Shulou(Shulou.com)06/03 Report--

Preparatory work:

(1) make sure that the file system of the disk partition is NTFS. Active Directory requirements must be installed on the NTFS partition, and if the partition the system is in is in FAT32 format, you can convert it with the "convert c: / fs:ntfs" command.

(2) determine the computer name of the server. If you rename the domain controller after the active Directory is installed, it will have an impact on the domain, so you need to set the computer name of the domain controller before installing the active Directory, which is named DC here.

(3) Plan the DNS domain name. You can set up a domain name that conforms to the DNS naming convention as needed. "coolpen.net" is used here.

(4) set the static IP address and DNS server for the server. Since DC is also used as the DNS server here, the preferred DNS server will also point to DC.

Implementation steps:

(1) add active Directory role

① first opens the Server Manager and in roles, click add role

② opens the add roles wizard, clicks the next button, selects the server role as Active Diectory Domain Services, and adds NET Framework functions as prompted.

After the ③ installation is complete, you are prompted that the Active Diretory Domain Services and NET Framework features have been installed. As you can see from the dialog box, you must also run the Active Dretory Domain Services installation Wizard (dcpromo.xe) before this server can become a full-featured domain controller.

(2) install active Directory and DNS service

① Windows+R, and then type dcpromo to open the active Directory installation wizard

Instead of using advanced mode installation in the installation wizard, click the "next" button.

② selects create a new domain in the new forest, as shown in figure 6-6. Although you simply create a domain, it logically creates a domain forest. Because the domain must belong to the domain tree, the domain tree must belong to the domain forest.

③ enter the pre-planned DNS domain name coolpen.net.

Both the forest functional level and the domain functional level use the default "Windows Server 2003", and the functional level should be selected according to the lowest Windows version of the domain controller that exists in the network.

④ chose to install the DNS server on this server.

Then a warning dialog box pops up indicating that the parent domain was not found and the delegate for the DNS server could not be created. Click the Yes button to continue.

⑤ selects the location of the database folder, log folder and sysvol folder, all of which are set by default.

● database folder: used to store Active Directory databases.

● log file folder: used to store the change log of Active Directory.

● SYSVOL folder: used to store domain shared files, such as various Group Policy files.

⑥ sets the directory restore mode password that meets the requirements of the password policy. Directory restore mode is a safe mode, which can be used to repair Active Directory database.

Finally, the Summary interface appears, click the next button, and the system starts installing the active Directory and the DNS service, and restarts when it is finished.

3. Check after installing active Directory

After installing the active Directory, this server becomes the city controller. All the original local users in the city controller will be automatically upgraded to domain users, and when logging in to the system, they will only be able to log in using the identity of the city user. The city user account name needs to be appended to the city name COOLPEN.

After logging in, you need to do some checks to make sure that the active Directory service is installed properly.

(1) change the DNS server used by the domain controller

After installing the active Directory by default, the preferred DNS is specified as 127.0.0.1, so it is recommended to change the preferred DNS server to point to your own IP address the first thing you do after the system starts.

(2) check the SRV record on DNS

SRV records, or Server records, are used to locate servers in the domain. Open the Server Manager, in the DNS service

Notice that there are 4 items above and 6 items below.

(3) check the default structure of the active directory

Open Active Directory users and computers in Administrative tools and check that the Secretpen.net domain has a normal directory structure.

At this point, the installation of the active Directory is successful. If you want to delete active directories and domains, you can demote the domain controller to a normal server. The command for DC demotion is the same as the command for promoting to a domain controller, both dcpromo. In the process of downgrading, the system will prompt whether the current domain controller is the last domain controller in this domain, which can be selected according to the actual situation. In addition, the password of the administrator account of the ordinary server after the downgrade will be prompted.

It is also important to note that when a server is configured as a domain controller, all local user accounts are automatically disabled in order to disable local login and improve system security. Open the Server Manager\ configuration interface, and you can find that there are no more settings for Local users and groups.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.