Experimental background: In the daily production of the enterprise, a server is usually deployed as a domain controller, and the clients of each department are joined to a domain, which facilitates unified management and maintenance. and to achieve Remote Desktop synchronization, the file is placed on the server side, from any client through authentication access and operation. Nonsense not much to say, directly on the experiment.
Take an experimental topology diagram, with the Cisco Simulator's Ha, and by the way familiar dot Cisco stuff
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-OTiAJfgAACJ8QhSKyg615.jpg "style=" float: none; "title=" 1.png "alt=" Wkiol1qp-otiajfgaacj8qhskyg615.jpg "/>
on the same internal LAN, there is a server, we will deploy the domain controller on the above, and pc0 and pc1 into the domain, on the server side will realize the unified management of the two hosts
Experimental requirements:
Server Server-1,ip:10.0.0.1 netmask:255.0.0.0 gateway:10.0.0.254 dns:10.0.0.1
Client Client1 ip:10.0.0.2 netmask=255.0.0.0 gateway=10.0.0.254 dns=10.0.0.1
Client Client2 ip=10.0.0.3 netmask=255.0.0.0 gateway=10.0.0.254 dns=10.0.0.1
Experimental process:
Configure the server IP, set this server as a DNS server,DNS points to itself, change the computer name to server-1, restart theserver
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-OSwfSP9AAIgXbbFh9g076.jpg "style=" float: none; "title=" 2.png "alt=" Wkiol1qp-oswfsp9aaigxbbfh9g076.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-NfDix52AAH2glCf6m4104.jpg "style=" float: none; "title=" 3.png "alt=" Wkiom1qp-nfdix52aah2glcf6m4104.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-NeQwPqWAAGpE_QQLgE471.jpg "style=" float: none; "title=" 4.png "alt=" Wkiom1qp-neqwpqwaagpe_qqlge471.jpg "/>
Start ---- Run Enter dcpromo to open the DC Deployment Wizard
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-OWBc3aCAAGENERiUeg958.jpg "style=" float: none; "title=" 5.png "alt=" Wkiol1qp-owbc3acaageneriueg958.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-Njg6EK8AACi5GeueRo979.jpg "style=" float: none; "title=" 6.png "alt=" Wkiom1qp-njg6ek8aaci5geuero979.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-OXxAeE3AAIYzZ5NXeQ311.jpg "style=" float: none; "title=" 7.png "alt=" Wkiol1qp-oxxaee3aaiyzz5nxeq311.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-NiAlisYAAFjIBXZUFQ509.jpg "style=" float: none; "title=" 8.png "alt=" Wkiom1qp-nialisyaafjibxzufq509.jpg "/>
Select Create new domain in New forest, because we do not have a domain now, if the company headquarters has, you can select an existing forest, you can directly join the headquarters of the domain
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-OXClFYkAAE5-vj_9Ic847.jpg "style=" float: none; "title=" 9.png "alt=" Wkiol1qp-oxclfykaae5-vj_9ic847.jpg "/>
Specify forest root domain as ws.com
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-RfCxaYJAAHTMyabs3U450.jpg "style=" float: none; "title=" 10.png "alt=" Wkiom1qp-rfcxayjaahtmyabs3u450.jpg "/>
Specifies the functional level of the forest.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-SSSqkvnAAGFi8p7Emk027.jpg "style=" float: none; "title=" 11.png "alt=" Wkiol1qp-sssqkvnaagfi8p7emk027.jpg "/>
to Select the DNS server to install the DNS server, we are not installing now, so below he will prompt, choose Yes
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-SXxlNdSAAEQ8URXxds409.jpg "style=" float: none; "title=" 12.png "alt=" Wkiol1qp-sxxlndsaaeq8urxxds409.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-RfhDFp1AAHlVkwTz0Q676.jpg "style=" float: none; "title=" 13.png "alt=" Wkiom1qp-rfhdfp1aahlvkwtz0q676.jpg "/>
Specify Active Directory database files, log files, and SYSVOL folder storage path. This contains the database information, if the server is damaged, you can recover data through the file, including the user name and password files, it is important!!
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-SXQ2L9mAAGe01tJ-ow624.jpg "style=" float: none; "title=" 14.png "alt=" Wkiol1qp-sxq2l9maage01tj-ow624.jpg "/>
set up Active Directory DSRM mode password, used to repair the database, note the password is complex
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-RjxYGlzAAH8zi4FxnA744.jpg "style=" float: none; "title=" 15.png "alt=" Wkiom1qp-rjxyglzaah8zi4fxna744.jpg "/>
Installation Summary, direct next
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-RjjDD4uAADmL70EtcQ177.jpg "style=" float: none; "title=" 16.png "alt=" Wkiom1qp-rjjdd4uaadml70etcq177.jpg "/>
Tick the reboot after completion, is the configuration to take effect
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-SWiaDVuAAG_DTtJXjw518.jpg "style=" float: none; "title=" 17.png "alt=" Wkiol1qp-swiadvuaag_dttjxjw518.jpg "/>
You will be prompted to change your password. Requirements Meet complexity
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-RjCp8n9AAEMMPuuQKU879.jpg "style=" float: none; "title=" 18.png "alt=" Wkiom1qp-rjcp8n9aaemmpuuqku879.jpg "/>
at this point, we look at the system properties and we can see server-1 The server has been configured as a domain controller, hehe
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-YTTp8bYAALRsODmqeI144.jpg "style=" float: none; "title=" 19.png "alt=" Wkiol1qp-yttp8byaalrsodmqei144.jpg "/>
In the administration tool, we can see some of the domain Active Directory related components
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-XfzlAeZAARxjpNUHZk131.jpg "style=" float: none; "title=" 20.png "alt=" Wkiom1qp-xfzlaezaarxjpnuhzk131.jpg "/>
Open DNS Management Console, locate the forward lookup zone that is already configured as ActiveDirectory integrated area type, abbreviation AD , only security updates
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-YTz6uPcAALtrufOCpg080.jpg "style=" float: none; "title=" 21.png "alt=" Wkiol1qp-ytz6upcaaltrufocpg080.jpg "/>
in the DNS automatically registered on the server _msdcs.ws.com area, which contains the SRV Record
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-YTg2CS4AAL0OyAhyWg943.jpg "style=" float: none; "title=" 22.png "alt=" Wkiol1qp-ytg2cs4aal0oyahywg943.jpg "/>
Configure DNS Reverse Lookup Zones
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-Xfi7cSaAAKw4SXYyJk034.jpg "style=" float: none; "title=" 23.png "alt=" Wkiom1qp-xfi7csaaakw4sxyyjk034.jpg "/>
area type main area, tick Storage in AD
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-XfwwbuZAAKup8OYQP4803.jpg "style=" float: none; "title=" 24.png "alt=" Wkiom1qp-xfwwbuzaakup8oyqp4803.jpg "/>
Create IPv4 Reverse lookup zone, allow only security updates
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-YXBrt7VAANqVixUtMM119.jpg "style=" float: none; "title=" 25.png "alt=" Wkiol1qp-yxbrt7vaanqvixutmm119.jpg "/>
Add server-1 of the server host PTR Pointers
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-YXQFasuAAMCpnBW3sw027.jpg "style=" float: none; "title=" 26.png "alt=" Wkiol1qp-yxqfasuaamcpnbw3sw027.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-bqDvRI5AAJ8bg54y5w721.jpg "style=" float: none; "title=" 27.png "alt=" Wkiol1qp-bqdvri5aaj8bg54y5w721.jpg "/>
Open AD User and Computer Management console, view domain Controller organizational unit,server-1 for domain controller type is GC
The following client joins the domain, configures the IP, and tests the communication
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-a3BXAI_AARbhm4v2vo726.jpg "style=" float: none; "title=" 28.png "alt=" Wkiom1qp-a3bxai_aarbhm4v2vo726.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-buynrVeAANQIxGgHyY918.jpg "style=" float: none; "title=" 29.png "alt=" Wkiol1qp-buynrveaanqixgghyy918.jpg "/>
Next, set the system properties, define the domain name suffix, for the administrator account to subordinate the host to the ws.com domain
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/25/wKiom1QP-a6hjrRoAATaQwyksXg789.jpg "style=" float: none; "title=" 30.png "alt=" Wkiom1qp-a6hjrroaataqwyksxg789.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/26/wKioL1QP-byQmE4dAAP3WIV3aqE978.jpg "style=" float: none; "title=" 31.png "alt=" Wkiol1qp-byqme4daap3wiv3aqe978.jpg "/>
after DC Authentication, client01 client successfully joined domain
in the Open AD user and Computer Management on The DC, view the computer container, and see the host that is joined to the domain
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/49/25/wKiom1QP-a-iihS9AAG-yKxDhdM846.jpg "style=" float: none; "title=" 32.png "alt=" Wkiom1qp-a-iihs9aag-ykxdhdm846.jpg "/>
Next is the client 2
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/26/wKioL1QP-b3ASSR4AAMAcnSmog0132.jpg "style=" float: none; "title=" 33.png "alt=" Wkiol1qp-b3assr4aamacnsmog0132.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/49/25/wKiom1QP-a-xwHNyAALayg_KMuk133.jpg "style=" float: none; "title=" 34.png "alt=" Wkiom1qp-a-xwhnyaalayg_kmuk133.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/49/26/wKioL1QP-b2BXYELAAGolCppQj0768.jpg "style=" float: none; "title=" 35.png "alt=" Wkiol1qp-b2bxyelaagolcppqj0768.jpg "/>
This article is from the "IT Walker Pine" blog, please be sure to keep this source http://520yatou.blog.51cto.com/6642882/1550572
Windows Server 2008 forest root domain DC deployment