1、服务器 域控制 问题(Server domain control problem)Post address: http:/ collection to my pocket, copy to good friendsYour query is: server domain control(Note: this snapshot may be out of date. You can click on the link above to access the actual web page. Qihoo and the page author has no responsibility for i
2、ts contents. )Baidu space | Baidu home page | login adminNetwork management, computer maintenance, programmingThe home page blog album | personal files | friendsView ArticleAD Active Directory settings and domain control server tutorial2010-05-04 17:09AD Active Directory settings and domain control
3、server tutorialUpgrade a member server to a domain controller (1)At present, the number of Companies in the PC network of more than 10 Taiwan: according to Microsoft, the number of PC in the network is less than 10, suggested the mining of P2P mode, and if more than 10 units, it is suggested to appl
4、y domain management mode, because the domain can provide a centralized management, decentralized this compared to P2P have very many benefits, so how to improve a member server for domain control? We practice now:All the member servers in this article use Microsofts Windows Server 2003, and the clie
5、nt uses Windows XP.First, of course, install Windows Server 2003 on the member server and enter the system after the installation is successful,The first thing we need to do is to assign a fixed IP to this member server, as specified here:Machine name: ServerIP:192.168.5.1Subnet mask: 255.255.255.0D
6、NS:192.168.5.1 (because I want to configure this machine as a DNS server)Because the Windows Server 2003 in the installation process, the default DNS is not installed, so we need to manually add, add the method is as follows: “start - Settings - control panel - add remove programs, and then click th
7、e“ add / remove Windows components, can see the following picture:Move down the scroll bar to the right, and find the network service:All network services will be added by default, you can click on the “details“ of custom installation, because only need DNS here, so the other was removed, and then w
8、hen you need to install later:Then, click OK, and then click “next“ to complete the installation of the entire DNS. Throughout the installation process, make sure that the Windows Server 2003 CD is in the drive, or there will be no prompt for the file, so youll need to manually locate it.After you i
9、nstall DNS, you can do the lifting operation. First click start run, enter Dcpromo, and then enter, you can see the Active Directory installation wizard“Click here directly “next“:Here is a compatibility requirements, Windows 95 and NT 4 in the previous version of SP3 not landing run into Windows Se
10、rver 2003 domain controller, I suggest that you try using Windows 2000 and above the operating system for the client. Then click “next“:Here, because this is the first domain controller, select the first: domain controller for the new domain, and then click next“:Since it is the first domain control
11、ler, then of course also choose “domain in a new forest“:Here we want to specify a domain name. I specify here,Here is the NetBIOS name specified, do not pay attention to the client and conflict, that whole network can have a PC computer named “demo“, although it can be modified, but personal recom
12、mendations or use the default good,Save trouble later.To specify the AD database and log the location here, if not the C space if there is a problem, by default.Here is the location of the specified SYSVOL folder, or that sentence, no special circumstances, do not suggest modifications:The first dep
13、loyment will always occur when the DNS above registered diagnosis error screen, mainly because although the installation of DNS, but did not configure it, the network is not available DNS server, so will the response timeout is like, so here to choose: “on this computer to install and configure DNS
14、and then, this DNS server set up this computer for the preferred DNS server“.“This is the choice of a right, here, I choose second items:“ only compatible with Windows 2000 or Window 2003 operating system permissions “, because in my experiments the whole environment, and no previous operating syste
15、m is Windows 2000“Here is a key, restore passwords, I hope you set up later, must remember this password, do not forget, because in the back of the active directory recovery article, you need to use this password.This is the confirmation screen, please check carefully whether they are just input inf
16、ormation, especially the domain name written correctly, because the name is not a joke, if any point can step into the weight lose, if confirmed, then click “next“ on the official opening of the installation:After a few minutes, the installation is complete:Dot completion:Click restart immediately“.
17、Then look at the installation of AD, and when there is no installation, what is the difference between, first of all, the first impression is that the shutdown and boot speed significantly slower, and then look at the landing interface:There is a “landing“ selection box:After entering the system, ri
18、ght-click the “my computer“, select “properties“, point “computer“How about that? Its different from installing AD. Other ones, such as no local users, and more icons in the management tools, will be told in later articles, and no more details here.Upgrade a member server to a domain controller (two
19、)In my last article, a member server named Server was promoted to a domain controller, so lets now look at how to add the following workstations to the domain.Considering from the network security domain administrator account, try to use less, so the first on the domain controller to establish a del
20、egated account, log on to the domain controller, run the “dsa.msc“, “AD users and computer management console:Start with a new user, expand ““, right-click on “Users“, and click “new“ - “user“:Then there is a new users wizard, where I created a user named SWG and set the password “never expire“.This
21、 way, the next step will be completed until the user is created. Then right-click on and select delegate control first“:There will be a delegate control wizard“:Click next“:Click the Add button in the middle and enter the SWG account that you just created:Then click “OK“:Next, “next“:In the above p
22、icture, there is no need for the user to “manage the group policy link“ for the time being, so here just select “add the computer to the domain“, and then click “next“:Finally, there is an information check screen, and if there are no problems, simply click “finish“.Next, go to the client and see ho
23、w to get XP in,The client operating system used in the experiment is Windows XP professional edition, we need to note that the Windows XP version of Home as is for home users, so you cant join a domain, you cant go wrong with yo, we first set up this XP network:Computer name: TestXPIP:192.168.5.5Sub
24、net mask: 255.255.225.0DNS server: 192.168.5.1,After you have finished setting up the network, right-click on my computer, select the property, and then click the computer name“.Here, change the “subordinate“ to the domain, and enter ““ and make sure that the following picture appears:Enter the acco
25、unt “SWG“ that you just built on the domain control. Make sure:The above picture indicates the success of adding, and then point to determine, restart, even if OK. Look at the landing screen. Is there anything different?:See the “landing“ it, you can choose domain landing or local landing, and here
26、select the domain “DEMO“, so you can use domain users landing. After entering the system, right-click on my computer, select the attribute, and then click the computer name“:See the difference between the “black box“ and the “no“ domain?When the client is joined to the domain. If the domain controll
27、er is closed or crash, then, will find below the client cannot log on to the domain, so to establish a domain controller, which is used to prevent a damaged condition is very necessary. The domain controller that was created later is called the outer domain controller. Take a look at the process of
28、building the controller:Of course, the network setup is always in the first step:Computer name: BserverIP:192.168.5.2Subnet mask: 255.255.255.0DNS:192.168.5.1Since it is promoted as a domain controller, then the DNS component is also added, and the add method is the same as in my first article, and
29、here it is no longer repeated. After the addition is finished, click “start“ - “run“ - “dcpromo“:The compatibility of the wizard and the OS appears to be the same as when the first domain control was installed. The only thing to note is the following screen:When you install first, you select the dom
30、ain controller for the new domain, where you want to select an additional domain controller for the existing domain, and then click “next“:Here, enter the password for the administrators account of the domain, and fill in the domain with the DNS full name or NetBios name of the corresponding domain,
31、 and click “next“:Full name here must fill in the existing domain of DNS, and then click “next“ operation and the first domain controller installed next time is the same, so do not write down, until the completion of it. As for the domain environment of two domain controllers, one of them is damaged
32、 and how to get another one to replace the work, I will explain it in detail in the next article. If you are in front of the configuration of what problems encountered, welcome to send me E-Mail, and my E-Mail address is: . If there are any mistakes in my article, please write me a letter. Thank you
33、!User profile for Active DirectoryA domain user provided in the previous article (how to improve a member server for the domain controller (a), (two) have been involved, so set user here will not repeat it, this article mainly introduce the user configuration file.First of all, what is the user prof
34、ile? According to Microsofts official explanation: the user profile is defined in the user login system load the required environment settings and files and collections, it includes all user specific configuration settings.Where is the user profile located in the system? Then what does the user conf
35、iguration file include? Lets show you a screenshot:User profiles are located in: the system disk (usually C drive) under the “Documents and Settings“ folder, and you have a login name the same folder, the user profile is stored here, by the way, if there is a user name and domain of the machine, and
36、 the landing, it will appear in the folder with the same name behind the suffix, for example: for example, in a domain () inside a computer (testxp), the local has a SWG domain account, also have a SWG account, and landed on this computer what will happen as follows:The local account goes first: the
37、n the local SWG user configuration folder is SWG, and the domain users user configuration folder is swg.demo.Domain account first login: then the domain users user configuration folder is SWG, and the local users configuration folder is swg.testxp.From the screenshot above, we can see that the user
38、profile includes some personalized configurations, such as desktop settings, my documents, favorites, IE settings, and so on. Also should be noted that in the “Documents and Settings“ folder has a “All Users“ folder, if a new file you in this folder under the “desktop“ folder, you will find that all
39、 users log on the desktop has this file, so this folder the configuration is that each user of this computer is work.When the network becomes the domain architecture, user login domain all at any one computer to the domain, when you are in a computer user profile changes, you will find the landing o
40、n another computer, all the settings or the original, and no modification, this is because the user profile is stored in the local domain, regardless of user or local users, are stored in the log on the computer. We can right-click on my computer, select properties, click Advanced, and then click se
41、ttings in the user profile“:Please note that “marked with a red box type part“, all is “local“, which indicates that the user configuration file stored in the local, so how can we let the user configuration file with account go, i.e. whether the user login the computer on which the user can maintain
42、 a consistent configuration file in order to solve this problem? That will use roaming user profiles, the principle is to the user configuration file stored in the public position of a network, when the user logs on the computer, the user configuration file is downloaded to the local network and app
43、lication from the public position, then when the user logs off, the synchronization of user profiles to local network the public position, to ensure the effectiveness of public position of user profiles for next use. So, how do you implement this function? Now, practice it:First of all, to set up a
44、shared folder in the public position of a network, used to store the user profile in the experiment, we set up a shared folder for share on a domain controller, and open access:Then click the “start - Settings - control panel - management tools“, double-click “AD users and computers“, and select the
45、 appropriate user, here “SWG“ account for example:Double click on the “SWG“ account, and then select “configuration file, input in the user profile configuration file path: 192.168.5.1share%username%“, “192.168.5.1“ is the IP address of the domain controller, as shown below:Then click OK, and then g
46、o to the client, login with the “SWG“ account, and see what happens.As shown above, the state of DEMOswg has changed from just local to roaming“,The cancellation of the user, it will automatically synchronize the local user profile of the user to the network of public position, if you use “SWG“ to a
47、nother domain computer up landing you will find all the user profiles and this computer is the same. So what has happened to the server?As shown above, the servers “share“ folder automatically creates a “SWG“ folder that is the same as the user name. By default, this folder only allows the correspon
48、ding user to open it:The picture is familiar, right?At present many of the companys IT Pro have the same sigh, his love is the user desktop what got out of order, although the group strategy can limit off a part, but the overall feel is not very perfect, here, recommend the use of mandatory user pro
49、file to the user on their own personal profile any modification but once canceled, these changes will not be saved, so the next time the user login, user profile or remains the same. So how to achieve this function? In fact, as long as the user configuration folder under the “Ntuser.dat“ to “Ntuser.man“ on it, look at the revision process:First, in the display of hidden files and extensions to known files, you can make changes in the tools folder op
