AD DS Design

• Single forest single domain is preferred

• Time is important (PDC)

• Implement multiple/backup domain controllers

• 2,150,000,000 objects per domain

• FQDN less than 64 characters

FSMO (Flexible single master operation)

# To check the FSMO servers

netdom query fsmo

# To transfer / seize

netdom /?

Install Domain controllers in the first site

# Install AD DS on the first DC

Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools

#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName "vccware.com" `
-DomainNetbiosName "VCCWARE" `
-ForestMode "Win2012R2" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) `
-Force:$true

# Install AD DS on the second DC

Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools

#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainName "vccware.com" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "BJAD01.vccware.com" `
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:\Windows\SYSVOL" `
-SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) `
-Force:$true

本文出自 “AlphaBook” 博客，请务必保留此出处http://alphabook.blog.51cto.com/232573/1883483

Active Directory Domain Service