Table of contents
3. The client joins the domain
4. Graphical creation of OU (organizational unit)
Today I want to introduce to you the installation of the domain control management service under Windows Server.
What is domain control management service? To put it simply, it is a service used in enterprises to manage employees' computers in a unified manner. This service is generally installed in the server of the enterprise intranet. In order to take care of most beginners, today I will show you the relatively basic and simple functions. You can explore other advanced content by yourself, or you can chat with me privately.
1. Clone the virtual machine
Before installing the domain control service, we first need to create another virtual machine to verify whether it can join the domain after the domain control service is installed.
First shut down the virtual machine and select clone
The clone can only be created when the virtual machine is shut down or the snapshot is shut down
It is recommended to create linked clones to reduce storage space usage
The name and location can be adjusted according to your actual situation
When finished, click Close to start the virtual machine
It can be turned on normally, then we will configure the domain controller on the server next.
2. Install Domain Services
In the Server Manager panel, select Add Role
Check the middle domain service
After clicking install, don't rush to click close, don't click close, don't click close! ! ! !
Say important things three times
After the installation is complete, click here to configure the domain server
Create a domain name, generally xxx.xxx, here you can create a domain name according to your own needs
Create a password
Do not create DNS delegation
NetBIOS selects the default, then the next step
Here it is suggested to use a static IP, but you can also install domain services without configuring a static IP. If you can not install it, we will not configure it first, and then configure it when it is used.
Wait for the installation to complete
After the installation is complete, the virtual machine will automatically restart
After the installation, we can find that our domain name appears in front of the user name, because we are now logging in to this device as a domain controller administrator
AD appears in the server manager panel, and our domain service installation is complete
3. The client joins the domain
At this point, we need to make some settings on the clone machine, point the DNS to the server, so that we can join the domain
First, ensure that the two virtual machines can communicate with each other. I use NAT in the network mode
Right-click the network on the clone machine and select Open Network and Sharing Center
Select the network card, right click to open properties
double click internet4
Go back to the server now
Press and hold win+R, enter cmd and press Enter to enter the command line interface
Enter ipconfig and press Enter to view the IP of the server
Then in the clone machine, the DNS server fills in the IP of the server
After the configuration is complete, enter ipconfig /all on the command line interface of the clone machine
Check the information here, is it the IP of the server
It can be seen that the configuration is successful
At this point we come to choose to join the domain
On the server manager interface of the clone machine, open the local server, find the workgroup on the right, and click the name of the group
Enter the domain name and click OK
If this pops up, it means that the link is successful. If it does not appear, it may be a network connection problem. Check whether the virtual machine network card of your computer is disabled.
Now we need to enter username and password to be able to join the domain
When a computer joins a domain, it cannot be logged in as a local user, but only as a domain user.
After clicking OK, this pops up
This is because of the cloned virtual machine
Solution:
Press and hold win+R, enter sysprep and press Enter
Double click to open
Be sure to check General, then click OK and wait for the restart
After restarting, perform some system initialization settings, and you will be fine.
After finishing, reset the DNS again according to the steps just now, and rejoin the domain
Join successfully, click OK to restart automatically
After restarting, open the server manager panel, open the local server, and you can see the domain name
4. Graphical creation of OU (organizational unit)
Joining the domain can verify that our domain control service configuration is no problem, and then perform some common basic configurations for the domain control service
Next, we create two OUs, also called organizational units, whose names are Digital Industry College and Intelligent Manufacturing College
Open Server Manager - Tools - Users and Computers for Domains
Right-click the domain name and select New Organizational Unit
Follow the same method to create a school of intelligent manufacturing
5. Command line to add group
Next, let’s go to the advanced content, use the command line interface to create groups for the above two organizational units, named Digital Industry College User Group, Intelligent Manufacturing College User Group;
(Graphical operations can also be performed, just like OU, just select a group when creating a new one)
Open start, select power shell
Command: dsadd group
dsadd group cn=数字产业学院用户组,ou=数字产业学院,dc=lcc,dc=edu -samid 数字产业学院用户组 -scope g -secgrp yes
The command information can be understood by referring to the above figure
What I said here is the first time I typed a character wrong, and it succeeded after the modification
You can see that the creation is successful, and the same method is used to create another
dsadd group cn=智能制造学院用户组,ou=智能制造学院,dc=lcc,dc=edu -samid 智能制造学院用户组 -scope g -secgrp yes
6. Script to add users
The more advanced point is to use scripts to create users in batches
Modify user.csv as follows
Modify adduser1.bat as follows
Note that the domain name (@lcc.edu) should be replaced by your own
@echo off
For /F "tokens=1,2,3,4,5,6 delims=," %%a in (.\user.csv) do dsadd user cn=%%e,ou=%%b,dc=%%c,dc=%%d -samid %%a -upn %%[email protected] -display %%e -pwd %%f -disabled no -acctexpires never -pwdneverexpires yes
pause
Put adduser1.bat and user.csv into the virtual machine
Note that it should be in the same directory
Double click the bat file
Created successfully
Next test whether the users we created are available
Select the server, log out, select to log in other users
Log in to any account of test1-6, the password is Admin@123
Note that the name should be added with a domain name, such as [email protected]
It shows that login is not allowed, which proves that our account is available, but because of security settings, this user is not allowed to log in to the domain server