Office, which is more conducive to the level of planning and management, thereby improving the overall office efficiency. Between the head office and the branch office through the establishment of root trust or parent-child trust relationship, one-way or two-way network resources exchange visits, between the two companies through the establishment of external distrust or forest trust to carry out one-way or two-way network resources exchange, and finally achieve a number of enterprises in the network interconnection and resource sharing.

Experimental purposes:

1, understand the relationship between the superior and subordinate regions

2, master the forest, domain tree and child domain deployment process

3, master the trust relationship in the forest (parent-child trust and Root trust)

4, master the trust between the forest (external trust and Forest trust)

5, grasps the AGDLP rule, and uses its rule to carry on the interregional resources visit

Experimental environment:

The experiment builds two separate forests (two independent companies), one of which has a domain tree (also known as a forest) in one of the forests (Enterprise-1). It is composed of root domain and child domain, mutual exchange between root domain and subdomain through parent-child trust, and two domain tree (also called a forest) in another forest (Enterprise-2). The domain tree is exchanged for mutual visits through root trusts; another two forests (Enterprise-1 and Enterprise-2) Exchange visits through external trusts or forest trusts.

Experiment Network topology: