ActiveDirectoryDomainService

AD DS Design

成都创新互联是专业的蓝山网站建设公司,蓝山接单;提供成都网站制作、做网站、外贸营销网站建设,网页设计,网站设计,建网站,PHP网站建设等专业做网站服务;采用PHP框架,可快速的进行蓝山网站开发网页制作和功能扩展;专业做搜索引擎喜爱的网站,专业的做网站团队,希望更多企业前来合作!

  • Single forest single domain is preferred

  • Time is important (PDC)

  • Implement multiple/backup domain controllers

  • 2,150,000,000 objects per domain

  • FQDN less than 64 characters

FSMO (Flexible single master operation)

Schema master
Forest levelTo make change into Schema in forest (such as implement Exchange, Lync)
Domain naming masterForest levelTo add/remove domain in forest
PDCDomain level
  • Time root in forest (PC-DC-PDC)

  • Group policy management centrally

  • Handle password change specially (After change user password, the DC will sync to PDC immediately)

  • Handle user account lock specially

RID Pool masterDomain levelAssign RIDs (500/time) to DC
Infrastucture masterDomain levelObjects reference in different domains

# To check the FSMO servers

netdom query fsmo

# To transfer / seize

netdom /?

Install Domain controllers in the first site

# Install AD DS on the first DC

Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDNSDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName "vccware.com" `
-DomainNetbiosName "VCCWARE" `
-ForestMode "Win2012R2" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) `
-Force:$true
w32tm /config /computer:BJDC01.vccware.com /manualpeerlist:time.windows.com /syncfromflags:manual /update

Change the DNS from 127.0.0.1 back in the network adaptor configuration
# Install AD DS on the second DC

Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainName "vccware.com" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "BJAD01.vccware.com" `
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:\Windows\SYSVOL" `
-SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) `
-Force:$true

分享标题:ActiveDirectoryDomainService
网站网址:http://myzitong.com/article/jjjhci.html