Part 1: Introduction to the basic concepts of Active Directory
1. What is Active Directory
Active Directory is a kind of directory service which includes three functions: organize the resources in the network provide management of resources and control of resources. The service of Active Directory uses information about various resources in the network Save it in a database to provide users and administrators on the network with access management and control of these resources. This database is called the Active Directory database. Through Active Directory Service administrators can realize centralized management of the entire network.
2. What is a domain and a domain controller
A domain is an implementation form of Active Directory and it is also the core management unit and replication unit of Active Directory. A domain is controlled by a domain. And member computers. A domain controller is a computer on which Active Directory Service is installed. On the domain controller each member computer has a computer account and each domain user has a domain user account. Domain administrators can implement the management of domain user accounts and computer accounts and other resources on the domain controller. The domain is also a kind of replication unit. We can install multiple domain controllers in the domain and the domain administrator can create and modify Active Directory objects on any domain controller. The domain controllers can be automatically synchronized or replicated such an update.
3. What is an organizational unit?
It is an object in Active Directory but it is a container type object which means that OU can contain other objects. Using OU we can organize objects in the domain to facilitate the management of the domain. For example the management of user accounts in different departments of a company in a domain. Using OU you can also achieve delegated management control and different group policies on different OUs. Delegated management control means we can assign one or more administrators to each OU. Let OU administrators manage objects in their own departments. Each OU can implement different group policy settings we can set the user's working environment the user's software installation etc. . . . . .
4. What is a tree forest and trust relationship
Active Directory can be implemented through a hierarchical structure. The tree refers to such a logical structure composed of the root domain and subdomains and the subdomains of the subdomains. The forest is composed of multiple trees. Within a tree the parent domain and the child domain trust each other. We call this trust relationship parent-child trust. In a forest trees and trees also trust each other. This trust relationship is called a tree. Root trust. The trust relationship in the forest is two-way transferable. Two-way means that trust is mutual and transferable means that an indirect trust can be established between domains and domains through this trust relationship.
With these trust relationships when a user in one domain logs in he can access resources in other domains throughout the forest.
5. What is a site?
A site is a physical structure of Active Directory. The purpose of a site is to optimize the replication between domain controllers. When a domain spans different cities At that time the connection speed between the city and the city is slower than the connection speed of the LAN. In order to control the replication traffic of direct domain controllers in different cities it can be achieved through sites. There is a site connection between each site. By configuring site connections we can control when the domain controllers between different sites come Perform a copy. You can configure replication during non-working hours to complete synchronization between domain controllers. Can reduce the domain controller occupies WAN bandwidth during working hours.
6. What is the Active Directory Architecture?
It is a definition of the objects in the Active Directory. The way of definition is the composition of data defined in a structured way. It defines these structures by describing metadata which usually includes attribute names types lengths relationships etc. It looks like a field definition in a relational database. It also includes some extended attributes.
GPMC is the Group Policy Management Console which is completely different from the traditional Group Policy Editor on Windows 2000/2003 Server. It consists of a brand new MMC management unit and a The complete set of scripted interfaces provides a centralized group policy management solution which can greatly reduce network problems caused by incorrect group policies and simplify group policy-related security issues solve the difficulties in group policy deployment and reduce IT management The heavy burden borne by employees in the implementation of Group Policy.
Part 2: Introduction to the installation process of Active DirectoryFirst of all of course install Windows Server 2003 on the member server. After the installation is successful enter the system
The first thing we want to do The thing is to assign a fixed IP to this member server where the assignment is as follows:
Machine name: Server
Subnet mask: 255.255.255.0
DNS:192.168.1.254 This machine is configured as a DNS server)
Click \u0026ldquo;Start\u0026mdash;Run\u0026rdquo; enter \u0026ldquo;Dcpromo\u0026rdquo; And then press Enter to see the 'Active Directory Installation Wizard' directly click here 'Next';
This is a compatibility requirement Windows 95 and NT 4 SP3 before The version cannot log in to the domain controller running on Windows Server 2003. I suggest that you try to use Windows 2000 and above operating systems as clients. Then click \u0026ldquo;Next\u0026rdquo;;
Here since this is the first domain controller select the first item: \u0026ldquo;Domain controller of the new domain\u0026rdquo; and then click \u0026ldquo; One step\u0026rdquo;;
Since it is the first domain controller of course I also choose \u0026ldquo;domain in the new forest\u0026rdquo;;
Here we have to specify a domain name I The specified here is demo.com here is the specified NetBIOS name please be careful not to conflict with the following client which means that there can be no more PC in the entire network whose computer name is 'demo' although it can be modified here But personal suggestion is better to use the default save trouble later.
How to simplify the domain controller password?
Click on \u0026ldquo;Start\u0026rarr;Settings\u0026rarr;Control Panel\u0026rarr;Administrative Tools\u0026rarr;Domain Security Policy\u0026rdquo; enter \u0026ldquo;Default Domain Security Settings\u0026rdquo; click \u0026ldquo;Windows Settings\u0026rarr;Security Settings 'Password policy' double-click the 'Password must meet the complexity requirements' item in the right window a window will pop up select the 'Disabled' option and click 'OK' restart the computer OK. At the same time the password length is also set here.
Finally enter the gpupdate /force command in CMD to update the group policy to take effect.
The above is an introduction to what is a domain and domain controller Windows 2003 domain controller settings/client installation and problem handling. For more content please continue to pay attention to the script home website!?6 preventive measures for client computer viruses