Set Active Directory Domain Duwamish Online Aaron Ching Microsoft Developer Network 2000 December This page Main title:
Introduction Active Directory Overview Settings Active Directory Domain Controller Summary Context: This article provides a general information about Microsoft Active Directory technology and a step-by-step operation guide for setting up Active Directory domains like duwamishonline.com.
Introduction Multi-significant improvements in the Microsoft® Windows? 2000 Server operating system, Microsoft Active Directory® is not only the most important, but also the most prone to confusion. Compared with its predecessor (domain controller equipped in earlier versions of the Microsoft Windows NT? Operating system), the Active Directory built in Windows 2000 Server provides a new architecture and a set of features that have been further extended. Although the objectives herein are not discussed for all features contained in Active Directory, this paper provides general information about Active Directory technology, and will introduce the following two new concepts: a new one The domain controller architecture model and a new integrated relationship between DNS. These features are good for understanding the WEB area such as duwamishonline.com. In addition, we will also focus on the step-by-step operational procedure for this type of Web area with Active Directory. This article assumes that the reader has basically understood the concept of network interconnection in the earlier version of Windows NT.
Active Directory Overview is just like a telephone directory service that provides a person-call information, Active Directory is also available to store all network resource information, and provide a directory service feature for simple access services for such information. The network resources mentioned here mainly include objects such as computers, printers, shared folders, and message queues. Active Directory is equivalent to the main switch in the entire network environment. This technique helps users and applications to implement target positioning and access calls for related resources that are already in network connection status, and implement network interconnection between each other. More importantly, this technology is also available to ensure access calls for related resources only if only those licensed users or applications can be allowed to have security assurance. In a server area similar to DUWAMISH Online, the purpose of deploying the Active Directory server is mainly reflected in providing users and applications to provide centralized, secure access call services for all servers on the network. Not only that, but the Active Directory also has a directory service for message queues that can be used for message queues with asynchronous operation support capabilities. (For more information on message queue services, please see the MSMQ feature article provided by us.) For more information on Active Directory, please refer to the "Active Directory Overview": http: //www.microsoft.com/windows2000/guide/server/features/dirlist.asp. Next, we will focus on the two new concepts of the first introduction of Active Directory. The latest architectural model of the domain controller has a computer device that is equipped with the Active Directory component that provides a directory service function is often referred to as a domain controller. The processing of computer devices that install Active Directory to a Windows 2000 Server operating system can transform or increase the relevant server to a domain controller corresponding to a particular domain. Under the premise of using Active Directory, all Windows 2000 Server domain controllers will become a peer-to-peer endpoint, and can provide the required support for multi-master replication characteristics, while performing Active Directory information replication within the full domain controller operating. This is precisely the most significant modification of the main / rural relationship between the primary domain controller (PDC) and backup domain controller (BDC) in the architecture design. In the earlier version of the Windows NT operating system, only PDCs maintain a directory information master copy of the read / write properties, and can copy the read-only copy corresponding to the directory information to the BDC. Unlike the earlier versions of Windows NT, Active Directory applies to multiple replication features between domain controllers and ensures that system administrators have the ability to perform modification operations from any domain controller. This mechanism will provide a higher level of reliability to the system in a fault in a domain control (especially PDC). Another major architectural design revision reflected in the technology of the technology (DNS) between the technology is highly integrated between the technology (DNS). In a Windows 2000 operating system, the Network Basic Input / Output System (NetBIOS) name is no longer acting as a primary name parsing method for an online computer or printer. Instead, an attribute called "Full Qualified Domain Name (FQDN)", for example, "Server1.Microsoft.com". This fully qualified domain name will be used to perform the above identification tasks.
This means that the Active Directory domain is currently using a naming structure (or namespace) that is fully consistent with the DNS domain. For example, in the earlier version of Windows NT, a computer device may be referenced to "Server1" under NetBIOS corresponding to the Windows network domain, and may be referenced to "Server1.Microsoft.com" in the DNS domain. In the Windows 2000 operating system, this computer will be referenced to "Server1.Microsoft.com" at the Active Directory domain and DNS domain. Of course, the difference between Active Directory and DNS is fully aware of the same critical significance. Different data sheets are still stored even in both the two being highly collaborated, and management is implemented for different objects. DNS is a name resolution service corresponding to the Transmission Control Protocol / Internet Protocol (TCP / IP). This service is mainly stored for resource records mainly in which the domain name is converted to the IP address corresponding to it. Although DNS can work independently without Active Directory support, the stored data can receive integrated processing in Active Directory and stored. DNS information will be automatically copied to other domain controllers in Active Directory, which in turn provides improved reliability and security guarantees for DNS services. On the other hand, Active Directory is still stored for domain object name requests, and resolves them to object recording data (eg, responding to computer network configuration requests). To perform a positioning operation for an Active Directory server, the Active Directory client first should query the DNS server it specifies so that the IP address corresponding to the Active Directory server should be found. As a component of the system design, DNS is equally necessary to ensure that Active Directory works. In fact, as long as the system fails to find existing DNS servers on the network, the operation of setting up for the Active Directory domain controller will be installed in the installation process and install the DNS server. For more information on DNS Namespace Construction Methods and DNS and Active Directory-related methods, please see the technical articles entitled to set the domain name system. Setting the Active Directory domain controller As mentioned in the Network and System Configuration Table, we have set the two servers to the Active Directory domain controller corresponding to the internal domain "INTDOMAIN.com". We set the first domain controller with a dedicated computer and set a second domain controller on the management server for implementing system redundancy. Since the domain controller must have the ability to access the call from the Web server and command processing server (for message queue), it is necessary to manage networks, management networks with backend networks. Or both of them are connected at the same time. In the next chapter, we will detail the step-by-step operational program for setting the Active Directory domain controller and settings to the Active Directory client of a specific domain. Install the first domain controller Please perform the following steps in order to create a new domain and install the Active Directory service on a server, then set the server to the first domain controller corresponding to the new domain. :
Click Run on the Start menu and enter DCPROMO in the subsequent dialog, then click OK. The above operation will start the Active Directory installation wizard. After the welcome screen, the wizard program will ask you to specify a domain controller type for the server that is about to install Active Directory. Keep the default status of the relevant options to set the server to a domain controller corresponding to the new domain. Next, the wizard program will require you to generate a new domain tree or generate a newly built a sub-domain in an existing domain tree. In this example, a domain tree should be created for the internal domain. Then, the wizard program will ask you to create a new forest or join an existing forest. Because you are creating the first domain, and there is currently no ready-made forests, please keep the default setting state of the relationship option to create a new forest corresponding to the homologous tree. As mentioned earlier, the Active Directory service provided by Windows 2000 is currently applied to the full qualified domain name (FQDN) as the preferred naming specification. When you want to set a name for the new field, type the FQDN corresponding to the inner domain (in this case, you should enter "INTDOMAIN.com"). Active Directory has backward compatibility for the earlier version of Windows NT, which depends primarily on the NetBIOS name corresponding to these version naming specifications. For coherence considerations, we should use the identical domain name as the NetBIOS name. In this example, the default domain name "INTDOMAIN" setting setting setting for the system should be accepted. The wizard program will require you to specify the storage location of the Active Directory database and the active log in the next two dialog boxes. To achieve more ideal performance performance and recoverable capabilities, we recommend that you store the database and log on a separate hard drive. To simplify the operation process, we choose to accept all default locations. The installation wizard will contact the DNS server corresponding to the new domain at this link. If the DNS server that corresponds to the new domain already exists and can be found on the network, the wizard program will continue to transfer to the next installation step; if there is no above the DNS server on the network, the wizard program will be in ACTIVE DIRECTORY installation is scheduled to install and configure the DNS server during the same computer, or later install the DNS server later. Here, we recommend that you keep the default setting status of the first option unless you really need to personally perform the settings of all DNS resource records. The remaining dialogs displayed by the installation wizard will be mainly used to handle security. Based on Duwamish Online case, if all computers in the domain are running a Windows 2000 operating system, set the license options that are only compatible with the Windows 2000 server to selected status. Next, the wizard program will require you to set a dedicated password for the administrator. Finally, the wizard program will display a summary screen to confirm with you with the options already set. If the information displayed on the screen is correct, click Next to confirm. Restart the server when the configuration processing process is executed. Installing the second domain controller The second Active Directory domain controller is much simpler than the installation process of the first domain controller. Before starting the installer, you should first confirm that the second server has permission to implement access calls for the same network portion. Only in this way can the server communicate with the first server. In addition, you should set an IP address for the DNS server (according to the recommendations provided above, this address must correspond to the first domain controller), and this IP address is available to the computer that acts as a domain controller Location. To set a DNS server, follow these steps:
Right click on the network neighbor and select the property command on the shortcut menu that will subsequently pop up. From the Network and Dial Connection dialog, right-click the local connection icon and select the property command on the shortcut menu that will subsequently pop up. Description: If your computer is equipped with a network adapter card connected to different network parts (similar to the duwamish online network configuration scheme), you can't confirm the network card that has been connected to the interior, then you can The related connections for the desired lookup are identified by the method of cutting up the cable connected to the internal network. In this way, the icon corresponding to the target connection will present a state of being disabled. Please re-specify the corresponding name for the connection you just found before recovering the network cable connection. Select Internet Protocol (TCP / IP) and click Properties. Within the Internet Protocol (TCP / IP) Properties dialog, you will be set to select the following DNS server address options. Enter the relevant IP address in the preferred DNS server bar. (If the DNS server has implemented the component as the component of the first Active Directory server installation process, please enter the IP address for the server. For the operation method, see the last chapter - "Install the first domain controller" - Step 8 in.) Click OK to make the modification take effect. Once DNS is set, you can install the second domain controller. To install the second domain controller, perform the following steps: Click Run on the Start menu, and enter DCPROMO in the subsequent dialog, then click OK. The above operation will start the Active Directory installation wizard. After the screen is passed, the wizard program will ask you to specify a domain controller type for the correlator server. Here, the second domain controller corresponding to the existing domain should be selected. Next, the wizard program will ask you to enter your username, password, and domain name (in this example, enter "INTDOMAIN"). According to the wizard program, the fully qualified domain name is entered for a particular domain, and the computer corresponding to this domain will be the second domain controller. (In this example, enter "INTDDOMAIN.com".) Similar to the situation when you install the first Active Directory server, the wizard program will require you to specify the database and log storage location and shared system volume. To simplify the operation process, we choose to accept all default locations. After completing the administrator password setting, the wizard program will ask you to re-check and finally confirm the information just set on the summary screen. Click Next to start installing. Please restart the server after the installer is executed. Setting an Active Directory client In the Windows 2000 installation process, the wizard will ask you to join the existing domain or work group. If the domain controller is still unavailable, you can only join the relevant domain later. Before starting the execution setting process, make sure the computer has access to access call permissions for the same network portion to communicate with the relevant domain. In the process of setting the second domain controller, you should specify the associated IP address for the DNS server. The following steps describe the specific ways to add a computer to the new domain in the Windows 2000 operating system.
Right-click on my computer and select Properties commands on the shortcut menu that will subsequently pop up. In the System Properties dialog box, first click the Network Identification tab, click the Properties button. In the Identification Modification dialog box, set the domain radio box to the selected state, and enter the complete domain name (in this example, enter "INTDOMAIN.com"). Click OK to confirm the above modifications. The wizard program will also prompt you to enter domain usernames and passwords. Restart the server in order to make the changes take effect.