Windows Server 2008 forest root domain DC deployment

Experimental background: In the daily production of the enterprise, a server is usually deployed as a domain controller, and the clients of each department are joined to a domain, which facilitates unified management and maintenance. and to achieve Remote Desktop synchronization, the file is placed on the server side, from any client through authentication access and operation. Nonsense not much to say, directly on the experiment.

Take an experimental topology diagram, with the Cisco Simulator's Ha, and by the way familiar dot Cisco stuff

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-OTiAJfgAACJ8QhSKyg615.jpg "style=" float: none; "title=" 1.png "alt=" Wkiol1qp-otiajfgaacj8qhskyg615.jpg "/>

on the same internal LAN, there is a server, we will deploy the domain controller on the above, and pc0 and pc1 into the domain, on the server side will realize the unified management of the two hosts

Experimental requirements:

Server Server-1,ip:10.0.0.1 netmask:255.0.0.0 gateway:10.0.0.254 dns:10.0.0.1

Client Client1 ip:10.0.0.2 netmask=255.0.0.0 gateway=10.0.0.254 dns=10.0.0.1

Client Client2 ip=10.0.0.3 netmask=255.0.0.0 gateway=10.0.0.254 dns=10.0.0.1

Experimental process:

Configure the server IP, set this server as a DNS server,DNS points to itself, change the computer name to server-1, restart theserver

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-OSwfSP9AAIgXbbFh9g076.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1qp-oswfsp9aaigxbbfh9g076.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-NfDix52AAH2glCf6m4104.jpg "style=" float: none; "title=" 3.png "alt=" Wkiom1qp-nfdix52aah2glcf6m4104.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-NeQwPqWAAGpE_QQLgE471.jpg "style=" float: none; "title=" 4.png "alt=" Wkiom1qp-neqwpqwaagpe_qqlge471.jpg "/>

Start ---- Run Enter dcpromo to open the DC Deployment Wizard

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-OWBc3aCAAGENERiUeg958.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1qp-owbc3acaageneriueg958.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-Njg6EK8AACi5GeueRo979.jpg "style=" float: none; "title=" 6.png "alt=" Wkiom1qp-njg6ek8aaci5geuero979.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-OXxAeE3AAIYzZ5NXeQ311.jpg "style=" float: none; "title=" 7.png "alt=" Wkiol1qp-oxxaee3aaiyzz5nxeq311.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-NiAlisYAAFjIBXZUFQ509.jpg "style=" float: none; "title=" 8.png "alt=" Wkiom1qp-nialisyaafjibxzufq509.jpg "/>

Select Create new domain in New forest, because we do not have a domain now, if the company headquarters has, you can select an existing forest, you can directly join the headquarters of the domain

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-OXClFYkAAE5-vj_9Ic847.jpg "style=" float: none; "title=" 9.png "alt=" Wkiol1qp-oxclfykaae5-vj_9ic847.jpg "/>

Specify forest root domain as ws.com

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-RfCxaYJAAHTMyabs3U450.jpg "style=" float: none; "title=" 10.png "alt=" Wkiom1qp-rfcxayjaahtmyabs3u450.jpg "/>

Specifies the functional level of the forest.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-SSSqkvnAAGFi8p7Emk027.jpg "style=" float: none; "title=" 11.png "alt=" Wkiol1qp-sssqkvnaagfi8p7emk027.jpg "/>

to Select the DNS server to install the DNS server, we are not installing now, so below he will prompt, choose Yes

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-SXxlNdSAAEQ8URXxds409.jpg "style=" float: none; "title=" 12.png "alt=" Wkiol1qp-sxxlndsaaeq8urxxds409.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-RfhDFp1AAHlVkwTz0Q676.jpg "style=" float: none; "title=" 13.png "alt=" Wkiom1qp-rfhdfp1aahlvkwtz0q676.jpg "/>

Specify Active Directory database files, log files, and SYSVOL folder storage path. This contains the database information, if the server is damaged, you can recover data through the file, including the user name and password files, it is important!!

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-SXQ2L9mAAGe01tJ-ow624.jpg "style=" float: none; "title=" 14.png "alt=" Wkiol1qp-sxq2l9maage01tj-ow624.jpg "/>

set up Active Directory DSRM mode password, used to repair the database, note the password is complex

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-RjxYGlzAAH8zi4FxnA744.jpg "style=" float: none; "title=" 15.png "alt=" Wkiom1qp-rjxyglzaah8zi4fxna744.jpg "/>

Installation Summary, direct next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-RjjDD4uAADmL70EtcQ177.jpg "style=" float: none; "title=" 16.png "alt=" Wkiom1qp-rjjdd4uaadml70etcq177.jpg "/>

Tick the reboot after completion, is the configuration to take effect

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-SWiaDVuAAG_DTtJXjw518.jpg "style=" float: none; "title=" 17.png "alt=" Wkiol1qp-swiadvuaag_dttjxjw518.jpg "/>

You will be prompted to change your password. Requirements Meet complexity

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-RjCp8n9AAEMMPuuQKU879.jpg "style=" float: none; "title=" 18.png "alt=" Wkiom1qp-rjcp8n9aaemmpuuqku879.jpg "/>

at this point, we look at the system properties and we can see server-1 The server has been configured as a domain controller, hehe

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-YTTp8bYAALRsODmqeI144.jpg "style=" float: none; "title=" 19.png "alt=" Wkiol1qp-yttp8byaalrsodmqei144.jpg "/>

In the administration tool, we can see some of the domain Active Directory related components

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-XfzlAeZAARxjpNUHZk131.jpg "style=" float: none; "title=" 20.png "alt=" Wkiom1qp-xfzlaezaarxjpnuhzk131.jpg "/>

Open DNS Management Console, locate the forward lookup zone that is already configured as ActiveDirectory integrated area type, abbreviation AD , only security updates

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-YTz6uPcAALtrufOCpg080.jpg "style=" float: none; "title=" 21.png "alt=" Wkiol1qp-ytz6upcaaltrufocpg080.jpg "/>

in the DNS automatically registered on the server _msdcs.ws.com area, which contains the SRV Record

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-YTg2CS4AAL0OyAhyWg943.jpg "style=" float: none; "title=" 22.png "alt=" Wkiol1qp-ytg2cs4aal0oyahywg943.jpg "/>

Configure DNS Reverse Lookup Zones

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-Xfi7cSaAAKw4SXYyJk034.jpg "style=" float: none; "title=" 23.png "alt=" Wkiom1qp-xfi7csaaakw4sxyyjk034.jpg "/>

area type main area, tick Storage in AD

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-XfwwbuZAAKup8OYQP4803.jpg "style=" float: none; "title=" 24.png "alt=" Wkiom1qp-xfwwbuzaakup8oyqp4803.jpg "/>

Create IPv4 Reverse lookup zone, allow only security updates

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-YXBrt7VAANqVixUtMM119.jpg "style=" float: none; "title=" 25.png "alt=" Wkiol1qp-yxbrt7vaanqvixutmm119.jpg "/>

Add server-1 of the server host PTR Pointers

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-YXQFasuAAMCpnBW3sw027.jpg "style=" float: none; "title=" 26.png "alt=" Wkiol1qp-yxqfasuaamcpnbw3sw027.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-bqDvRI5AAJ8bg54y5w721.jpg "style=" float: none; "title=" 27.png "alt=" Wkiol1qp-bqdvri5aaj8bg54y5w721.jpg "/>

Open AD User and Computer Management console, view domain Controller organizational unit,server-1 for domain controller type is GC

The following client joins the domain, configures the IP, and tests the communication

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-a3BXAI_AARbhm4v2vo726.jpg "style=" float: none; "title=" 28.png "alt=" Wkiom1qp-a3bxai_aarbhm4v2vo726.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-buynrVeAANQIxGgHyY918.jpg "style=" float: none; "title=" 29.png "alt=" Wkiol1qp-buynrveaanqixgghyy918.jpg "/>

Next, set the system properties, define the domain name suffix, for the administrator account to subordinate the host to the ws.com domain

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-a6hjrRoAATaQwyksXg789.jpg "style=" float: none; "title=" 30.png "alt=" Wkiom1qp-a6hjrroaataqwyksxg789.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-byQmE4dAAP3WIV3aqE978.jpg "style=" float: none; "title=" 31.png "alt=" Wkiol1qp-byqme4daap3wiv3aqe978.jpg "/>

after DC Authentication, client01 client successfully joined domain

in the Open AD user and Computer Management on The DC, view the computer container, and see the host that is joined to the domain

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-a-iihS9AAG-yKxDhdM846.jpg "style=" float: none; "title=" 32.png "alt=" Wkiom1qp-a-iihs9aag-ykxdhdm846.jpg "/>

Next is the client 2

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-b3ASSR4AAMAcnSmog0132.jpg "style=" float: none; "title=" 33.png "alt=" Wkiol1qp-b3assr4aamacnsmog0132.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-a-xwHNyAALayg_KMuk133.jpg "style=" float: none; "title=" 34.png "alt=" Wkiom1qp-a-xwhnyaalayg_kmuk133.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-b2BXYELAAGolCppQj0768.jpg "style=" float: none; "title=" 35.png "alt=" Wkiol1qp-b2bxyelaagolcppqj0768.jpg "/>

This article is from the "IT Walker Pine" blog, please be sure to keep this source http://520yatou.blog.51cto.com/6642882/1550572

Windows Server 2008 forest root domain DC deployment