AD DS Design
- Single forest single domain is preferred
- Time is important (PDC)
- Implement multiple/backup domain controllers
- 2,150,000,000 objects per domain
- FQDN less than 64 characters
FSMO (Flexible single master operation)
| Forest level | To make change into Schema in forest (such as implement Exchange, Lync) | |
| Domain naming master | Forest level | To add/remove domain in forest |
| PDC | Domain level |
|
| RID Pool master | Domain level | Assign RIDs (500/time) to DC |
| Infrastucture master | Domain level | Objects reference in different domains |
# To check the FSMO servers
netdom query fsmo
# To transfer / seize
netdom /?
Install Domain controllers in the first site
# Install AD DS on the first DC
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
# # Windows PowerShell script for AD DS Deployment # Import-Module ADDSDeployment Install-ADDSForest ` -CreateDnsDelegation:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainMode "Win2012R2" ` -DomainName "vccware.com" ` -DomainNetbiosName "VCCWARE" ` -ForestMode "Win2012R2" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -SysvolPath "C:\Windows\SYSVOL" ` -SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) ` -Force:$true
# Install AD DS on the second DC
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
# # Windows PowerShell script for AD DS Deployment # Import-Module ADDSDeployment Install-ADDSDomainController ` -NoGlobalCatalog:$false ` -CreateDnsDelegation:$false ` -CriticalReplicationOnly:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainName "vccware.com" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -ReplicationSourceDC "BJAD01.vccware.com" ` -SiteName "Default-First-Site-Name" ` -SysvolPath "C:\Windows\SYSVOL" ` -SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) ` -Force:$true
时间: 2024-10-15 02:59:27