Active Directory Domain Service 04/03 Update SLTechnology News&Howtos

Active Directory Domain Service

2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

AD DS Design

Single forest single domain is preferred

Time is important (PDC)

Implement multiple/backup domain controllers

2150000000 objects per domain

FQDN less than 64 characters

FSMO (Flexible single master operation)

Schema master

Forest levelTo make change into Schema in forest (such as implement Exchange, Lync) Domain naming masterForest levelTo add/remove domain in forestPDCDomain level

Time root in forest (PC-DC-PDC)

Group policy management centrally

Handle password change specially (After change user password, the DC will sync to PDC immediately)

Handle user account lock specially

RID Pool masterDomain levelAssign RIDs (500/time) to DCInfrastucture masterDomain levelObjects reference in different domains

# To check the FSMO servers

Netdom query fsmo

# To transfer / seize

Netdom /?

Install Domain controllers in the first site

# Install AD DS on the first DC

Install-WindowsFeature AD-Domain-Services-IncludeAllSubFeature-IncludeManagementTools## Windows PowerShell script for ADDSDeployment # Import-Module ADDSDeploymentInstall-ADDSForest `- CreateDnsDelegation:$false`-DatabasePath "C:\ Windows\ NTDS" `- DomainMode "Win2012R2"`-DomainName "vccware.com" `- DomainNetbiosName "VCCWARE"`-ForestMode "Win2012R2" `- InstallDns:$true`-LogPath "C:\ Windows\ NTDS" `- NoRebootOnCompletion:$false`-SysvolPath "C:\ Windows\ SYSVOL" `- SafeModeAdministratorPassword (ConvertTo-SecureString "123.com"-AsPlainText-Force) `- Force:$truew32tm / config / computer:BJDC01.vccware.com / manualpeerlist:time.windows.com / syncfromflags:manual / update

Change the DNS from 127.0.0.1 back in the network adaptor configuration

# Install AD DS on the second DC

Install-WindowsFeature AD-Domain-Services-IncludeAllSubFeature-IncludeManagementTools## Windows PowerShell script for ADDSDeployment # Import-Module ADDSDeploymentInstall-ADDSDomainController `- NoGlobalCatalog:$false`-CreateDnsDelegation:$false `- CriticalReplicationOnly:$false`-DatabasePath "C:\ Windows\ NTDS" `- DomainName "vccware.com"`-InstallDns:$true `- LogPath "C:\ Windows\ NTDS"`-NoRebootOnCompletion:$false `- ReplicationSourceDC "BJAD01.vccware.com"`-SiteName "Default-First-Site-Name" `- SysvolPath "C:\ Windows\ SYSVOL"`-SafeModeAdministratorPassword ( ConvertTo-SecureString "123.com"-AsPlainText-Force) `- Force:$true

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.