About the author: A cloud computing network operation and maintenance personnel, sharing the technology and dry goods of network and operation and maintenance every day.
Motto: Keep your head down and hurry on your way, be respectful
Personal homepage: Homepage of Netdou
Table of contents
1. Active Directory and Domain Services
1. Active Directory (Active Directory, AD) concept:
2. Active Directory Domain Server (Active Directory Domain Server, AD DS)
3. Advantages/Features of Active Directory:
12. Lightweight Directory Services
1. Benefits of additional domain controllers
2. Windows single domain deployment steps
4. Join the client to the domain
foreword
This chapter will explain Windows Server - Active Directory and Domain Services.
Key points of this chapter
- Domain and Active Directory Concepts
- Domain Logical Structure
- Domain functional level and forest functional level
1. Active Directory and Domain Services
1. Active Directory (Active Directory, AD) concept:
Is a directory service in Windows networking.
Active Directory is a network service developed by Microsoft to manage users, computers and other network resources, and is the core directory service of enterprise networks. It provides a way to centrally manage and control enterprise network resources, including users, computers, applications, security policies, and more. Through Active Directory, administrators can easily centralize management and control of all resources on the network to ensure high availability, security and consistency of the network.
2. Active Directory Domain Server (Active Directory Domain Server, AD DS)
It is both a directory and a service.
It is a directory service developed by Microsoft Corporation to manage and organize users and computer resources on the network. AD DS provides security and convenience through centralized management of user accounts, group policies, shared folders, and other resources.
3. Advantages/Features of Active Directory:
- 1>Centralized management
- 2> Convenient access to network resources
- 3> Scalability
4. Domain
It is an implementation form of Active Directory and the core management unit of Active Directory.
Domain [Domein] is an implementation form of Active Directory, and it is also the core management unit of Active Directory. In a domain, a group of computers can be regarded as a management unit, and domain administrators can manage and control the entire domain.
For example, the city administrator can create a domain user account for each user in the active directory, so that they can log in to the domain and access the resources of the domain, and the domain administrator can also control the behavior of each domain user, such as controlling whether the user can log in , When to log in, or what operations can be performed after logging in.
A domain consists of domain controllers and member computers. A domain controller (Domain Controller, DC) is a computer on which the Active Directory service is installed.
5. Namespace
is the name of a region.
- eg: XXX School - Class 2 - Zhang San
- benet.com (DNS architecture mode)
6. Object
- Consists of a set of attributes, representing specific transactions, such as users, printers, computers, and so on.
- Attribute (Attribute) is the data used to describe the object, such as the user's name, email, address, etc.
7. Container
The role is to store objects, which can contain a group of objects or other containers.
8. Organizational Unit (OU)
Is an internal container that can contain various objects in the domain, such as users, groups, computers, printers, and other OUs.
9. Group Policy
Group policies can be configured in many ways for computers or users, including security configurations and desktop working environment configurations.
10. Domain structure
1>Logical structure
Single Domain, Domain Tree, Domain Forest, Organizational Unit
2>Physical structure
site, domain controller
Site (Site) is a physical range, corresponding to a high-speed and stable IP subnet, such as a local area network within an enterprise. Sites
play a very important role in active directory replication. Administrators can manage active directory data in multiple domain controllers To optimize the efficiency of intra-site replication (local area network) and inter-site replication (cross-wide area network).
The function of synchronizing active directory data in a multi-domain control environment, the domain controller saves a copy of the active directory information, and is responsible for copying the information and its latest changes to other domain controllers, so that the information on each DC is kept in sync .
11.SID
SID is the abbreviation of Security Identifier (Security Identifier), which is an identification form used in Microsoft Windows to uniquely identify security subjects such as users, groups, and computers.
12. Lightweight Directory Services
Lightweight Directory Service (LDS for short) is a Microsoft Windows Server technology for managing network resources and user accounts.
It can be considered an add-on that extends the functionality of Active Directory Domain Services (AD DS). LDS provides an independent directory service that can provide LDAP (Lightweight Directory Access Protocol) infrastructure so that users can query and edit shared directories.
Compared to AD DS, LDS does not require a domain schema, which makes it easier to deploy and use.
2. Deploy Windows Domain
1. Benefits of additional domain controllers
1>Provide fault tolerance
2>Provide load balancing
3>Easier connection and access for users
2. Windows single domain deployment steps
(1) Preparation before deployment
- A Windows server 2016 server
- A Windows 10 PC
- DNS infrastructure support (DNS can also be installed at the same time as AD DS is installed).
- At least one partition of the local disk is NTFS file system.
- Configure a static P address and subnet mask.
- There is sufficient free disk space.
3. Install Domain Controller
(1) After logging in with the administrator account (Administator), click "Add Roles and Features" in the Server Manager window
(2) In the "Server Role" interface, check the "Active Directory Domain Services" check box, and click the "Next" button
(3) In the "Confirmation" interface, click the "Install" button,
The remaining configuration defaults to the next step
(4) Click the yellow exclamation mark icon above the "Server Manager" window, and then click "Promote this server to a domain controller"
(5) In the opened "Active Directory Domain Services Configuration Wizard" window, click the "Add New Forest" radio button, and then enter the domain name in the "Root Domain Name" text box, this example is benet.com, click " Next" button.
(6) In the "Domain Controller Options" interface, select the forest functional level of the new forest and the root domain, enter and confirm a
password that complies with the password policy, and click the "Next" button.
(7) Confirm the NetBIOS domain name in the "Other Options" interface, and then click the "Next" button,
(8) In the "Path" interface, accept the default location, click the "Next" button,
(9) In the "View Options" interface, list the relevant selection information for deployment, and click the "Next" button after checking
[10) In the "Prerequisite Check" interface, check all the selections. If any item is incorrect, you can click the "Back" button and go back to modify it.
If there is no problem, click the "Install" button, as shown As shown in Figure 2.10.
(11) Start to install and configure the active directory service, as shown in Figure 2 and 11, when the installation is complete, the system will automatically restart.
(12) In the "Server Manager" window, click "AD DS" to view the domain status.
After the installation of Active Directory is completed, the current computer will be upgraded to benet.com domain controller, and the local users on this computer will
be upgraded to domain users, and there is only one computer in this domain.
4. Join the client to the domain
Conditions for a client to join a domain
For a computer to join a domain online, the following two conditions must be met
- Make sure that the computer and the city controller are communicating with each other.
- Configure the correct DNS address (in this example, the DNS server is the domain controller, so the address of the DNS server is the IP address of the domain controller)
(1) Open the computer properties, click the "Change Settings" button to open the "System Properties" dialog box.
(1) In the "System Properties" dialog box, click the "Change" button to open the "Computer Name/Domain Change" dialog box, click the "City" radio button in the "Belongs to" option group and enter the domain name " benet.com" and click the "OK" button.
(3) Enter the account and password of the city user in the opened "Windows Security" dialog box. Click the "OK" button
(4) A pop-up prompt box for successfully joining the domain, click the "OK" button, and then restart the computer to log in to the domain with the domain account.
Creation is not easy, please pay attention, like, collect, thank you~