What is the AD domain server used for?
The role of the AD domain server is:
1. Centralized security management and unified security policy .
2. Software centralized management, according to the company's requirements, all machines can only run necessary office software .
3. Centralized management of the environment, using AD can unify the client desktop, IE, TCP/IP and other settings .
4. The active directory is the foundation of the enterprise infrastructure and lays the foundation for the company's overall unified management.
Domain Type:
One is international top-level domain-names (iTDs for short), also called international top-level domain names. This is also the earliest and most widely used domain name. For example, .com .top represents a business enterprise, .net represents a network provider, .org represents a non-profit organization, etc.
What is the main role of AD domain controller and what are its benefits
1. The role of the domain: If there are a large number of computers and users in the enterprise network, to achieve efficient management, it is necessary to create a Windows domain.
2. Domain controller installation: To establish a domain for management, you first need to install a domain controller (dc), which stores information resources in the domain, such as name, location, and feature description. By installing Active Directory (AD) on a server, the computer is installed as a DC.
Installation conditions:
1. The installer must have local administrator rights.
2. The version of the operating system must meet the conditions (Windows server2003 meets all requirements except web).
3. The local disk must have an NTFS file system
4. With TCP/IP setting
5. There is a corresponding DNS server support
6. Have enough free space
3. Install Active Directory (AD)
1. Open ad to start--run and enter dcpromo
2. Whether to create a new domain. DCs have two types of domain controllers for new domains and additional domain controllers for existing domains. Generally select the domain controller of the new domain.
3. The DNS full name of the new domain. Such as ruirui.com.cn
4. The NetBIOS name of the new domain. Next step
5. Database and log folders. To optimize performance, the database and logs can be placed on different hard disks. The folder doesn't have to be on an NTFS partition. If this computer is the first domain controller of the domain, the sam database will be upgraded to C:\windows\ntds\ntds.dit, and the local user account will become a domain user account.
6. Shared system volume. The location where the SYSVOL folder of the shared system volume is stored must be an NTFS file system.
7. DNS registration diagnosis. AD needs DNFS service support.
8. Domain Compatibility. If there is no domain controller of versions earlier than Windows server 2003 in the network, choose the second option. If it exists, select the first item.
9. Restore mode password. The administrator password of the directory service restoration mode is used when logging in to the system in the directory service restoration mode. Since the directory service restore mode, all domain account users cannot use it, only the administrator account of this restore mode can be used to log in.
10. After the installation is complete, the computer needs to be restarted.
I explained how to create a windows domain, now I will improve it and explain how to add a computer to a domain. After AD is installed, other servers and client computers need to be added to the domain. Normally, when joining a domain from a client computer, a computer account is automatically created in the domain. However, users must have administrative rights on the local client computer to join it to the domain.
Before joining the domain, first check the client's network configuration:
1. Ensure physical connectivity on the network
2. Set the IP address
3. Check whether the client is connected to the server
4. Configure the preferred DNS server of the client (usually the IP of the first DC) In the "Computer Name" tab in the system properties of the client computer, click the Change button to open the dialog box for the computer to join the domain, select the domain After that, enter the correct domain name, and then follow the prompts to enter the user name and password with permission to join the domain. This is OK! After joining the client computer to the domain, you can use the domain account on the client computer to join the domain, or you can use the client computer's local user account to log in to the domain. DNS has been mentioned before, and the role of DNS in the domain will be explained below.
DNS has two functions in the domain: The domain name adopts the DNS standard and locates the DC.
1. The naming of the domain name adopts the DNS standard. The company wants to create the first domain, the domain name is ruirui.com.cn. The Shanghai branch should become a subdomain, and the domain name is sh.ruirui.com.cn. These follow the standard of DNS's distributed, hierarchical structure. This reflects the concept of integrating the office network with the Internet.
2. How does the client locate the DC. When a domain user account logs in or searches the active directory, the DC must first be located, which requires the support of the DNS server.
The main steps:
1) The client sends a DNS query request to the DNS server.
2) The DNS server queries for matching SRV resource records.
3) The DNS server returns the ip address list of the relevant DC to the client.
4) The client contacts the DC
5) DC responds to the client's request why DNS can play a role in locating DC in the active directory. Mainly rely on the SPV resource records in the DNS zone of the domain. Start--Programs--Management Tools--DNS, open the DNS manager, which is the SRV resource record.
What are the benefits of using an AD domain for computers, and is there any useful software? ? ?
AD domain is safer than workgroup in terms of management, and it is easy to share information and manage computers. The AD domain management tool ADhelper is currently better. Supports web management, allowing you to easily manage AD domains.
May I ask what is the AD domain and what is the role? It is best to be easy to understand, thank you
(Transferred) AD (active directory) Active Directory, dynamically establishes a database or index of objects in the entire domain model network, the protocol is LDAP, and the server with AD installed is called a DC domain controller, which stores the objects of the entire domain information and updated periodically
What does AD domain mean?
The full name of AD is Active Directory. The AD domain is an independent operating unit in the Windows network, and mutual access between domains requires the establishment of a trust relationship (that is, Trust Relation). A trust relationship is a bridge connecting domains to domains.
The two domains can not only manage each other as needed, but also allocate device resources such as files and printers across the network, so that different domains can realize the sharing and management of network resources, as well as mutual communication and data transmission.
Extended information:
Difference between workgroup and domain
1. The working group network implements a decentralized management mode. Each computer is independent, and the user account and authority information are stored in the machine. At the same time, the workgroup is used to share information. The authority setting of the shared information is set by each computer . computer control . The list of workgroup computers that can be seen in My Network Places is called the browse list, which is provided by the browse master server through broadcast query.
The domain network implements the master/slave management mode. A domain controller is used to centrally manage user accounts and permissions in the domain. The account information is stored in the domain controller, and the shared information is scattered in each computer, but the access rights are controlled by unified management . This is the biggest difference between the two.
2. In the "domain" mode, access to resources is strictly managed. At least one server is responsible for the verification of each computer and user connected to the network, which is equivalent to the guard of a unit, called "domain control". (Domain Controller, abbreviated as DC)".
3. The domain controller contains a database composed of information such as accounts, passwords, and computers belonging to this domain. When a computer is connected to the network, the domain controller must first identify whether the computer belongs to the domain, whether the login account used by the user exists, and whether the password is correct.
If any of the above information is incorrect, the domain controller will deny the user from logging on from this computer. If you cannot log in, the user cannot access the resources protected by the authority on the server. He can only access the resources shared by Windows as a peer-to-peer network user, which protects the resources on the network to a certain extent. The working group only conducts information and security authentication of the local computer.
Reference source: Baidu Encyclopedia - windows domain
What is the use of adding a company computer to an AD domain?
AD Domain Item Description
1. Centralized authority management and reduced management costs
In a domain environment, all network resources, including users, are maintained on the domain controller for centralized management. As long as all users log in to the domain, they can perform identity verification in the domain. Managers can better manage computer resources, and the cost of network management is greatly reduced. Preventing company employees from installing software on the client at will can enhance client security, reduce client failures, and reduce maintenance costs. Through domain management, software and patches can be effectively distributed and assigned to realize joint installation in the network and ensure the uniformity of software in the network. Restrict employees from surfing the Internet and prohibit access to non-working websites.
2. Enhanced security performance and clearer permissions
It is beneficial to the management of some confidential information of the enterprise. For example, a certain disk allows one person to read and write, but another person cannot read and write; which file can only be read by one person; Cannot delete/modify/move etc. The USB port of the client can be blocked to prevent leakage of the company's confidential information. Security is fully integrated with Active Directory. Access controls can be defined not only on each object in the directory, but also on attributes of each object. Active Directory (Active Directory) provides the storage and application scope of security policies. Security policies can contain account information such as domain-wide password restrictions or access rights to specific domain resources; security policies are delivered and enforced through Group Policy settings.
3. Account Roaming and Folder Redirection
The work files and data of personal accounts can be stored on the server for unified backup and management, making the user's data more secure and secure. When the client computer fails, you only need to use other client computers to install the corresponding software to log in with the user account, and the user will find that his files are still in the "original location" (for example, my documents), and there is no loss, so that the user can save files faster perform fault repairs. When the server is offline (failure or other circumstances), the "offline folder" technology will automatically let the user continue to work with the local cached version of the file, and synchronize with the file on the server when logging out or logging in to the system, ensuring that the user's work will not be interrupted. will be interrupted.
4. It is convenient for users to use various shared resources
The administrator can assign a login script to map the root directory of the distributed file system for unified management. After logging in, the user can use the resources on the network just like using a local drive letter, and does not need to enter the password again, and the user only needs to remember a pair of username/password. The access, read, and modification permissions of various resources can be set, and different accounts can have different access permissions. Even if the location of the resource changes, the user does not need to do anything. The administrator only needs to modify the link point and set the relevant permissions. The user will not even be aware of the change of the resource location, and does not have to remember which resource is on which server as before. on the server.
5. SMS System Management Service (System Management Server)
By being able to distribute applications, system patches, etc., users can choose to install them, or they can be assigned to be installed automatically by the system administrator. And it can manage system patches (such as WindowsUpdates) in a centralized manner, so that each client server does not need to download the same patch, thus saving a lot of network bandwidth.
6. Flexible query mechanism
Users and administrators can use the Search command on the Start menu, My Network Places, or Active Directory Users and Computers to quickly find objects on the network through their properties. For example, you can look up users by first name, last name, email name, office location, or other attributes of a user account. Optimize lookup information by using the global catalog.
Seven, good expansion performance
The active directory of WIN2K has strong scalability, administrators can add new object classes in the plan, or add new attributes to existing object classes. A schema includes the definition of each object class and the attributes of the object class that can be stored in the directory.
Eight, easy to integrate in MS software
如ISA、Exchange、Team Foundation Server、SharePoint、 SQL Server等。
9. Domain Planning Suggestions
1. System integration In the process of enterprise network maintenance, a single-domain single-site management mode is adopted to build AD and BAD, that is, the primary domain controller and backup domain controller, and the OU (organizational unit) mode is adopted for centralized management below it. Various departments and computers. This kind of management mode reduces the cost, and reduces the complexity of management and the amount of maintenance.
2. AD (Principal Domain Controller): Management of all rights of the company, user creation, management of various policies, software, etc. and implementation to each computer.
3. BAD (Backup Domain Controller): Adopt exactly the same settings as AD, inherit all the management information on AD, prevent the company computer from being unable to log in to AD and use network resources after AD fails, and make the BAD server into a WSUS server (windows patch server), which manages the download and installation of patches for all computers in the company. If necessary, it can also integrate an ISA SERVER server to manage and control the company's network (online behavior management)
4. The server configuration of the domain is recommended to be XEON 2.8G 4G memory, the hard disk depends on the demand, the hard disk is RAID, and the AD data is regularly backed up completely, incrementally, and off-site.
Reposted from: What is the use of the ad domain (what is the function of the ad domain)_IT Teaching Network