One: Experimental simulation environment:
Zhuyu Company is a small company, with the company, the company more and more attention to the construction of information technology, the company takes into account the centralized management of computer user rights and shared resources synchronization management, need to set up an ad domain control server, taking into account the cost and future management issues,
Plan to set up the AD domain control and DNS server, after the primary domain controller is installed, in order to avoid a single point of failure, you need to deploy another secondary domain controller standby.
Second, the company network deployment:
Primary domain controller server (Windows server R2 + AD domain + DNS server)
Primary domain controller server computer name: Test-zhuad
Primary domain controller server FQCN (fully qualified domain name): zhuyu.com
Secondary domain control server (Windows server R2 + AD domain + alternate DNS server)
Secondary domain control server computer name: Test-beiad
Third, the operation steps:
++++++++++ Installing the ad domain requires that you first install the DNS server ++++++++++
1, manually set the primary domain control server fixed IP address.
2. Server Manager----Role-----add roles.
3. Select Next.
4, check the DNS server----next.
5. Select Next.
6. Select Install.
7, the DNS installation is complete----shutdown.
++++++++++ Installing the primary domain controller ++++++++++
1. Start----Run----input dcpromo----OK.
2. Select Next.
3, check the operating system compatibility----next.
4. Select Create new domain in New Forest----next. (Zhuyu company has not previously set up ad domain or forest, so here is the second option, if there is an ad domain or forest to choose the first option)
5, enter the domain name zhuyu.com----Next step.
6. Forest functional Level Select Windows Server R2 after you cannot manage the AD domain control----The Windows Server 2003 operating system next. (Choose according to your actual situation)
7, if the DNS is not installed here will prompt the need to install DNS, only need to check the DNS server, the local DNS server has been installed before, so there is no----the next step.
8, pop-up prompt to select "Yes". (because before the DNS server role is installed, the system checks whether the server has a fixed IP address set.) IPV6 is the dynamic IP is the preset self-boot, here is the use of IPv4, you can ignore it)
9. Select "Yes".
10. Select Next.
11. Enter the administrator directory to restore the password----next. (custom password, this password must remember, after the AD domain directory restore needs to use, if forgotten, after the AD domain control migration you are tragic)
12. Select Next. (Export settings files for later use, depending on your needs)
13, the Configuration Wizard----tick completed after the restart. (The system will restart automatically after the primary domain controller is installed)
14, the domain control is created----this time, the primary Domain controller server's DNS settings need to be set back because DNS is set to 127.0 when domain control is installed. 0.1.
++++++++++ Build Auxiliary domain controller ++++++++++
(after the primary domain controller is installed, to avoid a single point of failure, you need to deploy a second secondary domain controller standby)
1, manually set the secondary domain control server fixed IP address.
2. Start----Run----input dcpromo----OK.
3. Select Next.
4, check the operating system compatibility----Choose Next.
5. Select "Existing forest"----add a domain controller to an existing domain----next. (Zhuyu company has set up a primary domain controller, only need to select "Add a domain controller to an existing forest domain", if you are building a subdomain, select "Create a new domain in an existing forest")
6. Enter the primary domain controller domain name zhuyu.com----alternate credentials----settings. (note here that if the secondary domain is not joined to a domain before, my current logon credentials are dimmed and only alternate credentials can be selected for authentication)
7. Verify that the next step is selected by----.
8. Select Next.
9. Select Next.
10. Check the DNS server and global catalog----next. (This machine has DNS installed, all without prompting, if DNS is not installed check the DNS server)
Global Catalog parsing:
Here is an explanation of the global catalog. The Global CATALOG,GC Global catalog contains the most important attributes for each object in each Active Directory, and is a collection of all objects in the domain forest. In a domain forest, domain controllers in the same domain forest share the same Active Directory.
This Active Directory is distributed among domain controllers in each domain, and the domain controllers in each domain hold information about the domain's objects (user accounts and directory databases, etc.). If a user in one domain wants to access a resource in another domain, first locate the resource in the other domain
。 To allow users to quickly find objects within another domain, Microsoft has designed the global catalog (CATALOG,GC). The global catalog contains the most important attributes (that is, partial attributes) for each object in each Active Directory, so that even if the user or application does not know
The object is in which domain, and you can quickly find the objects being accessed.
11, pop-up prompt to select "Yes".
12. Select Next.
13, set Administrator directory restore password----next. (custom password, password here I set it to the same as the primary domain controller Administrator directory to restore the password for the convenience of memory)
14. Select Next. (Choose Export Settings file according to your needs)
15. Tick "Restart after completion". (After the secondary domain controller is installed, the system will automatically restart the system, the secondary domain controller installed successfully)
16, the secondary domain controller installation is complete.
Windows Server R2 Build primary domain controller + secondary domain controller