[Create parent domain and subdomain]

Enterprise 2023-04-17 06:49:49 views: null

foreword

This is some practical operation of [Windows Server 2016 server configuration and management]. The
following are some simple records in the process of my own experiments. There may be minor mistakes. Welcome to correct me!
Slogan: If you die every day, your merits will not be donated! ! !

Questions and Answers

1. How to judge whether two domains are parent-child relationship?

According to the domain name, the domain names of the parent and child domains are consecutive.
For example, taking a school as an example, the parent domain is hda.edu.cn;
the subdomain can be ais.hda.edu.cn

The domain name of the subdomain is based on the domain name of the parent domain and continues on the left.

2. If the parent domain and subdomain are associated with the management level of the enterprise, what are the mapped objects? (for example)

Taking a group as an example, the parent domain will correspond to the core management and departments (science, education, hotel) in the enterprise, and they are highly related to each other.

Subdomains correspond to the business layer or other auxiliary layers under the core management layer. Objects in a subdomain are more closely related to each other, and there are obvious differences in management functions between different subdomains.

3. If the domain data on multiple domain controllers in the extra domain is the same, is there any relationship between the data on the domain controllers of the parent domain and the child domain?

Extra domains, strictly speaking, are extra domain controllers, which are in the same domain as the primary domain controller, so share the same domain data;

As for the parent domain and child domain, they are two different domains, so their domain data is independent of each other.

4. In the process of upgrading the domain controller, what is the difference between the options of the parent domain and the options of the child domain?

Select "Add a new forest" for the parent domain
Select "Add a new domain to an existing forest" for
the child domain Select "Add a domain controller to an existing domain" for the extra domain

5. What is the trust relationship between the parent domain and the child domain?

A domain is a security boundary, and this security is the responsibility of the domain controllers in this domain. To share resources in this domain, it is necessary to create users in this domain and grant permissions.

Different domains are originally responsible for the authentication of their own users.

The parent domain and child domain are natural trust relationships. It means that users in the parent domain are trusted by the sub-domain, and can be authenticated by the DC of the sub-domain and given corresponding access rights.

1. Purpose of the experiment

  1. Learn to install Active Directory;
  2. Understand the role of domain controllers;
  3. Understand the relationship between domain controllers for parent domains and domain controllers for child domains.

2. Experimental content

  1. Start three virtual machines A, B, and C, where A and B are Windows Server 2016, and C is XP. In this experiment, A will be set as the root domain controller (the first domain controller in the active directory, Also DNS server, global catalog server), B is the second domain controller in the domain of A, and C is the client in the active directory;

  2. Configure the IP addresses of the three hosts A, B, and C so that the three hosts are all in the same physical network segment;

  3. Add the role "Active Directory Domain Services" on A, install Active Directory, and upgrade A to a root domain controller (Note: A will be turned into a DNS server at the same time during the installation process); then, create a new user user1 on A.

  4. Add the role "Active Directory Domain Services" on B, install Active Directory, make B a subdomain of A, and then add user user2 on B.

  5. View the trust relationship between the parent domain and the child domain in the "Active Directory Domain and Trust Relationship" window;

  6. Add C to the domain where A is located (Note: The method of joining the domain is to select the "Computer Name" tab in C's "My Computer" properties, and select "Change");

  7. Log off the administrator on C, log in to the parent domain and child domain with user1, and observe the phenomenon.

  8. On C, use user2 to log in to the parent domain and the subdomain respectively, and observe the phenomenon.

3. Experimental results (including procedures, data recording and analysis, and experimental summary)

1. IP address configuration of the three hosts.
insert image description here
2. After completing step 3, open the "Active Directory Users and Computers" on the management tool of machine A, observe its contents and take screenshots. Open the DNS interface, observe the content in the forward area and take a screenshot.
insert image description here
insert image description here

3. In step 4, observe the content in the "Active Directory Users and Computers" management tool of A and B (screenshot), what is the relationship between A and B?

insert image description here
A machine

insert image description here
B machine

AB is the parent-child domain relationship

4. After completing step 5, view the trust relationship between the parent domain and the child domain (screenshot).
insert image description here

5. In step 7, can user1 log in to the parent domain and child domain on C (screenshot)? Why?
insert image description here
user1 is a user created on the parent domain, and can log in to the parent domain naturally. After the subdomain is successfully created, it is in the same domain as the parent domain, and the subdomain is given corresponding access rights to share resources in this domain. , so user1 can also run in the subdomain. And C has joined the domain where A is located, so user1 can log in to the parent domain and subdomain on C.

6. In step 8, can user2 log in to the parent domain and child domain on C (screenshot)? Why?
insert image description here
Similarly, user2 is a user created on a subdomain, and can log in to the subdomain naturally. After the subdomain is successfully created, it is in the same domain as the parent domain, and the subdomain is given corresponding permissions to access the parent domain. Resources in this domain, so user2 can also run in the parent domain. And C has joined the domain where A is located, so user2 can log in to the parent domain and subdomain on C.

4. Experimental summary:

This experiment took a long time, and the problem was mainly in the creation of the sub-domain . After this experiment, I have a deeper understanding of the parent-child domain. I am deeply impressed by the operation process of this experiment, because it really took a lot Time, I hope I can learn a lesson, lay a solid foundation, and finish faster and more efficiently next time.

Guess you like

Origin blog.csdn.net/m0_62279905/article/details/127208354
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com