Windows Server 2016-domain site links and subnet adjustments

In many cases, we distinguish between the domain control or the site synchronization is normal operation of the content is to see the two domain control ping or resolution is normal, or to see whether the two firewalls shut down, but in fact, we need to be aware that the site active Directory data replication not only to ensure that the physical server connection is normal, but also we need to create a logical connection to the ad data synchronization, both indispensable. This chapter brings you the domain site link creation and the subnet adjustment and so on content.

The general single-domain multi-site deployment process is to create a new site-Create a site subnet-locate a domain controller, or join a new domain controller-Create a site link-Create a site link bridge, and so on.

First, Site Creation:

1.1. Open the Active Directory site and the Services console to view the current site information as follows:

1.2. Or view the current site information from the command line:

View Domain site information: get-adreplicationsite

1.3. Or view the current site information via dsquery site:

1.4. Open the Active Directory site and the Services console, right-sites select "New Site" in the popup menu item:

1.5. Enter the site object name and select the site linker by default:

1.7. Click OK on the pop-up window to continue:

1.8. We can also create a new site via New-adreplicationsite:

Create a new site: new-adreplicationsite-name "Site Name"

Second, subnet creation:

Different sites we generally use different IP subnets, such as Beijing, Shanghai, and Shenzhen we often plan different IP segments for local use in order to differentiate regions, while domain controllers determine which site they belong to according to their IP address. Different sites under the domain of the computer login to the domain, according to their own IP address automatically determine which site under which domain controller, the nearest authentication user identity and login.

2.1. Open the Active Directory site and the Services console, right-subnets Select "New Subnet" in the popup menu item:

2.2. Enter the IP subnet segment in the New Subnet dialog box and determine which site to assign to:

2.3. We can also implement the content of the new subnet via the PowerShell command as follows:

New subnet: New-adreplicationsubnet-name 192.168.0.0/24-site Hebei

2.4. To facilitate verification of different domain controller assignments under different sites, no new domain controllers are created, and some domain controllers are moved directly under the default site to the new site. Navigate to a Domain control server and right-click to select Move:

2.5. Select the site to which you want to move the server, and click OK to continue:

2.6. View the post-move information as follows:

2.7. We can also move and view site and domain controller distributions via the command line:

Move a domain controller to a site: Get-addomaincontroller BDC | Move-addirectoryserver-site Hunan

View current domain controller assignment information: Get-addomaincontroller |select hostname,site

2.8. Verify that the command line moves the domain controller results:

2.9. View the domain control location information in the current domain: Get-addomaincontroller-filter * |select hostname,site

2.10. View current site and subnet information:

View current subnet information: dsquery subnet

View current site information: dsquery site

Additional information about Get-addomaincontroller:

Get-addomaincontroller: Searches for parameters or obtains one or more Active Directory domain controllers by providing domain controller identifiers, such as NetBIOS names, based on discoverable service conditions.

Get-addomaincontroller[-authtype <adauthtype>][-credential <pscredential>][[-identity] < Addomaincontroller>][-server <string>][<commonparameters>]

Get-addomaincontroller[-authtype <adauthtype>][-avoidself][-discover][-domainname <String>][- Forcediscover][-minimumdirectoryserviceversion <adminimumdirectoryserviceversion>][-nextclosestsite][- Service <addiscoverableservice[]>][-sitename <string>][-writable][<commonparameters>]

Get-addomaincontroller[-authtype <adauthtype>][-credential <pscredential>]-filter <String>[- Server <string>][<commonparameters>]

The Get-addomaincontroller cmdlet gets the domain controller specified by the parameter. You can obtain a domain controller by setting the Identity,filter or discover parameter.

The identity parameter specifies the domain controller to get. You can identify a domain controller by its guid,ipv4address, global ipv6address, or DNS hostname. You can also identify the domain controller partition or the DN of the computer object that represents the domain controller by using the name of the server object that represents the domain controller, the NTDS setting object or the distinguished name (DN) of the server object, the GUID of the NTDS Settings object or the server object under configuration. You can also set the identity parameter to a domain controller object variable (for example, <localDomainControllerObject>), or to pass a domain controller object through a pipeline to the identity parameter.

To search for and retrieve multiple domain controllers, use the filter parameter. The filter parameter writes a query string for Active Directory using the PowerShell expression language. The PowerShell expression language syntax provides rich type conversion support for the value types that are received by the filter parameter. For more information about the Filter parameter syntax, see About_activedirectory_filter. You cannot use the LDAP query string in this cmdlet.

To obtain a domain controller by using the discovery mechanism of dclocator, use the Discover parameter. You can provide search criteria by setting parameters such as services, Sitename,domainname,nextclosestsite,avoidself, and Forcediscover.

A. Use discovery to obtain an available DC in a given site. C:\ps>get-addomaincontroller-discover-site "Default-first-site-name"

B. Force discovery/Find one of the available Dcc:\ps>get-addomaincontroller-discover-site "Default-first-site-name" in a given site-forcediscover

C: Use Discovery to get global catalogs in the current forest C:\ps>get-addomaincontroller-discover-service "Globalcatalog"

D: Use Discovery to get global catalogs in the current forest C:\ps>get-addomaincontroller-discover-service 2

E: Use Discovery to get an available dcc:\ps>get-addomaincontroller-discover in the current domain

F: Use Discovery to get an available DC in a given domain. C:\ps>get-addomaincontroller-discover-domain "Azureyun.com"

G: Use discovery to obtain the PDC and ensure that the ad domain is C:\ps>get-addomaincontroller-discover-domain "major.azureyun.com"-service "PRIMARYDC" as a time server , "Timeservice"

H: Gets the domain controller with its NetBIOS name. C:\ps>get-addomaincontroller-identity "Major" C:\ps>get-addomaincontroller "PDC-01"

I: Use its DNS hostname to obtain a domain controller and specify administrator credentials in a given domain (as specified in the server parameters). C:\ps>get-addomaincontroller-identity "major.azureyun.com"-server "azureyun.com"-credential "azureyun\ Administrator

J: Get domain controller c:\ps>get-addomaincontroller-identity "192.168.1.1" using its IP address

K: Gets all global catalogs in a given site C:\ps>get-addomaincontroller-filter {isglobalcatalog-eq $true-and site-eq " Default-first-site-name "}

L: Gets all Rogcc:\ps>get-addomaincontroller-server "brodc.azureyun.com"-filter {isglobalcatalog-eq $true in the subdomain to which the client is connected -and Isreadonly-eq $true}

M: Gets a list of all domain controllers for all domains in the forest c:\ps> $allDCs = (get-adforest). Domains | %{get-addomaincontroller-filter *-server $_}

Windows Server 2016-domain site links and subnet adjustments