Construction of domain environment
domain and Active Directory
domain environment: centralized management, unequal status, there are strata containing server (domain controller)
domain (domain): the organization's network to multiple computers logically centralized management together, this environment called the domain
domain controller (domain controller): stores the user account and security database for the entire domain (each domain has at least one)
Active Directory (the Active Directory)
Windows network directory service
provides a way to store information about network objects and network users to use the data
features: centralized management, and convenient network resources (user / group accounts, shared folders, printers, etc.) access
users need only log in once to access the entire domain network
scalability
Domain and domain forest trees
domain tree: a plurality of domain name space is a continuous
Lin: a composition of one or more domain tree
root domain forest: a first root domain of the domain tree directory
Creating AD
Environmental requirements:
the hardware configuration of high
system is a server version of
administrator rights
disk space,
network connectivity
disk format:
NTFS support
Dns support
Step:
https://jingyan.baidu.com/article/4e5b3e19f3063191911e2463.html
join the domain: client setup DNS, computer property changes
Cmd: Uslookup domain DNS Commands
Cmd: dsa.msc to open the Domain Users
Create a domain user:
login name is the only domain
display name is the only vessel
The domain user is bound to a dedicated computer - User Properties - Account - Login to - Enter the computer name
Type group:
Security Group: setting user permissions, can also be used for e-mail communications
distribution groups: mail for communication
action group to:
local groups: for this domain
global domain: for the entire forest and the trusted domain
universal group : for the entire forest and domain trust
trusted domain:
Rights allocation rules: AGDLP domain account to join the global group global group then joined the regional group, to give domain local groups to assign permissions
Organizational Unit OU
container: effective organization Active Directory objects
design approach: According to the department, according to geographic location, based on the type of object
is created, right-create
deleted View - Advanced - Right-To delete an object inside the cancel property accidentally delete option.
operation: