DC and DNS method is not built on the same host (DNS do do first DC)

purpose:

① For DNS, you can understand SOA (Start of Authority) and NS (name server), respectively, what role
② For DC, understand the significance of SRV records exist

ready:

三台虚拟机，分别作为DNS服务器、DC服务器、客户端。
IP分配：
DNS服务器：192.168.22.1
DC服务器：192.168.22.2	首选DNS：192.168.22.1
客户端：192.168.22.3	首选DNS：192.168.22.1

DNS to build

1. Open the "Server Manager", click "Add Role"

2. Click "Next"
3, check the "DNS Server" and click "Next"
4. Click "Next", click "Install"
5. Installation success, click "Close"
6, open [start] - Administrative tools - DNS
7, right-click "forward lookup Zones", click on "New Zone", click "Next"

8, select the "main area", click "Next"

9, enter "zone name", click "Next" and click "Next"

10, be sure to select "Allow non-secure and secure dynamic updates"Click" Next ", click" Finish "

11, because he is the master server, so be designated as point man himself, so we have to build strip A (Host) record. Right-click the domain name, click on the" New Host A record " enter the "name" and "IP address", click "Add host"

12, right-click the field to open the "properties"

click "start of authority", the "main server" points to yourself, click on the "apply"
If you use the default DNS configuration, again with DC, the result will fail, so it is necessary to modify the DNS records SOA and NS records point to themselves.
SOA effect (start of authority): defines the region which name server is authoritative name server.
NS (name server) role: that the primary and secondary servers in the region authoritative server and SOA in the region specified.

click on the "name server", click "Add"

to add domain names and IP addresses that you create, click "OK" here, DNS-related modification is completed, you can install the DC.

Creating DC server

1. Open the "Server Manager", click "Add role", click "Next"
2, check the "Domain Service", click on "Add Required Features"
3. Click "Next", click "Install"
4, "Windows + R" to open the command line, enter "dcpromo", click "OK" open domain services installation Wizard

click "Next"

click "Next"
select "Create a new domain in a new forest", click "Next"
enter DNS domain name was created, click Next
"forest functional level" and "domain functional level" must choose "Windows Server 2003", click "Next"
must be hereRemove the DNS server option.Because the DNS has been created on another computer, and click Next, will pop up a warning box, click Yes to

Click Next, set a password for the service
click "Next" until the installation is complete, restart the computer

after computer restart, refresh the DNS Manager, if you see a domain which added four new folder, installation is successful,

Client Authentication

1, the client join the domain (Open Computer Properties, click Change settings, click Change, join the domain)
to join the domain successfully and see the records in the DNS, the server creates success.

Note the question:

确定DC的IP地址，必须使用静态的IP
需要关闭防火墙
在DNS上创建的主域需要与DC上的域一样
DNS需要修改SOA记录和NS记录来指向自己
DC在搭建是一定不要勾选DNS服务