Windows Server 2008 forest root domain DC deployment

Source: Internet
Author: User

Experimental background: In the daily production of the enterprise, a server is usually deployed as a domain controller, and the clients of each department are joined to a domain, which facilitates unified management and maintenance. and to achieve Remote Desktop synchronization, the file is placed on the server side, from any client through authentication access and operation. Nonsense not much to say, directly on the experiment.

Take an experimental topology diagram, with the Cisco Simulator's Ha, and by the way familiar dot Cisco stuff

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-OTiAJfgAACJ8QhSKyg615.jpg "style=" float: none; "title=" 1.png "alt=" Wkiol1qp-otiajfgaacj8qhskyg615.jpg "/>

on the same internal LAN, there is a server, we will deploy the domain controller on the above, and pc0 and pc1 into the domain, on the server side will realize the unified management of the two hosts

Experimental requirements:

Server Server-1,ip:10.0.0.1 netmask:255.0.0.0 gateway:10.0.0.254 dns:10.0.0.1

Client Client1 ip:10.0.0.2 netmask=255.0.0.0 gateway=10.0.0.254 dns=10.0.0.1

Client Client2 ip=10.0.0.3 netmask=255.0.0.0 gateway=10.0.0.254 dns=10.0.0.1

Experimental process:

Configure the server IP, set this server as a DNS server,DNS points to itself, change the computer name to server-1, restart theserver

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-OSwfSP9AAIgXbbFh9g076.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1qp-oswfsp9aaigxbbfh9g076.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-NfDix52AAH2glCf6m4104.jpg "style=" float: none; "title=" 3.png "alt=" Wkiom1qp-nfdix52aah2glcf6m4104.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-NeQwPqWAAGpE_QQLgE471.jpg "style=" float: none; "title=" 4.png "alt=" Wkiom1qp-neqwpqwaagpe_qqlge471.jpg "/>

Start ---- Run Enter dcpromo to open the DC Deployment Wizard

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-OWBc3aCAAGENERiUeg958.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1qp-owbc3acaageneriueg958.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-Njg6EK8AACi5GeueRo979.jpg "style=" float: none; "title=" 6.png "alt=" Wkiom1qp-njg6ek8aaci5geuero979.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-OXxAeE3AAIYzZ5NXeQ311.jpg "style=" float: none; "title=" 7.png "alt=" Wkiol1qp-oxxaee3aaiyzz5nxeq311.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-NiAlisYAAFjIBXZUFQ509.jpg "style=" float: none; "title=" 8.png "alt=" Wkiom1qp-nialisyaafjibxzufq509.jpg "/>

Select Create new domain in New forest, because we do not have a domain now, if the company headquarters has, you can select an existing forest, you can directly join the headquarters of the domain

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-OXClFYkAAE5-vj_9Ic847.jpg "style=" float: none; "title=" 9.png "alt=" Wkiol1qp-oxclfykaae5-vj_9ic847.jpg "/>

Specify forest root domain as ws.com

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-RfCxaYJAAHTMyabs3U450.jpg "style=" float: none; "title=" 10.png "alt=" Wkiom1qp-rfcxayjaahtmyabs3u450.jpg "/>

Specifies the functional level of the forest.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-SSSqkvnAAGFi8p7Emk027.jpg "style=" float: none; "title=" 11.png "alt=" Wkiol1qp-sssqkvnaagfi8p7emk027.jpg "/>

to Select the DNS server to install the DNS server, we are not installing now, so below he will prompt, choose Yes

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-SXxlNdSAAEQ8URXxds409.jpg "style=" float: none; "title=" 12.png "alt=" Wkiol1qp-sxxlndsaaeq8urxxds409.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-RfhDFp1AAHlVkwTz0Q676.jpg "style=" float: none; "title=" 13.png "alt=" Wkiom1qp-rfhdfp1aahlvkwtz0q676.jpg "/>

Specify Active Directory database files, log files, and SYSVOL folder storage path. This contains the database information, if the server is damaged, you can recover data through the file, including the user name and password files, it is important!!

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-SXQ2L9mAAGe01tJ-ow624.jpg "style=" float: none; "title=" 14.png "alt=" Wkiol1qp-sxq2l9maage01tj-ow624.jpg "/>

set up Active Directory DSRM mode password, used to repair the database, note the password is complex

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-RjxYGlzAAH8zi4FxnA744.jpg "style=" float: none; "title=" 15.png "alt=" Wkiom1qp-rjxyglzaah8zi4fxna744.jpg "/>

Installation Summary, direct next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-RjjDD4uAADmL70EtcQ177.jpg "style=" float: none; "title=" 16.png "alt=" Wkiom1qp-rjjdd4uaadml70etcq177.jpg "/>

Tick the reboot after completion, is the configuration to take effect

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-SWiaDVuAAG_DTtJXjw518.jpg "style=" float: none; "title=" 17.png "alt=" Wkiol1qp-swiadvuaag_dttjxjw518.jpg "/>

You will be prompted to change your password. Requirements Meet complexity

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-RjCp8n9AAEMMPuuQKU879.jpg "style=" float: none; "title=" 18.png "alt=" Wkiom1qp-rjcp8n9aaemmpuuqku879.jpg "/>

at this point, we look at the system properties and we can see server-1 The server has been configured as a domain controller, hehe

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-YTTp8bYAALRsODmqeI144.jpg "style=" float: none; "title=" 19.png "alt=" Wkiol1qp-yttp8byaalrsodmqei144.jpg "/>

In the administration tool, we can see some of the domain Active Directory related components

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-XfzlAeZAARxjpNUHZk131.jpg "style=" float: none; "title=" 20.png "alt=" Wkiom1qp-xfzlaezaarxjpnuhzk131.jpg "/>

Open DNS Management Console, locate the forward lookup zone that is already configured as ActiveDirectory integrated area type, abbreviation AD , only security updates

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-YTz6uPcAALtrufOCpg080.jpg "style=" float: none; "title=" 21.png "alt=" Wkiol1qp-ytz6upcaaltrufocpg080.jpg "/>

in the DNS automatically registered on the server _msdcs.ws.com area, which contains the SRV Record

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-YTg2CS4AAL0OyAhyWg943.jpg "style=" float: none; "title=" 22.png "alt=" Wkiol1qp-ytg2cs4aal0oyahywg943.jpg "/>

Configure DNS Reverse Lookup Zones

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-Xfi7cSaAAKw4SXYyJk034.jpg "style=" float: none; "title=" 23.png "alt=" Wkiom1qp-xfi7csaaakw4sxyyjk034.jpg "/>

area type main area, tick Storage in AD

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-XfwwbuZAAKup8OYQP4803.jpg "style=" float: none; "title=" 24.png "alt=" Wkiom1qp-xfwwbuzaakup8oyqp4803.jpg "/>

Create IPv4 Reverse lookup zone, allow only security updates

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-YXBrt7VAANqVixUtMM119.jpg "style=" float: none; "title=" 25.png "alt=" Wkiol1qp-yxbrt7vaanqvixutmm119.jpg "/>

Add server-1 of the server host PTR Pointers

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-YXQFasuAAMCpnBW3sw027.jpg "style=" float: none; "title=" 26.png "alt=" Wkiol1qp-yxqfasuaamcpnbw3sw027.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-bqDvRI5AAJ8bg54y5w721.jpg "style=" float: none; "title=" 27.png "alt=" Wkiol1qp-bqdvri5aaj8bg54y5w721.jpg "/>

Open AD User and Computer Management console, view domain Controller organizational unit,server-1 for domain controller type is GC


The following client joins the domain, configures the IP, and tests the communication

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-a3BXAI_AARbhm4v2vo726.jpg "style=" float: none; "title=" 28.png "alt=" Wkiom1qp-a3bxai_aarbhm4v2vo726.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-buynrVeAANQIxGgHyY918.jpg "style=" float: none; "title=" 29.png "alt=" Wkiol1qp-buynrveaanqixgghyy918.jpg "/>

Next, set the system properties, define the domain name suffix, for the administrator account to subordinate the host to the ws.com domain

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-a6hjrRoAATaQwyksXg789.jpg "style=" float: none; "title=" 30.png "alt=" Wkiom1qp-a6hjrroaataqwyksxg789.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-byQmE4dAAP3WIV3aqE978.jpg "style=" float: none; "title=" 31.png "alt=" Wkiol1qp-byqme4daap3wiv3aqe978.jpg "/>

after DC Authentication, client01 client successfully joined domain



in the Open AD user and Computer Management on The DC, view the computer container, and see the host that is joined to the domain

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-a-iihS9AAG-yKxDhdM846.jpg "style=" float: none; "title=" 32.png "alt=" Wkiom1qp-a-iihs9aag-ykxdhdm846.jpg "/>

Next is the client 2

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-b3ASSR4AAMAcnSmog0132.jpg "style=" float: none; "title=" 33.png "alt=" Wkiol1qp-b3assr4aamacnsmog0132.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-a-xwHNyAALayg_KMuk133.jpg "style=" float: none; "title=" 34.png "alt=" Wkiom1qp-a-xwhnyaalayg_kmuk133.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-b2BXYELAAGolCppQj0768.jpg "style=" float: none; "title=" 35.png "alt=" Wkiol1qp-b2bxyelaagolcppqj0768.jpg "/>


This article is from the "IT Walker Pine" blog, please be sure to keep this source http://520yatou.blog.51cto.com/6642882/1550572

Windows Server 2008 forest root domain DC deployment

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.