Set an Active Directory domain

xiaoxiao2021-03-06  127

introduction

In the Multi-enhancement features of the Microsoft® Windows® 2000 Server operating system, the introduction of Microsoft Active DirectoryTM features is most important, but it is most often confused. Antive Directory in Windows 2000 Server provides a new architecture and a wide range of features in Windows 2000 Server compared to the domain controllers in Microsoft Windows NT® operating systems.

Although this article does not intend to discuss all of Active Directory, it is indeed outlined this technology, focusing on discussing two new concepts: a new architecture model of domain controllers and new integration with DNS. These features are very helpful for understanding how Web groups such as duwamishonline.com. In addition, we will discuss the process of gradually set the web group with Active Directory.

This article assumes that the reader has basically learned the network concept in the earlier version of Windows NT.

Active Directory Overview

Just like the phone book provides personal and institutional telephone information services, Active Directory provides a directory service that stores and easy access to all networked resources (such as computer, printers, users, shared folders, messages, etc.). Related information.

Active Directory plays a role in the network environment. It helps users and applications find and access these networking resources to connect them. More importantly, it ensures that only accessible users or applications can securely access these resources.

Like the server groups in Duwamish Online, in the server group, deploying the Active Directory server is to provide the user and application to the user's way to secure access to all servers on the network. Moreover, it provides a directory service used by message queue (MSMQ) to manage message queues that enable asynchronous operations. (For more information on message queue services, see the article on MSMQ.)

For more information on Active Directory, see Active Directory Overview, located at http://www.microsoft.com/windows2000/guide/server/features/dirlist.asp.

Next, we will focus on two new concepts introduced in Active Directory.

New architecture model of domain controller

The Active Directory component is installed to provide this directory service, called a domain controller. If you install Active Directory to a computer running Windows 2000 Server, the server is converted or upgraded to a domain controller for a specific domain.

When using Active Directory, all Windows 2000 Server Domain Controllers are peer-to-peer relationships that support multi-master replication, copy Active Directory information between all domain controllers.

This is an important system of architecture design, changing the main / rogue between the main domain controller (PDC) and the backup domain controller (BDC), Windows NT.

The difference in the earlier versions of Windows NT is that only PDCs have only PDCs in the old version reserve the read / write directory information master copy, and copy the read-only copy of the directory information to the BDC; Active Directory is used between the various domain controllers Multi-master replication, so administrators can now change from any domain controller. This will provide greater reliability if the domain controller (especially PDC) fails.

Integrated with DNS

Another important architecture design in Active Directory is its close integration with the domain name system (DNS). In Windows 2000, the Network Basic Input / Output System (NetBIOS) name is no longer a name resolution method that identifies the primary name of the network computer or printer. Instead, use a fully qualified domain name (FQDN) (such as "Server1.Microsoft.com") to identify. This means that the Active Directory domain now share the same named structure (or namespace) with the DNS domain. For example, in the old version of Windows NT, when you reference the same computer, you may be "Server1" under NetBIOS in the Windows network domain, and below the DNS domain may be "Server1.Microsoft.com". In Windows 2000, the computer is "Server1.Microsoft.com" in the Active Directory domain and DNS domain.

However, it is very important to distinguish between Active Directory and DNS. Although they work very close together, their respective stored data and objects are different.

DNS is a transmission control protocol / Internet protocol (TCP / IP) name resolution service, which stores resource records, mainly to convert domain names to the corresponding IP address. Although DNS can stand independently, its data can be integrated and stored in Active Directory, where DNS information is automatically copied to other domain controllers, which enhances the reliability and security of DNS services.

On the other hand, Active Directory is a directory service that stores domain object name requests and parses it to object recording data (such as replying to a request for computer network configuration information). To find the Active Directory server, first query the DNS server it specified by the Active Directory customer, find the IP address of this Active Directory server. According to the design, Active Directory requires DNS to work. In fact, during the installation process, if you can't find the DNS server on the network, you usually need to install a DNS server at the same time when setting the Active Directory domain controller.

For more information on how the DNS namespace is constructed and how DNS and how Active Directory is associated, see the article Setting Up A Domain Name System.

Set Active Directory Domain Controller

As mentioned in the Network and System Configuration Article, we have set up two servers as the Active Directory domain controller of the internal domain "INTDOMAIN.COM". We use a dedicated computer to set the first domain controller and set another domain controller on the management server for redundancy.

Since the domain controller must be able to access through the web server and the order processing server (for establishing a message queue) and two database servers set into clusters, they must be connected to the backend network, manage the network, or connect these two Network.

In the following part, we will show how to gradually set these Active Directory domain controllers, as well as the steps to set the Active Directory client for this domain.

Install the first domain controller

Follow the steps below to create a new domain and install the Active Directory service on a server so that the server is the first domain controller of the domain:

In the Start menu, click Run. Type DCPROMO and click OK. This will start the Active Directory installation wizard. After the welcome screen, the system will ask you to specify "Domain Controller Type" for the server. Keep the default option to set the server to the domain controller of the new domain. Next, you will be asked to create a new domain directory tree or create a new domain in an existing domain directory tree. In this example, a new domain directory tree is created for the internal domain. Next, the system will ask you to create a new directory forest or join an existing directory forest. Because this is the first domain, there is no existing catalog forest, so keep the default option to create a new domain catalog forest. As mentioned earlier, Active Directory in Windows 2000 is now using a fully qualified domain name (FQDN) as its primary naming rule. When the new domain name is required, type the FQDN of the internal domain (in this case we use "INTDOMAIN.com"). Active Directory is backward compatible with the old version of Windows NT, the latter uses the NetBIOS name as its naming rules. In order to be consistent, we choose the same domain name as the NetBIOS name. In this case, accept the default "intendomain" as a NetBIOS domain name. In the following two dialogs, the system will ask you to specify the location of the Active Directory database and activity logs, as well as sharing system volumes. To achieve better performance and recoverability, it is recommended to store databases and logs on different hard drives, respectively. To simplify this process, we choose to accept all the default locations. At this point, the installation wizard will try to contact a DNS server for the new domain. If there is already a DNS server using this domain, it can be found online, then the wizard will move to the next step; if it does not exist, the wizard will ask you to install and configure a DNS server on the same computer (as Active) A part of the Directory installation process, or want to install the DNS server later. It is recommended to keep the default option as the first choice, unless you really want yourself to set all DNS resource records. The dialog box that installed to the guide is related to security issues. If all the computers in this domain are running Windows 2000 (which is like this in Duwamish Online), select the permission options that are compatible with the Windows 2000 server. Then specify the Administrator password. Finally, a summary screen will be displayed to confirm your choice. If the information is correct, click Next to confirm. Restart the server when the configuration process is complete. Install another domain controller

Install an Active Directory domain controller more simpler than the first domain controller installed. Before starting this process, make sure this new server has the right to access the same network segment so that it can communicate with the first server. In addition, you need to specify an IP address of a DNS server (according to the previous suggestions, this should be the first domain controller), in turn, find this address when you look for a computer that acts as a domain controller.

To specify DNS servers

Right-click on the online neighbor and select Properties. In the Network and Dial Connection dialog box, right-click the local domain network connection icon and select Properties. Note If you have multiple network adapter cards on your computer to connect to different network segments (just like Duwamish Online network configuration), and you cannot determine which network card is connected to the internal network, you can disconnect directly to the internal network. The cable method is to identify the NIC. The result is manifested, and the icon that is disconnected will be displayed as disabled. Rename this connection accordingly before recovering the network cable. Select Internet Protocol (TCP / IP) and click Properties. In the Internet Protocol (TCP / IP) Properties dialog, select Use the DNS server address options below. Enter the IP address in the preferred DNS server field. (If the DNS server is set during the installation of the first Active Directory server, enter the IP address of the server. See on the "First Domain Controller" in front.) Click OK, Confirm this change. After specifying DNS, you can now install another domain controller.

To install a domain controller

In the Start menu, click Run. Type DCPROMO and click OK. This will start the Active Directory installation wizard. After the welcome screen, the system will ask you to specify "Domain Controller Type" for the server. Select an additional domain controller that sets an existing domain. Next, the system will ask you to enter a username, password, and domain name ("INTDOMAIN" in this example). When the system requires, enter a fully qualified domain name of a domain, which will become an additional domain controller for this domain. (In this example, "INTDOMAIN.com" is entered.) Similar to the first Active Directory server installed, the system will ask you to specify the location of the database and log, and the shared system volume. To simplify this process, we choose to accept the default location. After specifying the Administrator Password, the system will ask you to check and confirm the information on the summary screen. Click Next to start installing. Restart the server when the installation is complete.

Set Active Directory Customer

When you install Windows 2000, you will ask you to join an existing domain or workgroup. If there is no domain controller in installation, you can add this domain later.

Before starting this process, make sure that the computer has the right to access the same network segment so that it can communicate with this domain. Because when another domain controller is set, you need to specify the IP address of the DNS server.

The following steps describe how to join a computer in a new domain in Windows 2000.

Right-click on my computer and select Properties. From the System Properties dialog box, click the Network Identification tab and select Properties. From the Identification Change dialog box, click the Domain Options button (if not yet selected). Type the full name of the domain ("INTDOMAIN.com"). Click OK to confirm this change. You will ask you to enter domain username and password. To make changes, you need to restart the server.

summary

转载请注明原文地址:https://www.9cbs.com/read-126330.html

New Post(0)