架设双机冗余AD+DNS+DHCP+WINS

1、架设双机冗余AD+DNS+DHCP+WINS要完成下面的实验，首先安装2台服务器的OS,安装hotfix & update,我使用的windows 2003 企业版<一 > 冗余AD+DNS配置与测试1 AD1上的设置1.1在AD1上设置IP相关信息：IP: /24gw: dn s:j:Install.InteKR)11255 . 255 . 255192 . 166 . 0Network Connectians-L- Local Area 匸onnection PropertiesInternet Protoc

2、ol (T匚P/IP) Properties-lai x|Advanced.勺Qgo 迪D escriptionTransmission C ide area netv across diverseVoj can get IP settiassigned automatically iF your network supports this capability. Otherwise you need to ask your network administrator for the appropriate IP settings.File Edit Vievj Favoribes Toals

3、 Advanced HelpThi$ cfinnechan iObtain an IP address automaticallyP*' Use the Following IP address:IP address:Subnet mask;default gateway:“鸟.Client fci A Networkv 上J File and7 InternetGeneral Authentication Advanced |GeneralObtain DN5 server address automaticallyUse the Following DNS server addre

4、sses: Preferred DNS server:| 127 .Alternate DNS server:AddresConnect using:甜申 lntel(R)PR亡目ncmli StartNetwork Connections丄 Local Area Connect io.1.2 安装 dns,dhcp,wins 服务1.3安装AD运行 dcpromo羽Recycle B，凰 3 j Active Directory Inst.够Recycle B/題 3 Active Directory Inst./題 G Active Directory Inst.I Active Dire

5、ctory Installation WizardmJXJDomain Controller TypeSpecify the role you want this server to have./題 G Active Directory Inst.CancelDo you want this server to become a domain controller for a new domain or an1|1_ |t _Q Romain controller for a new domainiSelect this option to create a new child domain,

6、 new domain tree, or new forest. This server will become the first domain controller in the new domain.xzAdditional domain controller for an existing domain/ Proceeding with this option will delete all local accounts on this server.All cryptographic keys will be deleted and should be exported before

7、 continuing.All encrypted data, such as EFS-encypted files or e-mail should be decrypt before continuing or it will be permanently inaccessible.Nexl >够Recycle B< BackActive Directory Installation WizardxjCreate New DomainSelect which type of domain to create.<-6reatenewG Oomain in a new for

8、esiSelect this option if this is the first domain in your organization or if you want lhe new domai n to be completely in dependent of your current forest.'Child domain in an existing domain UeeIf you want the new domain to be a child of an existing domain, select this option For example, you co

9、uld create a new domain named headquarters, example, microsoft com as a child domain of the domain example, microsoft com.Domain tree in an existing forestIf you don't want the new domain to be a child of an existing domain, sele option. This will create a new domain tree that is separate from a

10、ny existiCancel< Back/題 G Active Directory Inst./題 G Active Directory Inst.羽Recycle Bi/題 G Active Directory Inst.XJActive Directory Installation WizardNew Domain NameSpecify a name for the new domain.Type the full DNS name for the new domain (for example: headquarters, example, microsoft. com).彳固

11、 3 j Active Directory Inst.彳固 3 j Active Directory Inst.test com. cnFull DNS name for new domain:输入我们的域名继续< BackNexl >Cancel羽Recycle B彳固 3 j Active Directory Inst.彳固 3 j Active Directory Inst.NetBIOS Domain NameSpecify a NetBIOS name for the new domain.xj彳固 3 j Active Directory Inst.This is th

12、e name that users of earlier versions of Windows will use to identify the new domain. Click Next to accept the name shown or type a ne內 name.彳固 3 j Active Directory Inst.彳固 3 j Active Directory Inst.使用默认的NetBIOS名字，Nzt继续彳固 3 j Active Directory Inst.彳固 3 j Active Directory Inst.彳固 3 j Active Directory

13、 Inst.彳固 3 j Active Directory Inst.I Active Directory Installation WizardmJXJDatabase and Log FoldersSpecify the folders (o contain the Active Directory database and log files.For best performance and recoverability, store the database and the log on separate hard disks.Where do you want to store th

14、e Active Directory database?Database folder:C:WINDOWSNTDS. 丿Where do you want to $tore the Active Directory log?Log folder:-|CAWINDOWSNTDSjBrowse.Browse.Next >Cancel羽Recycle B彳固 3 j Active Directory Inst.The SYS VOL folder must be located on an NTFS volume.Browse.Shared System VolumeSpecify the f

15、older to be shared as the system volume.The SYS VOL folder stores the server's copy of the domai n's public files. The conte nt$ of the SYS VOL folder are replicated to all domai n con hollers in the domain.J Start I Ji OjActiive Directory Installat. IDC公用文件夹,我们使用默认 Next继续Nexl >Cancel羽Rec

16、ycle BMRActive Directory Installation WizardDNS Registration DiagnosticsVerify DNS support or install DNS on this computer.Diagnostic ResultsThe registration diagnostic has been run 1 lime.None of the DNS servers used by this computer responded within the timeout interval.For more information, inclu

17、ding steps to correct this problem, see Help.DetailsTheSOA query for _ldap._tcp.dc._ to find the primary DNS |I have corrected the problem. Perform the DNS diagnostic test again.Q Install and configure the DNS server on this computer, and set this computer to use this DNS server as its preferred DNS

18、 server.< BackNexl >CancelRecycle BI will correct the problem later by configuring DNS manually. (Advaneed)J Start I Ji OjActiive Directory Installat. IMRPermissionsSelect default permissions for user and group objects.Some server programs, such as Windows NT Remote Access Servicez read inform

19、ation stored on domain controllers.厂 Permissiocompatible with pre-Windows 2000 server operating systemsSelect this option if you run server programs on pre-Window$ 2000 server operating systems or on Windows 2000 or Windows Server 2003 operaling systems that are members of pre-Windows 2000 domains.&

20、#187; Anonymous users can read information on this domain.X" « - - I I. 1.1 . .1. . .f* permissions compatible only with Windows 2000 or Windows Server 2003 j operating systems羽Recycle BSelect this option if you run server programs onlv on Windows 2000 or Windows Server 2003 operating syst

21、ems that are members of Active Directory domains Only aulhenticated users can read information on this domain.xjActive Directory Installation WizardDirectory Services Restore Mode Administrator PasswordThis password is used when you start the computer in Direclory Services Restore Mode.Type and conf

22、irm the password you want to assign to the Administrator account used when this server is started in Directory Services Restore Mode.The restore mode Administrator account is differ©nt from the domain Administrator account. The passwords for lhe accounts might be different so be sure (o remembe

23、r both.ij 童 厲 | Active Directory Inst.怎R estore M ode Password:Confirm paword:For more information about Directory Services Restore Mode, see Active Directow Help.Cancel羽Recycle Biij 童 厲 | Active Directory Inst.lActive Directory Installation Wizardxj|SummaryReview and confirm the options you selecte

24、dYou chose to:Configure this server as the first domain contolle in a new forest of domain trees.The new domain name is . This is also the name of the new forest.The NetBIOS name of the domain is TESTDatabase folder: C:WINDOWSNTDSLog file folder: C:WINDOWSNTDSSYSVOL folder: C:WINDOWSSYSVOLThe DNS se

25、rvice will be installed and configured on this computer. This computer will be configured to use this DNS server as its preferred DNS server.zJRecycle BYou chose to:The new domain name isMSummaryReview and confirm the options you selected.Configure this server as the first domain conholler in a new

26、forest of domain trees.斗Active Directory Installation WizardThe NetBIOS name of thT o change an option, clicDatabase folder: C:WIN Log file folder: C:WINDC SYSVOL folder: C:WINCThe DNS service will be will be configured to useThe wizard is configuring Active Directory. This process can take several

27、minutes or considerably longer, depending on the options you have selected.Creating the System Volume C: WI N D 0WS SYSVO L安装中CancelRecycle Bidj 酚 &| Active Directory Inst.Active Directory Installation WizardxjCompleting the Active Directory Installation WizardActive Directory is now installed o

28、n this computer for the domain test. com. cn.This domain con (roller is a$ig ned to the site D ef ault-Fir$t-S ite-N ame Sites are man aged with the Active Directory Sites and Services administrative tool.T o close this wizard, click Finish.1< Back 1| FinishCancel 1f Start | j 固 ©| Active Di

29、rectory Inst.f Start | j 固 ©| Active Directory Inst.Recycle Eif Start | j 固 ©| Active Directory Inst.My DocumentsMy ComputerMy NetworkPlacesInternetExplorerJ1 Start 附总1.4 dns设置打开dns管理Active Directory Installation WizardWindows mu$t be 忧討t亡d before the changes mdde by the Active Directory I

30、nskllation wizard take effect.启 Active Directory Inst,.Restart NowRont Restart Now羽Recycle BMy DocumentsAdministratorManage Your Server丿 My ComputerCommand PromptControl Panel/ Windows Explorer咋Administrative ToolsPrinters and FaxesNotepad)tlelp and Support 彳丿Search 艺 7 Run.All Programs 冈回offTermina

31、l Server LicensingTerminal Services ConfigurationTerminal Services ManagerWINSRemote DesktopsRouting and Remote AccessServicesNetwork Load Balancing Manager Performanceg Licensing£ Manage Your Server菱 Microsoft .NET Framework 1.1 Configuration® Microsoft .NET Framework 1.1 WizardsDomain Co

32、ntroller Security PolicyDomain Security PolicyEve nt ViewerComponent ServicesComputer ManagementConfigure Your Server WizardData Sources (ODBC)DHCPDistributed File SystemDNS选择DNS服务Active Directory Domains and TrustsActive Directory Sites and ServicesActive Directory Users and ComputersCertification

33、AuthorityCluster AdministratorShut DownJ Start 風 ©d Start 酉 e| dnsmgmt - DNSAD1.J Start 回 越 | dnsmgmt - DNSAD1.My DiMy Dibe divided into zonMyCInflExMyC欢迎画面,N“t继续i Start 回 3| dnsmgmt - DNSAD1.New Zone WizardcMyMyIntExZone TypeThe DNS server supports various types of zones and storage.5球代 the ty

34、pe of zone you want to ceate: G rimar zonejcopy of a zone that can be updated directly on this server.be divided into zonSecondaryzoneCreates a copy of a zone that exists on anotherthe processing load of primary servers and provides faultStub zoneCreates a copy of a zone containing only Name Server

35、(NSX Start of Authority (SOA), and possibly glue Host (A) records A server containing a stub zone is not authoritative for that zoneThis option helps balance0 Store the zone in Active Directory (available only if DNS server is a domain controll< BackNext >CancelHelp1'新的主zai Start 迪 G| dnsm

36、gmt - DNSAD1.New Zone Wizard2<J2<JcMyi Start M 6| dnsmgmt - DNSAD1.New Zone Wizard2<Jbe divided into zonSelect how you want zone data replicated:To all DNS servers in the Active Directory forest O 了2.乱颤5.雯壬即丄叽廿叱 A匸tik r-rectory dorrioin ；NTo all domain controllers in the Active Directory do

37、main *Choose this option if the zone should be loaded by Windows 2000 DNS server running on the domain controllers in the same domainC To all domain controllers specified in the scope of the following application directory partition:My DiL,Reverse Lookup Zone NameA reverse lookup zone translates IP

38、addresses into DNS names.MyCTo identify the reverse lookup zone, type the network ID or the name of the zone, a|192 .*8 .0The netvfe/k ID is the portion of t network ID in its normal (not reversed) orIntExbe divided into zone. For example, 0 would createddresses that belongs to this zone. Enter theI

39、f you use a zero in the network ID丿 it will appear in the network ID 10 would create zone 10.inaddrap6 and network zone 0l 0in-8ddrarpa Reverse lookup zone name:10.168.192. in-addr. arpaFor more information on creating a reverse lookup zone click Help.、需要解析Next继续< BackNext >CancelHelp|i Start

40、M 6| dnsmgmt - DNSAD1.cMyNew Zone WizardDynamic UpdateYou can specify that this DNS zone accepts secure, nonsecure or no dynamic updates Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur Select the type of d

41、ynamic updates you want to allow:& Sjiow only secure dynamic updates (recommended for Active Directory) This option is available only for Active Directory-integrated zones.be divided into zon和AD集为Net继纟< BackNext >CancelHelpIntEXAllow both nonsecure and secure dynamic updates Dynamic update

42、s of resource records are accepted from any client.§This option is a significant security vulnerability because updates can beaccepted from untrusted sources Do not allow dynamit updatesDynamic updates of resource records are not accepted by this zone You must update these records manually 7 St

43、art 酚 dnsmgmt - DNSAD1.ETTii< Each.Cancelbe divided into zon< Each.Finish完成, dnsmnfit - DN5ADi.重启服务器，然后观察反向解析是否成功_5., File Act»n View Window Helpdnimgml: - DN5ADlReverse Lookup ZonesX 192.168.0.H Subnet创舸X囹団凰旨|貝圍因MyCIntExDNS3呻F LJ Forward Lookup ZonesE(T|J xnEl WjJ ht LJM ELJj S-DF _|_ms&

44、#177;s/怕s_tcp_udpDomainDnsZonesForestDnsonesL92J6B.0.X Subnet 3 recordfs)1 Me5tart of Authority (5OA) Name Server (N5) Pointer (PTR)PJdme兰(same as parent Folder) W (same as parent folder) a192.16S.0.2| Data2, adl.test adl .test.coff ad 1. test, con J q Rewers Lookup Zones j 磴+ _yj E verOSeww192.168.

45、0.x Subnet选中192. 168.0.1这个网段，在 右僥可以看到相关记录dnsnngmt - DN5AD1m4至此,AD1的设置告一段落2. AD2的设置2.1 IP的设置IP:/24gw: dns:(AD1 的 IP) Network 匚onnectionsGeneralConnect using:譽 IhteHR PRO/1000 M T Network ConnectiopngIP address：Subnet mask:DeFault gateway:Install.UnirrstallU- local Are

46、a Connection PropertiesInternet Protocol (TCP/IP) PropertiesInterExplcObtain an IP address automatically ： Uw the following IP adck"常Ths carnectiori uses the following items:You cmn get IP settings assigned automatically iF your net this capability > Otherwisej you need to ask your network f

47、or the appropriate IP settings hEdit View Favorites Tools Advanced HelpGeneral | Authentication | Advanced |H ln Client for Microsoft Networks45 Network Load B>ali:rig艺 怎 I Fi3 and Printer Sharing hr Microsoft NetH TT Internet Pratocol TCP/IP)My Ne PlacBac-OlJSl>lAddresLANDescriptionT ransmiss

48、ian Control Protocol/lri怕伯机 Protoco tvide area network protocol that provides comn across diverse interconnected networks,C Obtain DNS server address automatrcRIy-(* Use the following DNS server adetKSBT*Preferred DNS server:| 192 , 168 , 0Intel(R)Show icon in notification area uhen connectsOKNetwor

49、k Conne ctionsAlternate DN5 server;. -Z将DNS指剛IJ才安 裝的ADI一二 Local Area Connectio.22安装AD运行 dcpromo大部分步骤同AD1的安装,直到下面的步骤/ Start | 陽 3| Active Directory Inst.Active Directory Installation WizardxjDomain Controller TypeSpecify the role you want this server to have./ Start | 陽 3| Active Directory Inst.Do yo

50、u want this server to become a domain conMoll引 for a new domain or an additional domain controller for an existing domain?Domain controller for a new domainSelect this option to create a new child domainew domain tree, or new forest. This server will become the first domain controller in the new dom

51、ain.ddihoridl domain controller for an e：v-:tnQ domairj/j Proceeding with this option will delete all local accounts on this server.All cryptographic keys will be deleted and should be exported before con tinui ng.All encrypted data, such as EFS-enaypted files or e-mail should be decrypted before continuing or it will be permanently inaccessible./< /厂Next >< BackifI Cancel/ Start | 陽 3| Active Directory Inst./ Start | 陽 3| A