Shulou(Shulou.com)06/03 Report--

Tip: in the process of deploying AD DS (Active Directory Domain Service), all operating systems in the forest, domain or terminal are not recommended to use the same replication operations such as GHOST and virtual machine cloning mode, which will lead to the same probability of SID, which often leads to a lot of problems. If you must do this, after installing the operating system, run Sysprep to generate a new SID (the operating system test above NT6 is normal).

First, AD (Active Directory) domain first deployment operation process

1. The installation process of the operating system is not explained here and is simple. After installation, first fix the computer name and IP address-restart, set the DNS setting to IP address (the computer name and IP address will not be changed later).

2. Server Manager

-- Management

-- add role function

-role-based or feature-based installation

-- the server in the server pool is selected by default

-- roles (Select: Active Directory Domain Services and DNS Server

-until the installation is confirmed

Wait for the installation to complete and the light blue font "promote this server to domain controller" or "close back to the upper right corner of the server manager interface" appears

-- Click the "Yellow se exclamatory sign" to operate

3. Active Directory Domain Services configuration Wizard

-- add a new forest (if you already have a forest or domain, select: add the new domain to the existing forest, or add the domain controller to the existing domain)

-- enter: root domain name

-- selection of forest functional level and domain functional level: Windows 2012 R2 Murray-enter: DSRM password (other options default

-- prompt that DNS cannot delegate. Ignore

-- NetBIOS domain name remains the default

-- specify AD DS database, log file and SYSVOL location, and modify to D disk or non-C disk location

-- installation

-- restart

-- Log in to the domain administrator user

The first AD domain deployment has been completed.

Second, the deployment operation process of the second AD domain (adding the second AD domain for daily fault tolerance and preventing the failure of the first AD domain)

1. Fix the computer name and IP address-restart

2. Same as the first deployment operation

3. Like the first deployment operation, some of the operations differ as follows:

-- Select: add the domain controller to the existing domain (if you need to create a subdomain, select: add the new domain to the existing forest), specify the domain information for this operation-- the domain. The search will prompt: the server is not available. You can enter the root domain name directly in the input box.

-- provide the credentials required to perform this operation: enter the domain management account and password

-- other options-- specify additional replication options, copied from: primary domain (do not select: any domain controller)

The second AD domain deployment is completed.

Third, the deployment operation process of the third AD read-only domain controller (RODC)

About RODC: RODC cannot be used for fault tolerance. If only one writable domain controller in the domain fails, then RODC cannot be used to obtain the FSMO role and does not store most passwords.

RODC changes are initiated by a writable domain controller and then replicated to the RODC, which uses external telecommuting connections to prevent ji attackers from taking over the RODC at a remote location, changing the AD, and copying the changes to the writable DC.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.