Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Deploy domain controller

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

After Windows Server 2019 is installed, there are several tasks to complete.

rename the computer

Change network parameters

turn off the firewall

Open Remote Desktop

Install AD DS Domain Services. The installation process is divided into two phases: installing roles and promoting domain services.

1. Renaming the computer

Log in to the server as administrator, open Server Manager, select Local Server, click Computer Name, open System Properties page, click Change on System Properties page.

According to the previous planning name, modify it.

Restart after modification to apply changes.

2. Change network parameters

Refer to the plan and configure as follows

3. Close the firewall

4. Open Remote Desktop

5. Deploy domain controllers

Open the Server Manager dashboard and click Add Roles and Features

Open the Add Roles and Features wizard, go to the Next step on the Before Start page

On the Installation Type page, select Role-Based or Function-Based Installation

On the Server Selection page, select Server MCDC01

Select Active Directory Domain Services on the Server Roles page and add the appropriate functionality

On the Function page, select Default Next

On AD DS page, there is corresponding description, default next step

On the confirmation page, click Install

complete the installation

Click Promote This Server to Domain Controller here to launch the Active Directory Domain Services Configuration Wizard, which opens the Deployment Configuration dialog box. The installation wizard provides three Active Directory installation modes

Add a controller to an existing domain. Features accomplished: Deploy multiple domain controllers.

Add new domains to existing forests. Completed function: Add a new domain to an existing forest and create another brand new domain tree.

Add new forest. Completed functions: Create new forest, new domain.

In this test, we chose to deploy a new forest, select the "Add new forest" option in the "Select deployment action" option, and set the root domain name to MC.com

Select the functional level of the new forest and root domain, and specify the domain controller function, type the directory server restore mode password

On the DNS Options page, select Default Next

On the Other Options page, select Set NetBIOS Domain Name and click Next

Configure AD DS database, log files, and SYSVOL locations

On the View Options page, click Default

On the prerequisites check page, leave defaults and click install.

wait for the installation

After installation, the server will restart automatically.

Verify that the domain controller is installed successfully; when the domain controller is deployed, Windows Administration Tools under the Start menu adds Active Directory Administration Center, Active Directory Users and Computers, Active Directory Domains and Trusts, Active Directory Sites and Services, ADSI Editor, DNS

Verify AD DS domain services; after AD DS domain services deployment is complete, the following 2 AD DS related services are deployed by default

Active Directory Domain Service (NTDS)

Active Directory Web Services (ADWS)

Both services are bootstrapped by default.

Related properties are as follows

Verify Default Container

After the domain controller deployment is complete, the successfully installed domain controller will create some default containers. Click View---Advanced options, as shown below.

Verify Domain Controllers

The default domain controller snap-in unit is Domain Controllers, which contains the first domain controller (DC), or the default container for new domain controllers (extra controllers, read-only controllers). The domain controller will be automatically merged into the organization after installation.

Verify Default-first-Site-Name

During the process of promoting a server to a domain controller, the installation wizard automatically determines which site the domain controller is a member of. If the new domain controller is the first domain controller in the new forest, a default site named Default-First-Site-Name is created, and the domain controller is the first member in the domain. Open the Active Directory Sites and Services console and select the Site---Default-First-Site-Name--server option to show that the domain controller has been added to the default site.

Verify the Active Directory database and Log Files

During the promotion of the server to domain controller, set the storage location for the Active Directory database and log files in the Paths dialog box, which defaults to the %Systemroot%\NTDS folder, where:

Active Directory database "Ntds.dit" stores all Active Directory objects in the domain controller. The extension name "dit" is full name of "Directory Information Tree," which is literally translated as "Directory Information Tree" in Chinese.

Event log file "edb.log"; this file stores Active Directory operation information. The default transaction log name is "edb.log". The size of each transaction log file is 10MB. When edb.log is full, it is renamed edbxxxx.log. A new log file is re-established, and the old log file is automatically deleted. xxxx is the file number, gradually increasing from 0001;Active Directory writes the transaction log to the log file edb.log while writing the transaction log to memory. If the system is not shut down normally, the data that has not been written to the Active Directory database in memory will be lost. When the system checkpoints the edb.chk file after power-on, it is known that starting from the data in the transaction log file edb.log, log records in the transaction log file edb.log are used to write log performance that has not been written to the Active Directory database before power-off to the Active Directory database.

Checkpoint file "edb.chk" tracks logs that have not yet been written to Active Directory data files. Records differences between Active Directory database files and Active Directory data in memory, typically used for Active Directory initialization and restore operations.

The temporary log file is "edbtmp.log", which is a temporary log when the current log file (edb.log) is full

Keep log files "Edbres0001.jrs" and "edbres0002.jrs." These two files are log retention files and are used only when there is not enough disk space for the log files. If the current log file is full and there is not enough space left on disk for the server to create a new log file, the server writes the Active Directory processing logs currently in memory to two reserved log files, and then closes Active Directory. Each log file is also 10MB in size.

Temporary file "Temp.edb." This file is used during database maintenance and stores data processed during maintenance.

In Explorer, navigate to c:\Windows\NTDS\to view the following:

To verify the computer role, execute net accounts on the command line, verify as follows:

Verify System Shared Volume "SYSVOL" and "NetLogo" services

After Domain Services is installed, System Shared Volumes are located by default in the "%Systemroot%\SYSVOL folder." The file directory structure is as follows

Verify that the shared volume has been created successfully by executing net share on the command line. As follows:

To verify the directory server, run dcdiag on the command line and the command results are as follows:

Verify that SRV records log in to DNS console as administrator and there will be two SRV records at_msdcs.mc.com/dc/_sites/Default-first-Site-name/tcp as follows

The following records will also exist at_msdcs.mc.com/dc/tcp

To view the FQDN of the domain controller, select the_msdcs.mc.com option in the DNS console. The alias records of the domain controller are displayed in the list on the right, as follows

Test domain controller FQDN name connectivity, ping to see if it works

To verify the FSMO operations host role, in the command line window, type the following netdom query fsmo command to query whether the five operations host roles were successfully created

After the command is executed, the domain controllers where the five operations master roles are located are displayed. At this point, complete operation of the domain controller. Stay tuned for more.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 255

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report