two win2k server, configuration is as follows
1: computer name: server1
IP: 192.168.0.1
2: Computer name: server2
IP: 192.168.0.2
--------
--------------- - Case 1: Single domain, single domain controller --------------
Target:
Make server1 a domain controller with domain name test.com and server2 as member Server
AD needs DNS support, DNS can be installed before and after installing AD, it is recommended to install before AD installation, and manually configure
(1A) Install DNS (server1 Top)
1: Install the DNS service. (If you are doing DNS for forestroot, it is recommended to unload the original DNS on the machine first, including the DNS directory under system32. Then install the service)
2: Create a forward lookup zone, which is test.com. Reverse lookup zone fill in network number 192.168.0
3: Set two zones to allow dynamic update
4: Point DNS address to 192.168.0.1 in local connection
5 : Set primary dns suffix to test.com
6: Follow the prompts, restart, it is recommended to restart.
7: After restarting, I found that there is a record of server1 in test.com, indicating that everything is normal. There is a ptr record in the reverse zone
(note that the first domain name and computer name are not the same, if you do not do abc.com on the computer abc, otherwise the domain netbios name and computer by default Netbios name will be the same)
(1B)
According to the normal situation Dcpromo, choose to install the new domain domain controller, new tree, new forest.
There should be no information such as "DNS not found" during the installation process, which is normal.
After loading AD, look at the DNS test.com for four directories with SRV records. The directories are named TCP, UDP, MSDCS, and Sites. If there isn't one, restart the Net Logon service. If it still doesn't, it's a problem. Generally should be normal.
Also check the event viewer for any error logs about the directory service.
(1C) Set server2 to member server
Point dns to server1 on server2, modify primary dns suffix to test.com, restart, then add server2 to domian, on server1 Open ad user and computer, where you can see the computer account of server2 in the computer container. There will also be an A record for server2 in the DNS. Check the event viewer to make sure there are no bad records.
---------------- Case 2, Single Domain, Two Domain Controllers ---------
Target: server1 as the first domain controller, server2 as the second domain controller, domain name test.com
server1 installed the same as 1a, 1b.
For server2.
(2a)
1: Before installation, this machine belongs to the domain or the workgroup does not matter.
2: Point dns to server1 (192.168.0.1)
3: Modify primary suffix to test.com (suffix can be changed automatically, but manual change is always safe)
4: Restart the machine, it is recommended to restart.
5: Check the dns on server1, in the zone test.com will find a record of server2. If not, then there is a problem with the configuration, you can manually register with ipconfig /registerdns, then see if there is, if there is still, then there is a problem (dns is not set according to 1a).
(2b)
1:dcpromo, Startup Wizard
2: Select, install another domain controller into an existing domain
3: Follow the prompts, Enter the identity, this identity is the identity of enterprise admins, which is now the administrator of test.com and its password
4: select the domain to join, here is test.com
5: complete other options
< Br>(3c)
1: After installation, you can see the computer account of server1 and server2 in the domain controller ou in ad user and computer (ad u&c)
2: four of test.com of dns The srv record for server2 can be found in the directory (tcp udp msdcs sites, which is the srv record). If not, restart the netLogon service on server2 and try to re-register with ipcpnfig /registerdns.
3: You can add new objects to the two domain controllers and see if the mutual replication is normal.
4: Of course, other tools such as dcdiag, repmonitor can be used to check some problems, but this is a simple post, not to mention Ah.
5: Check the event viewer to make sure there are no bad records.
----------------Case 3, a forest, a tree, two domains ------
Installation After that, there is a tree in the forest, two domains: test.com, sub.test.com, where server2 is the sub DC.
About test. Com installation method, still refer to 1a, 1b
The following is the server2 installed as sub.test.com dc.
3a) dns configuration
1: On the dns of server1 (simple practice), create a zone of sub.test.com, set the dynamic update to yes
2: Point server2's dns to 192.168.0.1
3: modify server2's primary dns suffix to sub.test.com
4: restart
5: in sub.test.com this zone Find a record for server2
3b)
1:dcpromo
2: Select a domain controller to be installed as a new domain--put an existing tree
3: Fill in the identity information of enterprise admin (administrator/password/test.com)
4: Come out an interface, fill in the domain name, above is the name of the parent domain (test.com), fill in sub in the middle, below Auto-complete, display full name sub.test.com
5: Complete other options
3c)
1: After completion, in domain controller ou in server2 ad user and computer Find the computer account of server2
2: In the zone of sub.test.com of dns, you can find the srv record of server2 (four directories). If not, register it by 3c-2 method
3 : Look at the ad on server2 Whether the sub.test.com domain is displayed in the domain and trust tool (there is a sub under test.com)
4: Open the ad site and service to see if there is any site information, and the configuration partition is There is basically no problem with copying.
5: Check the event viewer to make sure there are no bad records.
---------------------------- Situation 4, a forest, two trees, two domains --- ------
After the installation is complete, server1 is dc for test.com, server2 is for dc of lab.com
4a)
1: Create lab on dns of server1. Com this zone, set dynamic update
2: point server2 dns to 192.168.0.1
3: modify server2 primary dns suffix for lab.com
4: restart
5 : Find a record of server2 in the zone of lab.com
4b)
1:dcpromo
2: Select the domain controller to be installed as a new domain--new tree--put one Existing forest
3: Fill in the identity information of the enterprise admin (administrator/password/test.com)
4: Fill in the tree name lab.com
5: Complete other options
< Br>4c)
1: After completion, you can find the computer account of server2 in the domain controller ou of server2 ad user and computer
2: you can find server2 in the zone of dns lab.com Srv record (four directories), if not, register by 3c-2 method
3: look at serv Whether the domain of lab.com is displayed in the ad domain and trust tool on er2
4: Open the ad site and service to see if there is any site information. Yes, there is no problem with the replication of the configuration partition.
5: Check the event viewer to make sure there are no bad records. In