AD DS Design
Single forest single domain is preferred
Time is important (PDC)
Implement multiple/backup domain controllers
2,150,000,000 objects per domain
FQDN less than 64 characters
FSMO (Flexible single master operation)
Schema master | Forest level | To make change into Schema in forest (such as implement Exchange, Lync) |
Domain naming master | Forest level | To add/remove domain in forest |
PDC | Domain level |
|
RID Pool master | Domain level | Assign RIDs (500/time) to DC |
Infrastucture master | Domain level | Objects reference in different domains |
# To check the FSMO servers
netdom query fsmo
# To transfer / seize
netdom /?
Install Domain controllers in the first site
# Install AD DS on the first DC
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
# # Windows PowerShell script for AD DS Deployment # Import-Module ADDSDeployment Install-ADDSForest ` -CreateDnsDelegation:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainMode "Win2012R2" ` -DomainName "vccware.com" ` -DomainNetbiosName "VCCWARE" ` -ForestMode "Win2012R2" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -SysvolPath "C:\Windows\SYSVOL" ` -SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) ` -Force:$true
w32tm /config /computer:BJDC01.vccware.com /manualpeerlist:time.windows.com /syncfromflags:manual /update
Change the DNS from 127.0.0.1 back in the network adaptor configuration
# Install AD DS on the second DC
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
# # Windows PowerShell script for AD DS Deployment # Import-Module ADDSDeployment Install-ADDSDomainController ` -NoGlobalCatalog:$false ` -CreateDnsDelegation:$false ` -CriticalReplicationOnly:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainName "vccware.com" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -ReplicationSourceDC "BJAD01.vccware.com" ` -SiteName "Default-First-Site-Name" ` -SysvolPath "C:\Windows\SYSVOL" ` -SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) ` -Force:$true
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。