架設(shè)雙機冗余AD+DNS+DHCP+WINS

1、架設(shè)雙機冗余AD+DNS+DHCP+WINS要完成下面的實驗，首先安裝2臺服務(wù)器的OS,安裝hotfix & update,我使用的windows 2003 企業(yè)版<一 > 冗余AD+DNS配置與測試1 AD1上的設(shè)置1.1在AD1上設(shè)置IP相關(guān)信息：IP: /24gw: dn s:j:Install.InteKR)11255 . 255 . 255192 . 166 . 0Network Connectians-L- Local Area 匸onnection PropertiesInternet Protoc

2、ol (T匚P/IP) Properties-lai x|Advanced.勺Qgo 迪D escriptionTransmission C ide area netv across diverseVoj can get IP settiassigned automatically iF your network supports this capability. Otherwise you need to ask your network administrator for the appropriate IP settings.File Edit Vievj Favoribes Toals

3、 Advanced HelpThi$ cfinnechan iObtain an IP address automaticallyP*' Use the Following IP address:IP address:Subnet mask;default gateway:“鳥.Client fci A Networkv 上J File and7 InternetGeneral Authentication Advanced |GeneralObtain DN5 server address automaticallyUse the Following DNS server addre

4、sses: Preferred DNS server:| 127 .Alternate DNS server:AddresConnect using:甜申 lntel(R)PR亡目ncmli StartNetwork Connections丄 Local Area Connect io.1.2 安裝 dns,dhcp,wins 服務(wù)1.3安裝AD運行 dcpromo羽Recycle B，凰 3 j Active Directory Inst.夠Recycle B/題 3 Active Directory Inst./題 G Active Directory Inst.I Active Dire

5、ctory Installation WizardmJXJDomain Controller TypeSpecify the role you want this server to have./題 G Active Directory Inst.CancelDo you want this server to become a domain controller for a new domain or an1|1_ |t _Q Romain controller for a new domainiSelect this option to create a new child domain,

6、 new domain tree, or new forest. This server will become the first domain controller in the new domain.xzAdditional domain controller for an existing domain/ Proceeding with this option will delete all local accounts on this server.All cryptographic keys will be deleted and should be exported before

7、 continuing.All encrypted data, such as EFS-encypted files or e-mail should be decrypt before continuing or it will be permanently inaccessible.Nexl >夠Recycle B< BackActive Directory Installation WizardxjCreate New DomainSelect which type of domain to create.<-6reatenewG Oomain in a new for

8、esiSelect this option if this is the first domain in your organization or if you want lhe new domai n to be completely in dependent of your current forest.'Child domain in an existing domain UeeIf you want the new domain to be a child of an existing domain, select this option For example, you co

9、uld create a new domain named headquarters, example, microsoft com as a child domain of the domain example, microsoft com.Domain tree in an existing forestIf you don't want the new domain to be a child of an existing domain, sele option. This will create a new domain tree that is separate from a

10、ny existiCancel< Back/題 G Active Directory Inst./題 G Active Directory Inst.羽Recycle Bi/題 G Active Directory Inst.XJActive Directory Installation WizardNew Domain NameSpecify a name for the new domain.Type the full DNS name for the new domain (for example: headquarters, example, microsoft. com).彳固

11、 3 j Active Directory Inst.彳固 3 j Active Directory Inst.test com. cnFull DNS name for new domain:輸入我們的域名繼續(xù)< BackNexl >Cancel羽Recycle B彳固 3 j Active Directory Inst.彳固 3 j Active Directory Inst.NetBIOS Domain NameSpecify a NetBIOS name for the new domain.xj彳固 3 j Active Directory Inst.This is th

12、e name that users of earlier versions of Windows will use to identify the new domain. Click Next to accept the name shown or type a ne內(nèi) name.彳固 3 j Active Directory Inst.彳固 3 j Active Directory Inst.使用默認的NetBIOS名字，Nzt繼續(xù)彳固 3 j Active Directory Inst.彳固 3 j Active Directory Inst.彳固 3 j Active Directory

13、 Inst.彳固 3 j Active Directory Inst.I Active Directory Installation WizardmJXJDatabase and Log FoldersSpecify the folders (o contain the Active Directory database and log files.For best performance and recoverability, store the database and the log on separate hard disks.Where do you want to store th

14、e Active Directory database?Database folder:C:WINDOWSNTDS. 丿Where do you want to $tore the Active Directory log?Log folder:-|CAWINDOWSNTDSjBrowse.Browse.Next >Cancel羽Recycle B彳固 3 j Active Directory Inst.The SYS VOL folder must be located on an NTFS volume.Browse.Shared System VolumeSpecify the f

15、older to be shared as the system volume.The SYS VOL folder stores the server's copy of the domai n's public files. The conte nt$ of the SYS VOL folder are replicated to all domai n con hollers in the domain.J Start I Ji OjActiive Directory Installat. IDC公用文件夾,我們使用默認 Next繼續(xù)Nexl >Cancel羽Rec

16、ycle BMRActive Directory Installation WizardDNS Registration DiagnosticsVerify DNS support or install DNS on this computer.Diagnostic ResultsThe registration diagnostic has been run 1 lime.None of the DNS servers used by this computer responded within the timeout interval.For more information, inclu

17、ding steps to correct this problem, see Help.DetailsTheSOA query for _ldap._tcp.dc._ to find the primary DNS |I have corrected the problem. Perform the DNS diagnostic test again.Q Install and configure the DNS server on this computer, and set this computer to use this DNS server as its preferred DNS

18、 server.< BackNexl >CancelRecycle BI will correct the problem later by configuring DNS manually. (Advaneed)J Start I Ji OjActiive Directory Installat. IMRPermissionsSelect default permissions for user and group objects.Some server programs, such as Windows NT Remote Access Servicez read inform

19、ation stored on domain controllers.廠 Permissiocompatible with pre-Windows 2000 server operating systemsSelect this option if you run server programs on pre-Window$ 2000 server operating systems or on Windows 2000 or Windows Server 2003 operaling systems that are members of pre-Windows 2000 domains.&

20、#187; Anonymous users can read information on this domain.X" « - - I I. 1.1 . .1. . .f* permissions compatible only with Windows 2000 or Windows Server 2003 j operating systems羽Recycle BSelect this option if you run server programs onlv on Windows 2000 or Windows Server 2003 operating syst

21、ems that are members of Active Directory domains Only aulhenticated users can read information on this domain.xjActive Directory Installation WizardDirectory Services Restore Mode Administrator PasswordThis password is used when you start the computer in Direclory Services Restore Mode.Type and conf

22、irm the password you want to assign to the Administrator account used when this server is started in Directory Services Restore Mode.The restore mode Administrator account is differ©nt from the domain Administrator account. The passwords for lhe accounts might be different so be sure (o remembe

23、r both.ij 童 厲 | Active Directory Inst.怎R estore M ode Password:Confirm paword:For more information about Directory Services Restore Mode, see Active Directow Help.Cancel羽Recycle Biij 童 厲 | Active Directory Inst.lActive Directory Installation Wizardxj|SummaryReview and confirm the options you selecte

24、dYou chose to:Configure this server as the first domain contolle in a new forest of domain trees.The new domain name is . This is also the name of the new forest.The NetBIOS name of the domain is TESTDatabase folder: C:WINDOWSNTDSLog file folder: C:WINDOWSNTDSSYSVOL folder: C:WINDOWSSYSVOLThe DNS se

25、rvice will be installed and configured on this computer. This computer will be configured to use this DNS server as its preferred DNS server.zJRecycle BYou chose to:The new domain name isMSummaryReview and confirm the options you selected.Configure this server as the first domain conholler in a new

26、forest of domain trees.斗Active Directory Installation WizardThe NetBIOS name of thT o change an option, clicDatabase folder: C:WIN Log file folder: C:WINDC SYSVOL folder: C:WINCThe DNS service will be will be configured to useThe wizard is configuring Active Directory. This process can take several

27、minutes or considerably longer, depending on the options you have selected.Creating the System Volume C: WI N D 0WS SYSVO L安裝中CancelRecycle Bidj 酚 &| Active Directory Inst.Active Directory Installation WizardxjCompleting the Active Directory Installation WizardActive Directory is now installed o

28、n this computer for the domain test. com. cn.This domain con (roller is a$ig ned to the site D ef ault-Fir$t-S ite-N ame Sites are man aged with the Active Directory Sites and Services administrative tool.T o close this wizard, click Finish.1< Back 1| FinishCancel 1f Start | j 固 ©| Active Di

29、rectory Inst.f Start | j 固 ©| Active Directory Inst.Recycle Eif Start | j 固 ©| Active Directory Inst.My DocumentsMy ComputerMy NetworkPlacesInternetExplorerJ1 Start 附總1.4 dns設(shè)置打開dns管理Active Directory Installation WizardWindows mu$t be 憂討t亡d before the changes mdde by the Active Directory I

30、nskllation wizard take effect.啟 Active Directory Inst,.Restart NowRont Restart Now羽Recycle BMy DocumentsAdministratorManage Your Server丿 My ComputerCommand PromptControl Panel/ Windows Explorer咋Administrative ToolsPrinters and FaxesNotepad)tlelp and Support 彳丿Search 藝 7 Run.All Programs 岡回offTermina

31、l Server LicensingTerminal Services ConfigurationTerminal Services ManagerWINSRemote DesktopsRouting and Remote AccessServicesNetwork Load Balancing Manager Performanceg Licensing£ Manage Your Server菱 Microsoft .NET Framework 1.1 Configuration® Microsoft .NET Framework 1.1 WizardsDomain Co

32、ntroller Security PolicyDomain Security PolicyEve nt ViewerComponent ServicesComputer ManagementConfigure Your Server WizardData Sources (ODBC)DHCPDistributed File SystemDNS選擇DNS服務(wù)Active Directory Domains and TrustsActive Directory Sites and ServicesActive Directory Users and ComputersCertification

33、AuthorityCluster AdministratorShut DownJ Start 風 ©d Start 酉 e| dnsmgmt - DNSAD1.J Start 回 越 | dnsmgmt - DNSAD1.My DiMy Dibe divided into zonMyCInflExMyC歡迎畫面,N“t繼續(xù)i Start 回 3| dnsmgmt - DNSAD1.New Zone WizardcMyMyIntExZone TypeThe DNS server supports various types of zones and storage.5球代 the ty

34、pe of zone you want to ceate: G rimar zonejcopy of a zone that can be updated directly on this server.be divided into zonSecondaryzoneCreates a copy of a zone that exists on anotherthe processing load of primary servers and provides faultStub zoneCreates a copy of a zone containing only Name Server

35、(NSX Start of Authority (SOA), and possibly glue Host (A) records A server containing a stub zone is not authoritative for that zoneThis option helps balance0 Store the zone in Active Directory (available only if DNS server is a domain controll< BackNext >CancelHelp1'新的主zai Start 迪 G| dnsm

36、gmt - DNSAD1.New Zone Wizard2<J2<JcMyi Start M 6| dnsmgmt - DNSAD1.New Zone Wizard2<Jbe divided into zonSelect how you want zone data replicated:To all DNS servers in the Active Directory forest O 了2.亂顫5.雯壬即丄嘰廿叱 A匸tik r-rectory dorrioin ；NTo all domain controllers in the Active Directory do

37、main *Choose this option if the zone should be loaded by Windows 2000 DNS server running on the domain controllers in the same domainC To all domain controllers specified in the scope of the following application directory partition:My DiL,Reverse Lookup Zone NameA reverse lookup zone translates IP

38、addresses into DNS names.MyCTo identify the reverse lookup zone, type the network ID or the name of the zone, a|192 .*8 .0The netvfe/k ID is the portion of t network ID in its normal (not reversed) orIntExbe divided into zone. For example, 0 would createddresses that belongs to this zone. Enter theI

39、f you use a zero in the network ID丿 it will appear in the network ID 10 would create zone 10.inaddrap6 and network zone 0l 0in-8ddrarpa Reverse lookup zone name:10.168.192. in-addr. arpaFor more information on creating a reverse lookup zone click Help.、需要解析Next繼續(xù)< BackNext >CancelHelp|i Start

40、M 6| dnsmgmt - DNSAD1.cMyNew Zone WizardDynamic UpdateYou can specify that this DNS zone accepts secure, nonsecure or no dynamic updates Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur Select the type of d

41、ynamic updates you want to allow:& Sjiow only secure dynamic updates (recommended for Active Directory) This option is available only for Active Directory-integrated zones.be divided into zon和AD集為Net繼纟< BackNext >CancelHelpIntEXAllow both nonsecure and secure dynamic updates Dynamic update

42、s of resource records are accepted from any client.§This option is a significant security vulnerability because updates can beaccepted from untrusted sources Do not allow dynamit updatesDynamic updates of resource records are not accepted by this zone You must update these records manually 7 St

43、art 酚 dnsmgmt - DNSAD1.ETTii< Each.Cancelbe divided into zon< Each.Finish完成, dnsmnfit - DN5ADi.重啟服務(wù)器，然后觀察反向解析是否成功_5., File Act»n View Window Helpdnimgml: - DN5ADlReverse Lookup ZonesX 192.168.0.H Subnet創(chuàng)舸X囹団凰旨|貝圍因MyCIntExDNS3呻F LJ Forward Lookup ZonesE(T|J xnEl WjJ ht LJM ELJj S-DF _|_ms&

44、#177;s/怕s_tcp_udpDomainDnsZonesForestDnsonesL92J6B.0.X Subnet 3 recordfs)1 Me5tart of Authority (5OA) Name Server (N5) Pointer (PTR)PJdme蘭(same as parent Folder) W (same as parent folder) a192.16S.0.2| Data2, adl.test adl .test.coff ad 1. test, con J q Rewers Lookup Zones j 磴+ _yj E verOSeww192.168.

45、0.x Subnet選中192. 168.0.1這個網(wǎng)段，在 右僥可以看到相關(guān)記錄dnsnngmt - DN5AD1m4至此,AD1的設(shè)置告一段落2. AD2的設(shè)置2.1 IP的設(shè)置IP:/24gw: dns:(AD1 的 IP) Network 匚onnectionsGeneralConnect using:譽 IhteHR PRO/1000 M T Network ConnectiopngIP address：Subnet mask:DeFault gateway:Install.UnirrstallU- local Are

46、a Connection PropertiesInternet Protocol (TCP/IP) PropertiesInterExplcObtain an IP address automatically ： Uw the following IP adck"常Ths carnectiori uses the following items:You cmn get IP settings assigned automatically iF your net this capability > Otherwisej you need to ask your network f

47、or the appropriate IP settings hEdit View Favorites Tools Advanced HelpGeneral | Authentication | Advanced |H ln Client for Microsoft Networks45 Network Load B>ali:rig藝 怎 I Fi3 and Printer Sharing hr Microsoft NetH TT Internet Pratocol TCP/IP)My Ne PlacBac-OlJSl>lAddresLANDescriptionT ransmiss

48、ian Control Protocol/lri怕伯機 Protoco tvide area network protocol that provides comn across diverse interconnected networks,C Obtain DNS server address automatrcRIy-(* Use the following DNS server adetKSBT*Preferred DNS server:| 192 , 168 , 0Intel(R)Show icon in notification area uhen connectsOKNetwor

49、k Conne ctionsAlternate DN5 server;. -Z將DNS指剛IJ才安 裝的ADI一二 Local Area Connectio.22安裝AD運行 dcpromo大部分步驟同AD1的安裝,直到下面的步驟/ Start | 陽 3| Active Directory Inst.Active Directory Installation WizardxjDomain Controller TypeSpecify the role you want this server to have./ Start | 陽 3| Active Directory Inst.Do yo

50、u want this server to become a domain conMoll引 for a new domain or an additional domain controller for an existing domain?Domain controller for a new domainSelect this option to create a new child domainew domain tree, or new forest. This server will become the first domain controller in the new dom

51、ain.ddihoridl domain controller for an e：v-:tnQ domairj/j Proceeding with this option will delete all local accounts on this server.All cryptographic keys will be deleted and should be exported before con tinui ng.All encrypted data, such as EFS-enaypted files or e-mail should be decrypted before continuing or it will be permanently inaccessible./< /廠Next >< BackifI Cancel/ Start | 陽 3| Active Directory Inst./ Start | 陽 3| A