A year ago, participated in the deployment of super large Active Directory, scope throughout the country. I feel that Microsoft's Active Directory is a fairly complicated thing. Microsoft completed the work of most of Windows, not to inform users. I admire Microsoft's confidence at this point. But it has brought a lot of trouble to managers.
The following is provided with some experience of installing deployment activity directories.
Active Directory is quite serious for DNS dependence. In order to deploy a normal working AD, most of the work is actually in deploying DNS. Moreover, most of the faults of AD are caused by DNS operations or have problems with resource records. Preferably, the DNS service configuration is appropriate before installing the AD, modify the DNS suffix of the computer to be installed. And use the ipconfig / registerdns command to register the computer name into the DNS. Although Windows will automatically complete these work without doing these installation ADs. But according to my experience, more than ten times will be in the DNS after the installation is not normal. If you need to install the subdomain, it is best to delegate the DNS service of the subdomain. The domain controller that delegates the sub-domain work to the subdomain can avoid too much a load of a DNS server. Of course, set the transitioner to be set on the DNS of the subdomain.
Even according to these operations, use the DCPROMO command to install the DNS in the management tool in the restart, may find that there is no appearance of _msds, _dc, _tcp, _UPD four resource records at the domain name. If so, these resource records may occur later after booting. This is because Windows starts when Netlogon and DNS Server are not necessarily. Netlogon is responsible for registering these resource records on DNS Server. If your luck is not good, start Netlogon after starting DNS Server, then you can not complete the registration. The solution to this problem is to first point the preferred DNS to DNS in this domain. Then restart the DNS Server service and restart the Netlogon service.
For example, the installation domain controller is running the DCPROMO installation, Windows is still busy setting two shared directories for Sysvol and Netlogon. If you think that the export domain controller or sub-domain controller is installed after the installation of the burst, the result is that the sect of the controller is not normal.
