如何搭建父子域环境?


很多公司在创建初期会用一个域来进行管理,随着公司的壮大发展,会在其他地域比如北京、上海有分公司,此时就需要有新的域加入供管理使用,这时就需要使用域林,在域林中根节点域叫父域,新加入的child domain叫子域。

下面我们以Windows2012为例,看下父子域的要求及搭建情况:

要求:

两台Windows Server配置两个域,一个作为父域,一个子域;

搭建步骤: 父域Domain A正常安装,在登录Windows Server后,点击Server Manager,点击"Promote this server to a domain controller",在弹出的配置Domain时候选择"Domain in a new forest"选项,点击Next直到配置完成。

Machine generated alternative text:Server Manager Server Manager · Dashboard Manage Tools View Help Dashboard Lo ℃ , Server All Servers AD DS File and Storage Services > Post deployment Configura.. WELCOME TO SERVER MAN Configuration required , or Active Directory Domain Services at Sp2010A10 Promote this server 10 a domain controller , k Details QU ℃ K START

 

Machine generated alternative text:Ive Dlrectory Domaln Servlces Conflguratlon WIzar Deployment Configuration 匚 三 # 0 丿 = : 二 on , § 」 , cn Select the deployment op tion ( 〕 Add a domain

登录子域Domain B机器,打开网卡配置,在TCP/IP Properties中的DNS Server处输入Domain A域的IP;

Machine generated alternative text:Ethernet Propertles Internet Eth ern et nternet Protocol Version 4 (TCP/IPv4) Propertles General You 〔 以 n get IP settings assigned 以 utom 以 t 〔 引 , if your netvvork supports this 〔 以 p 以 , 丨 it/ Otherwise , ou need to ask your neWvork administrator for the appropriate IP setbngs. 0b 们 引 1 IP address tom 以 t 〔 引 , 255 · Use the fo № 们 g IP address. IP address. Subnet mask: Defaultgateway: 255 252 54 ( 〕 Obtain DNS server address 以 utom 以 t 〔 引 , . the fo № 们 g DNS server Preferred DNS server Alternate DNS server [ 〕 Validate settings upon exit 川

点击Server Manager,点击"Promote this server to a domain controller";

Machine generated alternative text:Server Manager Server Manager · Dashboard Manage Tools View Help Dashboard Lo ℃ , Server All Servers AD DS File and Storage Services > Post deployment Configura.. WELCOME TO SERVER MAN Configuration required , or Active Directory Domain Services at Sp2010A10 Promote this server 10 a domain controller , k Details QU ℃ K START

在弹出配置Domain的窗口中,选择 "Domain tree in an existing forest",在下面Select domain type处选择Child Domain;

Machine generated alternative text:Actlve Dlrectory Domaln Servlces Conflguratlon WIzard Deployment Configuration Deployment 00n , § 」 r 以 , cr Select the deployment operation ( 〕 Add a domain controller 10 3 n existing domain . 以 d a new domain 10 引 1 existing forest new forest Specify the domain Information forthis operation TARGET SERVER SP2010AIODemo.cn Select... ( h 引 垮 已 . Select domain type 巳 New , — Child Domain Child Domain Tree Domain Next > Suppb

Domain Type选择后,下面Forest Name填写父域Domain A的名字,New domain name填写子域Domain B的名,在认证处点击change…;

Machine generated alternative text:Actlve Dlrectory Domaln Servlces Conflguratlon WIzard Deployment Configuration Deployment 00n , § 」 r 以 , cr Select the deployment operation 匚 0m 引 n Controller Cp , cn 三 ( 〕 Add a domain controller 10 3 n existing domain @ Add a new domain 10 引 1 existing forest ( 〕 Add a new forest Specify the domain Information forthis operation TARGET SERVER SP2010AIODemo.cn Select... ( h 引 Suppb' the credentials 10 perform this operation demoxadmnistrator More about deployme , It configurations < Install Cancel ">

在弹出认证窗口中输入父域 Domain A的账户名和密码,点击OK;

Machine generated alternative text:Actlve Dlrectory Domaln Servlces Conflguratlon WIzard Deployment Configuration Windows Securl 匚 三 # ” = : 二 on , § 」 丨 Credentials for deployment operation Supply credentials for the deployment operation demoladministrator Domain: demo Connect a smart card [ 〔 〔 〔 亟 二 ] [ 〕 〕 亟 〕 〕 ] TARGET SERVER Sp2010A10 ( h 引 垮 已 . Cancel Install Next > More about deployme , It configurations <

在Domain Controller Options页面天下DSRM Password,点击Next;

Machine generated alternative text:Actlve Dlrecto Domain Controller Options Domaln Servlces Conflguratlon WIzard TARGET SERVER SP2010AIODemo.cn 匚 三 , 鬱 三 啵 匚 on , § 」 r 三 , cn 匚 0 引 n Contrcller Opticns 匚 N 三 0 , , 〕 匕 匕 , cn 引 Options F 主 Revlew Cp , cn 三 Prerequisites 匚 h 以 北 Select functio , level ofthe new domain Domain functional level Windows Server 2m2 R2 Specify domain controller capabilities and site information 丨 丨 Domain Name System (DNS) server 立 Global Catalog & 0 [ 〕 Read on , 以 om n controller (RCDC) Install Cancel Site name: Default-First-Site-Name Type the Directory Services Restore Mode (DSRM) pa wo Password: Con , irm passvvord: More about domain controller OP , on ( Next >

 

Machine generated alternative text:Actlve Dlrecto Domaln Servlces Confl uratlon Wlzard TARGET SERVER SP2010AIODemo.cn ( h 引 垮 已 . DNS Options Deployment 匚 on , § ur 三 , cn 匚 0 三 , Controller [ 孓 , cn 三 D N S Op , 〕 ns 匕 匕 , cn 引 Options F 主 Revlew Cp , cn 三 Prerequisites 匚 h 以 北 Next > Specify DNS delegation options 丨 丨 Create DNS delegation Credentials for delegation creation demoxadministrator More about DNS d egatio , 1 ( Install Cancel

在DNS设置页面填写NetBIOS Name,点击Next;

Machine generated alternative text:Actlve Dlrecto Additional Options Deployment 匚 on , § ur 三 , cn Domaln Servlces Confl uratlon Wlzard TARGET SERVER SP2010AIODemo.cn Cancel 、 ri , the NetBIOS name assigned to the domain 引 Id change 1 if necessary 匚 om 引 n Controller Cp , on 三 The NetBIOS domain name: 匚 N S 0 以 ion 三 d 匕 ition 引 Options F 主 Preparatlon [ 孓 tic 下 Revlew Cp , cn 三 Prerequisites 匚 h 以 北 More about additional 0 ion § CHILD ( Next > Install

之后按提示填写,点击Next到最后安装domain,等待安装完成,父子域配置就完成了。 此时我们可以登录子域Windows Server,My Computer右键属性,查看Computer full name,显示的是包含父域和子域的名字:Child.Demo.cn,正确。

注意:在子域中是没有DNS Server的,如果要添加Host需要登录父域机器添加。

感谢阅读!

相关内容