Active Directory l dch v h thng quan trng bc nht vi vai tr qun l d liu ngi dng, my tnh, groups, v cc chnh

sch cng nh rt nhiu thng tin khc. trin khai h thng Active Directory chun, trnh cc s c lin quan l iu cn thit. Trong lot bi vit v Active Directory ny ti s gii thiu vi cc bn t ci t 1 my ch Domain Controller cho mt Domain ti ci thm mt my ch DC khc cho Domain . Doanh nghip pht trin cn phi trin khai cc Domain Con, v cc Domain ngang hng trong cng mt Forest.

Cc phn trong lot bi vit v Active Directory 1. Ci t Active Directory trn Windows Server 2003 2. Backup Active Directory 3. Ci t thm mt my ch Active Directory vo mt Domain c 4. Ci t Multiple Domain cho mt h thng. a. Ci t Active Directory trn mt Forest mi. b. Ci t Active Directory trn mt domain con 5. i tn Domain 6. Chuyn Master ca Domain.

Phn I Gii thiu v Series bi vit

Trong Series bi vit v Active Directory ny cc bn s bit cch ci t v cu hnh ln mt h thng nh di y.

- Trong phn 2 ca bi vit ti s gii thiu vi cc bn lm cch no ci chun mt my ch Active Directory, c th y ti ci Active Directory cho domain Vnexperts.net - Phn 3 ca bi vit s gii thiu v ci t thm my ch Domain Controller cho domain c l Vnexperts.net. Cch Backup v Restore li Active Directory. - Phn 4 ca bi vit l ci t Domain Con trong Domain c sn l mcsa.vnexperts.net v ccna.vnexperts.net - Phn 5 Ci t mt Domain mi trong forest c t trc l: vne.vn, join my client vo domain, truy cp vo d liu c share trn Forest. - Phn 6 i tn Domain - Khc phc s c khi my ch Domain Controller hot ng vi chc nng Master ca c Forest b li, v cch nng cp cc my ch th cp nn thnh Master.

Phn II Ci t Active Directory trn Windows Server 2003

1. Ci t v cu hnh DNS Khi ci t Active Directory trn Windows Server 2003 theo kinh nghim ca ti th cc bn nn ci t DNS trc vi cc thit lp chun. - a ch IP t l a ch tnh v a ch DNS l a ca chnh my mnh. - To Zone trong DNS v thit lp Dynamic Update cho Zone y l mt yu cu bt buc Active Directory c kh nng t ng Update cc thit lp ca mnh vo trong DNS. a. t a ch IP cho my ch - Static IP v DNS vo DNS ca chnh my mnh. Vo card mng thit lp a ch IP cho my ch vi a ch Static l 192.168.100.11, DNS cng l 192.168.100.11.

b. Ci t v cu hnh DNS - Vo Start v chn Administrative Tools \Manage Your Server

- Trong ca s Manage Your Server chn phn u tin Add or Remove a Role ri chn ci t DNS nhn Next v h thng s yu cu bn b ci Windows Server 2003 bn cho a CD hoc tr ng dn ti th mc i386 ca b ci l OK. Kt thc ci t - To Zone trong DNS: Vo Start \Administrative Tools \DNS s xut hin ca s DNS. Trong phn to Zone ny cc bn s phi to dng Forward Lookup Zone Dng Primary Zone. - Chut phi vo Forward Lookup zone chn New Zone.

Nhn Next tip tc, trong ca s ny bn phi la chn gia hai Options: - Domain Controller for a New domain: L thit lp to ra Domain Controller u tin trong Domain - Additional domain Controller : l la chn ci t them mt my ch DC vo cho mt Domain, vi thit lp Hai hay nhiu DC cho mt Domain p ng c khi mt my ch b s c xy ra th h thng vn hot ng bnh thng. y bn chn Option: Domain Controller for a New Domain ci t My ch Domain Controller u tin trn Domain.

Sau khi la chn Options trn bn nhn Next tip tc qu trnh ci t. - Trong ca s tip theo ny c ba Options v cng quan trng khi bn ci t Domain Controller. - Domain in a new forest: Ci t my ch Domain Controller u tin trn Forest s phi la chn thit lp ny v d y ti ci cho domain u tin l: vnexperts.net phi la chn Options ny. - Child domain in an existing domain tree: Nu khi ti c domain vnexperts.net m ti li mun ci t cc domain con bn trong ca n nh: mcsa.vnexperts.net, hay ccna.vnexperts.net th ti phi la chn Options ny. - Domain tree in an existing forest: Nu ti mun to mt domain khc vi tn vne.vn cng trong forest vnexperts.net ti s phi la chn Options ny - C hai options di l vic ci t Multiple domain s c trnh by cc bi vit sau trong bi vit ny ti trnh by ci t my ch Domain Controller u tin trong Domain.

La chn Options u tin ri nhn Next tip tc qu trnh ci t, Trong bc ny h thng yu cu bn l: My ch Domain Controller ny qun l Domain tn l g ti g vnexperts.net

Nhn Next tip tc, la chn NetBIOS name cho Domain. NetBIOS name chnh l tn ca Domain xut hin khi client ng nhp vo h thng. Bn mc nh

Nhn Next bn cn phi la chn ni cha th mc NTDS cho qu trnh Replications ca h thng Domain Controller:

Nhn Next tip tc, bn cn phi thit lp ni lu tr th mc SYSVOL y l th mc bt buc phi trong Partition nh dng NTFS, vi tc dng cha cc d liu Replication cho ton b Domain Controller trong Domain. Nu mc nh h thng s ti th mc %systemroot%\SYSVOL

Nhn Next tip tc, bc ny h thng s hin th cc thong tin v DNS c cu hnh chun cha v cc thong tin v Domain th hin hnh di y. Nu trong bc ny m h thng bo li bn cn phi thc hin li cc bc trong ci t v thit lp DNS. - y ton b thit lp chun

Gi l bc bn nhn Next, v la chn Mode cho Domain. - Domain Function Level c 4 Mode l - Mix Mode l Active Directory c to ra bi c Windows NT Server, Windows 2000 Server, v Windows 2003 Server. Trong Mode ny Active Directory khng c mt s tnh nng cao cp ca Windows Server 2000, v Windows Server 2003, nhng bn s phi buc ci Mode ny khi bn Joint h thng windows 2003 mi vo h thng Windows NT c ang hot ng. - Native Mode: Active Directory c to trn nn tng Windows Server 2000 v Windows Server 2003 nn c gn nh y ht cc tnh nng cao cp ca Active Directory - Interim Mode: c to ra bi Windows NT v Windows Server 2003 tng t nh Mix Mode - 2003 Mode: L mode cao nht h tr y nht ton b cc tnh nng ca Windows Server 2003. - y trong bc ny ti chn l mode Native

Nhn Next tip tc qu trnh ci t, H thng yu cu thit lp Password trong Restore Mode. - Khi bn backup Active Directory l hon ton d dng trong Windows Server 2003 bi h thng s dng c ch Shadow Backup, cho php backup c nhng d liu, file, service ang hot ng. - Nhng khi bn Restore li s l c vn , Windows khng cho can thip vo File, hay d liu ang c s dng, v khi bn phi khi ng h thng vo Mode m Active Directory khng hot ng th mi Restore c. Ni dung ny s trnh by trong phn sau, Password t trong phn ny chnh l Password ng nhp vo h thng khi Restore li Active Directory.

Sau t Password bn nhn Next h thng s cho bn hin th ton b thng tin nh: - NetBIOS name y l VNEXPERTS - Folder cha d liu ca Active Directory l NTDS u - Tng t vy cc folder SYSVOL - H thng s thng bo l Password ng nhp vo Domain ca User Administrator s tng t nh Password ng nhp ca User Administrator trc khi ci Active Directory.

Nhn Next bt u tin hnh ci t Active Directory

i vi pht cho n khi h thng thong bo hon thnh v yu cu khi ng li l bn hon tt qu trnh ci t Active Directory trn my ch Windows Server 2003.

Trong Phn tip theo ti s trnh by cch Add them mt my ch Domain Controller vo mt Domain c sn v cch Backup cng nh Restore Active Dicrectory.

Phn 3 Backup & Restore Active Directory

Trong phn 1+2 ca Series bi vit v Active Directory ti trnh by v cch thit lp cc thng s cn thit nh t a ch IP tnh cho Card mng, v DNS, v ci t hon chnh mt my ch Domain Controller. Trong phn 3 ny ti trnh by vi cc bn cch backup v restore Active Directory trn my ch Domain Controller phng c s c xy ra.

1. Cng ngh NTBACKUP trong Windows Server 2003. Backup v Restore l mt trong nhng kin thc v cng quan trng trong vic m bo h thng hot ng mt cch hiu qu, v trnh c nhng s c ng tic xy ra. Trong Windows Server 2003 c s dng mt cng c backup d liu l: ntbackup. - NTBACKUP trong Windows Server 2003 s dng cng ngh backup l Shadow Copy backup c nhng d liu ang hot ng nh SQL, hay dch v Active Directory, cc file ang chy hay cc folder b cm truy cp - Nhng trong Windows C mt quy nh l khng cho can thip vo cc file hay d liu ang ang c mt chng trnh khc ang hot ng hay ang s dng. - V hai iu ny c ngha l bn hon ton c th backup c Active Directory theo mt cch no , nhng bn khng th Restore li c bi Service ny hot ng t lc h thng bt u khi ng. Vy khng c cch no Restore sao, tht may mn Microsoft tnh ton n tnh hung ny v trong bi vit ny ti s gii thiu vi cc bn cch Backup v Restore d liu ca Active Directory. - Khi backup System State s cha ton b thng tin ca Active Directory. 2. Backup v Restore Active Directory trong my ch Domain Controllers. a. L thuyt - Sau phn 1+2 ti c mt Domain vi tn min l: vnexperts.net c my ch Domain Controller ci dch v Active Directory l dc1.vnexperts.net.

- Step 1: To mt OU trong Active Directory vi tn MCSA trong OU ny ti to tip mt User Name l Hoang Tuan Dat. - Step 2: Backup Active Directory - Step 3: Xo OU v User va to ra - Step 4: Khi phc li d liu Active Directory va b xo. b. Trin khai. Step 1 - Log on vo my ch Domain Controller bng user administrator - Vo Start v All Programs v Administrative tools v Active Directory Users and Computers.

Chut phi vo Active Directory domain vnexperts.net chn New Organizational Unit (OU) vi tn MCSA - Vo trong OU MCSA kick chut phi chn New User Account - to mt ti khon User mi. - y ti to User tn Hoang Tuan Dat, logon name l tocbatdat

Nhn Next h thng yu cu g Password ca user mi to ra l g ti chn Password l: Password12! - Ch sau khi ci t Active Directory s c mt Default Domain Security Policy yu cu bt k mt user mi to ra u phi c password nh nht l 7 k t v phi phc tp. Nu bn mun chnh li to ra User mt cch n gin hn phi chnh li Default Domain Security Policy ny v Local Policy ca My ch Domain Controllers. - Cch chnh Default Domain Security Policy: Vo Start \All Programs\Administrative tools\Domain Security Policy. Trong Ca s chnh Policy bn chn chn Account Policies Password Policies. Tip n bn phi chnh hai thong s l Minimum Password Lengh, v Password must meet complexity Requirements ( di ti thiu v phi phc tp) nhp p chut tri s xut hin nh hnh di y bn b du Check Box Define this policy setting thc hin vi c hai thit lp.

- Vo Run g Gpupdate /force apply s thay i policy trong domain sau bn phi chnh c trong Local Policy ca my ch Domain Controller na th mi to c User dng Password l trng (blank). - Vo Run g gpedit.msc chnh Local Policy cho my ch Domain Controllers. Tng t chnh cc thng s trong Password Policy. Lu mt iu nu bn cha b du check box trong Domain Policy th vo Local Policy s khng chnh c cc thng s ny. - Chnh Minimum Password Lengh v 0, v Disable Password must meet complexity requirements

Vo Run g Gpupdate /force l OK gi bn c th to user vi password trng Step 2 Backup Active Directory - Vo Run g ntbackup h thng s hin ca s sau y

Bn chn Advanced Mode (dng ch mu xanh) s xut hin ca s Backup Utility Chn Tab Backup s c ca s nh hnh di y.

- Bn mun backup Active Directory bn cn phi Backup System State. thy khi backup System State s bao gm rt nhiu thng tin: Active Directory, Boot Files, Registry, SYSVOL - Sau khi chn System State, cn phi thit lp ni cha file Backup, y ti chn l lu ti C: v tn file l Backup.bkf - Nhn Start Backup bt u Backup d liu.

Khi nhn Start Backup h thng s bt ra ca s nh hnh di y bn chn Start Backup bt u thc hin backup.

Ca s hin th qu trnh Backup ang c thc hin, bn i mt lt h thng hon thnh cng vic

Step 3 Xo d liu trong Active Directory. Sau khi h thng kt thc vic Backup System State bn vo Active Directory (nh cch vo bn trn) chut phi vo OU MCSA chn Delete, xo d liu trong Active Directory

Step 4 Restore Acitve Directory. Nh ti trnh by trn, bn khng th thc hin Restore thao tc ln cc d liu ang hot ng, gi ti phi khi ng li my ch Domain Controller. - Trong lc my tnh ang khi ng nhn F8 chn cc Mode ca h thng nh cch vo Safe Mode - Trong Menu cc Mode ti phi chn "Directory Service Restore Mode" - Bn bt buc phi chn mode ny bi khi bn la chn Mode ny mc nh Service Active Directory s b tt v bn c th thao tc bng cc tc v khc vo d liu ca Active Directory c.

Khi chn khi ng t "Directory Service Restore Mode" h thng s yu cu g User name v Password. - Bn cn nh trong phn 2 ca bi vit v "ci t Active Directory" ti c ni ti mt Password lc ci t, chnh l password bn ng nhp trong khi Restore li Active Directory.

Vo c trong mi trng Windows - Run ntbackup trong ca s ntbackup chn tab Restore - Chn System State restore

Nhn Start Restore h thng bt u ly li d liu nh lc Backup. Di y l ca s h thng ang Restore li System State

Sau khi h thng Restore hon tt s yu cu khi ng li my tnh. - Ln ny bn my tnh khi ng vo bnh thng v cng vic cui cng ca chng ta l xem li xem OU MCSA v User Hoang Tuan Dat xem c cn hay khng - Tht may mn l mi th li nh c

Phn 4 - Addtional New DC

Phn 1+2 ca series bi vit v Active Directory ti trnh by cch ci t v thit lp mt domain vi tn: vnexperts.net. Mt my ch Domain Controller cha ton b d liu DNS, Active Directory ca Domain Vnexperts.net. Trong mt tnh hung h thng c rt nhiu my tnh join vo domain vnexperts.net, khi my ch Domain Controller b gin on iu c ngha ton b cc dch v v tn min, v xc thc ngi dng, v nhiu dch v khc s b gin on. Phn 4 ca bi vit ti trnh by vi cc bn mt cch phng trnh s c xy ra v m bo h thng lun lun hot ng.

1. Replication d liu trong Active Directory. - Active Directory trn my ch Windows Server 2003 c c ch Replications gia cc my ch Domain Controller vi nhau. Cho php nhiu my ch Domain Controller cng qun l chung mt d liu Active Directory, vi d liu v thit lp ging nhau. ng thi cho php nhiu my ch Domain Controllers hot ng vi quyn ngang hng nhau trong Active Directory (Multimaster). - Cc my ch hon ton c kh nng thm d liu vo trong Active Directory (nh vic to User mi, hay thay i thng tin trong Active Directory). Khi bn thay i d liu Active Directory trn mt my ch Domain Controller th chng s t ng ng b ho vi ton b my ch Domain Controller trong h thng mng. - Nh vy nu mt h thng Domain nu bn c mt my ch Domain Controller chng may my ch ny b gin on trong mt thi gian nht nh th c h thng s b t lit. Khc phc vn ny bn ci t thm mt hay nhiu my ch Domain Controller na cng qun l d liu Active Directory v DNS ca h thng. Khi mt trong cc my ch Domain Controller trong h thng phi bo tr hay gin on mt thi gian th h thng vn hot ng bnh thng. - Trong Phn 4 ca bi vit ny ti gii thiu vi cc bn cch to ci t thm mt my ch Domain Controller vo Domain c sn l vnexperts.net vi d liu DNS v Active Directory ging Domain Controller u tin v hot ng vi chc nng tng ng nhau trong h thng. 2. Trin khai Additions Domain Controller mi vo h thng c sn.

- my ch Domain Controller mi hot ng vi chc nng tng ng vi my ch Domain Controller u tin phi p ng: + Cung cp gii php tn min DNS cho cc my Client + Cung cp xc thc v cc d liu lin quan khc ti d liu Active Directory. a. DNS trn my ch Domain Controller mi. - My ch u tin cha ton b d liu DNS v cc thit lp khc trn DNS. my ch th hai ny cng c kh nng p ng cc yu cu DNS ca Client chng ta cn phi to mt bn sao bao gm d liu DNS ging ht my ch u tin. - Trn Windows Server 2003 dch v DNS cho php to Secondary Zone nh mt bn sao d liu DNS t mt Primary Zone c to sn. - Domain ca ti c ci t vi mt my ch DNS v Domain Controller l: dc1.vnexperts.net. - Trn d liu DNS ca dc1.vnexperts.net c mt Primary Zone tn vnexperts.net cha ton b cc record v tn ca domain vnexperts.net. - Yu cu ca ti lc ny l to ra mt my ch vi d liu DNS ging ht dc1.vnexperts.net. Step 1: Trn my ch dc1.vnexperts.net cho php cc my khac ly c d liu Zone vnexperts.net Step 2: Trn my ch mi to Secondary Zone tn Vnexperts.net t my ch dc1.vnexperts.net - trong bi vit ny: dc1.vnexperts.net IP 192.168.100.11 - Ci t dc2.vnexperts.net IP 192.168.100.12 Step 1: Cu hnh trn my ch dc1.vnexperts.net cho php my khc to Secondary Zone vnexperts t my ch ny. Start \ All Programs \ Administrative tools \ DNS Trong ca s DNS chn forward lookup zone trong c Zone vnexperts.net to ra trong phn 1+2 ca bi vit. Chut phi vo tab Zone Tranfers.

- Chn Allow Zone Transfers c 3 options cho bn la chn: + to any server: cho tt c cc my tnh u ly c d liu DNS + Ch cho php my ch no trong NS record (mc nh khi nng cp ln Domain Controller) + Ch cho php cc my ch di y - Ti chn to any server cho d Step 2: to Secondary Zone t my ch khc chun b ci t lm Domain Controller - Ci t dch v DNS nh trong phn 1+2 ca bi vit

- Vo giao din qun tr DNS chut phi vo Forward Lookup Zone chn New Zone nhn Next h thng s bt bn la chn Type Zone bn chn Secondary Zone

Nhn Next tip tc qu trnh thit lp - H thng s yu cu bn tn Primary Zone m bn cn to Secondary Zone ti chn vnexperts.net v ti c Zone ny trn my dc1.vnexperts.net 192.168.100.11 ri.

H thng s yu cu bn g a ch ca my ch cha Primary Zone ca Vnexperts.net - Ti g a ch IP l 192.168.100.11 - i ch ca my ch dc1.vnexperts.net

Nhn Next hon thnh qu trnh to Secondary Zone vnexperts.net trn my ch dc2.

- ly ton b d liu DNS t my ch dc1 v my ch dc2 bn chut phi vo Zone vnexperts.net mi c to ra trn my ch dc2 chn "Transfers from master". - Vo kim tra v kt qu ti c mt bn copy ca d liu DNS trn my ch mi, iu ny c ngha my ch Secondary ny hon ton c kh nng gii quyt vn v tn min trong h thng.

b. Ci t Additions Domain Controller vo mt domain c sn - Vic ci t Addtions mt Domain Controller mi vo mt domain c sn v cng n gin - Step 1 t a ch IP tnh - Step 2 t a ch DNS l a ch DNS ca my ch dc1.vnexperts.net 192.168.100.11 v a ch IP ca chnh n l 192.168.100.12

Khi bn hon tt qu trnh ci t DNS v to Secondary Zone trn my ch mi, bn cn thit phi t a ch ca DNS nh trn bi khi DC1 b hng th h thng vn hot ng bnh thng. - Tip tc qu trnh ci t vo Run g dcpromo.

Nhn Next tip tc qu trnh ci t Addtions Domain Controller

Nhn Next tip tc qu trnh ci t. - n bc chn hai Options: Bn bt buc phi chn Additional domain controller for an existing domain. y chnh l s khc nhau c bn gia ci mi v add vo mt domain c sn

Nhn Next tip tc qu trnh, h thng s yu cu bn g Username, Password v domain m bn cn add vo:

Sau khi in cc d kin t domain, username password.

- Nhn Next h thng t ng tm kim Domain chn, nu bn t a ch DNS cho card mng sai n bc ny s khng tm thy domain m bn cn add vo, khi bn ch cn kim tra li DNS khi t a ch IP l ok. - Nhn Next tip tc

G li tn min bn mun add vo : ti g vnexperts.net (bi ti cn add them mt domain controller vo domain ny). - Nhn Next tip tc qu trnh ci t. H thng yu cu ni cha folder NTDS cho qu trnh Replications trong Domain.

Ti mc nh nhn Next. H thng yu cu v tr folder SYSVOL

mc nh ti nhn Next. H thng yu cu g password dnh cho qu trnh Restore Mode nh trong phn 3 ca bi vit ny ti cp n.

Nhn Next tip tc qu trnh ci t: h thng hin th ton b thong tin v qu trnh thit lp ca ti:

Nhn Next h thng s bt u ci t cho dc2 ny.

i vi pht v khi ng li my sau vo Active Directory Users and Computers xem v ti thy c hai my ch Domain Controller.

Vy l hon tt qu trnh to ra mt Domain Controller mi trong domain vnexperts. Gi ti hon ton c th yn tm tt dc1.vnexperts.net m khng nh hng ti cc dch v ca h thng.

Phn 5 - Child Domain

Mt doanh nghip pht trin vi tr s lm vic trn nhiu lnh th khc nhau, nu mt Domain duy nht khng th gii quyt nhu cu ca doanh nghip. Mt gii php c a ra l ti mi site to mt domain con ca Domain c s to n gin cho ngi qun tr v nng cao p ng cho ngi dng. Trong phn 5 ca bi vit ny ti s trnh by cch ci t hai domain con l: mcsa.vnexperts.net v ccna.vnexperts.net t domain c sn l vnexperts.net. - Phn 1+2 ti trnh by vi cc bn cch ci t mt Domain mi vi tn Vnexperts.net - Trong phn 4 ca bi vit ti trnh by vi cc bn cch ci t Additions mt Domain Controller vo domain Vnexperts.net. - Phn 5 ca bi vit ny ti s trnh by vi cc bn cch ci t Domain con ca domain c sn. - Domain vnexperts.net c hai my ch Domain Controller: dc1.vnexperts.net vi IP l 192.168.100.11 v dc2.vnexperts.net vi a ch IP l 192.168.100.12 - Chun b mt my tnh ci Windows Server 2003 mi vi tn dc3 c a ch 192.168.100.13. v Ti nh ci my ch dc3 s l domain controller ca domain: mcsa.vnexperts.net - t a ch IP sao cho my tnh dc3 nhn bit c domain vnexperts.net + Thit lp a ch DNS trn my dc3 nh di y.

Tng t nh phn 4 ca bi vit to ra mt Secondary Zone ca DNS trn my ch dc3 mi v t a ch IP v DNS nh trn trc khi ci t Active Directory. - Sau khi hon thnh qu trnh to Secondary Zone vnexperts.net ca DNS trn my ch dc3 v t a ch IP nh trn ti vo run g dcpromo bt u qu trnh ci t. Nhn Next nhng bc bt u qu trnh ci t n khi ca s sau xut hin

- Do domain mcsa.vnexperts.net cha c nn khi ci t domain trn my ch dc3 ti phi chn l Domain Controller for a new domain. - Nhn Next n mt bc quan trng nht trong qu trinh ci t.

Bc ny bn phi buc phi chn Option "Child domain in an existing domain tree" - Option u tin l ci t domain controller trn mt domain mi hon ton - Option th hai l ci t domain child trn mt domain c sn - Option th 3 l ci t mt domain mi trn mt domain c sn ti s trnh by trong phn 6 ca bi vit. - Sau khi la chn ng Option 2 nhn Next tip tc qu trnh.

H thng s yu cu bn g domain cha: ti g vnexperts.net v user name no m bn s dng ci t mt domain mi. - Sau khi in y thng tin cn thit ti nhn Next tip tc qu trnh.

H thng yu cu domain cha ti g: vnexperts.net - Trong phn Child domain y l tn domain con mi ti g mcsa. Trong phn tn y ca domain mi ti s thy l: mcsa.vnexperts.net - Nhn Next tip tc qu trnh ci t

- H thng s hin th NetBIOS Name ca domain mi to ra l MCSA ti mc nh, tn MCSA ny chnh l tn khi client join vo domain s la chn trong danh sch nhng domain trong khi logon. - mc nh nhn Next

- V ch th mc NTDS (dng thc hin Replication). - mc nh ti nhn Next tip tc qu trnh ci t

- H thng hi v tr ca th mc SYSVOL ti mc nh v nhn Next tip tc qu trnh.

Tng hp ton b thong tin ti thit lp s c hin th trong bng trn Nhn Next tip tc qu trnh ci t.

mc nh nhn Next tip tc qu trnh ci t.

H thng yu cu g Password dnh cho qu trnh backup v Restore Active Directory trn my ny ti nhp password (phn ny trnh by chi tit trong phn 3 ca bi vit). - Nhn Next tip tc qu trnh ci t.

H thng a cho ti kt qu ton b thit lp v domain mi ca ti l mcsa.vnexperts.net v cc th mc s dng trong Active Directory. - Thy tt c u ng nh yu cu ti nhn Next bt u qu trnh ci t.

H thng ang ci t Child domain mi l mcsa.vnexperts.net trn domain c sn l vnexperts.net. i vi pht hon thnh qu trnh ci t.

Nhn Finish v khi ng li my tnh - Bn khi ti logon li vo my tnh dc3.mcsa.vnexperts.net s sut hin danh sch hai domain

Vo Active Directory Site and Service ti kim tra li qu trnh ci t Domain mi vi kt qu tht ng nh yu cu:

- Start \administrative tools \Active Directory Site and Services xem ton b cc site v cc my ch Domain Controller ca ti. - Kt qu hai my ch dc1 v dc2 l domain controller ca domain vnexperts.net - Dc3 l my ch domain controller ca domain mcsa.vnexperts.net

Tng t nh ci t domain mcsa.vnexperts.net ti tip tc ci t them mt domain con ca domain vnexperts.net na l domain ccna.vnexperts.net tren my ch dc4.

Phn 6 Forest

Bn bao gi thc mc Microsoft c nhng trang web: Microsoft.com, Live.com, hotmail.com nhng khi chng ta to mt ti khon trong Hotmail.com c th s dng ng nhp trn tt c cc trang kia. Vy n phi chia s chung mt s d liu v UsernameTrong phn 6 ca bi vit ny ti s trnh by vi cc bn cch thit lp Domain Forest hiu hn v vn ny. Khi trong cng mt Domain vi nhiu doman con th rt nhiu thng tin trn Domain c Replication, chng ta thit lp nhiu Domain Forest n gin ho qu trnh qun l nhiu site khc nhau cho mt doanh nghip, nhng vn m bo d liu c thng nht.

Trong cc phn trc ti hng dn cc bn ci t v thit lp hon chnh domain: Vnexperts.net vi hai domain con l mcsa.vnexperts.net v ccna.vnexperts.net. Phn 6 ca bi vit ny ti gii thiu vi cc bn to mt Domain forest mi l vne.vn v khi bn c domain forest mi ny bn hon ton c kh nng ci t domain con trn domain forest mi ny.

u tin nh cc phn kia bn phi t a ch IP cho card mng v DNS phi l DNS ca my ch dc1.vnexperts.net 192.168.100.11. Sau khi thit lp a ch IP cho my ch xong ta tin hnh ci t Domain Controller. My ch mi ca ti a ch IP l: 192.168.100.15 vi tn l dc5. V ti cn phi ci t Domain Forest vi tn: vne.vn vo trong forest c sn l vnexperts.net Vo Run g dcpromo bt u qu trnh ci t.

Nhn Next bt u ci t.

Nhn Next bt u ci t. Trong ca s di y bn chn "Domain Controller for a New domain" bt buc bn phi chn Options ny bi domain vne.vn bn cn ci t cha c my ch Domain Controller no c.

Sau khi la chn chun ti nhn Next tip tc qu trnh ci t. n bc quan trng nht vi 3 Option m ti tng ni vi cc bn trn cc phn trc. - Bn buc phi chn Domain Tree in an existing forest (add mt domain tree mi vo trong mt forest c sn). - Ci t mt domain mi hon ton bn phi chn Options u tin, nu chn Option th 2 l ci t Domain Con trong domain tree c sn nh phn 5 ca bi vit ti trnh by

Sau khi chn ng la chn Domain Tree in an Existing forest ti nhn Next tip tc qu trnh ci t. - H thng s hi ti l ai m c quyn add domain tree mi vo forest vnexperts. Ti buc phi khai bo l ngi c quyn lm iu . "administrator".

in y cc thng tin v username, password v domain nhn Next tip tc qu trnh ci t. - H thng s yu cu ti tn Domain Tree mi m ti thit lp l g: ti cn ci t domain mi l vne.vn

- La chn tn mi cho domain: vne.vn trong domain forest vnexperts.net nhn Next tip tc qu trnh ci t. - Yu cu v tr t folder NTDS cha cc thong tin cn Replications, y ti mc nh

Nhn Next tip tc, h thng yu cu v tr cha folder SYSVOL

Nhn Next tip tc qu trnh ci t. H thng s kim tra DNS cho chng ta thy mi th OK

Nhn Next tip tc qu trnh ci t.

mc nh l Domain Function Level l Native Mode.

Nhn next bt u qu trnh ci t. i mt nt h thng hon thnh qu trnh ci t, khi ng li my mi th OK. Sau khi khi ng li my ti Logon h thng s hin ra danh sch domain m ti c th logon vo

Chn VNE ri g username password vo ti ng nhp vo domain mi ca ti. Vo Active Directory Sites and Services kim tra xem mi th ca ti OK cha. V kt qu tht l tuyt mi th u chy tt.

Phn 7 - Rename DC
Sau khi ti ci t v thit lp hon chnh mt domain tn: vnexperts.net vi my ch domain controller l: dc1.vnexperts.net. Sau mt thi gian hot ng gi ti li mun i tn my ch dc1.vnexperts.net thnh my ch vne.vnexperts.net. Trong phn ny ca bi vit ti s hng dn cc bn chi tit cch i tn my ch domain controller (DC) s dng tool "netdom computername". Netdom l mt tool khng c tch hp sn ngay khi ci t h iu hnh nn bn mun s dng n phi add thm vo. Step 1: s dng Netdom tool Step 2: Add mt tn khc cho my ch DC Step 3: Nng cp tn mi thnh tn chnh Step 4: reboot Step 5: Tn mi thc hin y chc nng Step 6: Remove tn c. Step 1 - S dng Netdom tool. Netdom tool c i km trong a ci t Windows Server 2003, ti: CDROM\SUPPORT\TOOLS\SUPPORT.CAB. s dng netdom tool bn m file support.cab chut phi vo file netdom.exe chn extract vo th mc Windows l OK

Th tool netdom vo run g cmd vo mi trng dng lnh g netdom /? s c kt qu nh hnh di y:

Step 2: Add mt thm mt tn mi cho my ch DC My ch DC ca ti c tn dc1.vnexperts.net

gi vic u tin ti s phi add mt tn na vo cho my ch dc1.vnexperts.net ti chn tn vne.vnexperts.net. S dng cu lnh: Netdom Computername dc1.vnexperts.net /add: vne.vnexperts.net

sao li fails nh, ti c k nguyn nhn pht hin ra mt iu l ch khi Domain Function Level l 2003 hoc cao hn th mi c.

Domain Function Level c 4 mc : Mix Mode: Active Directory c qun l bi: Windows NT, 2000, 2003 Interim Mode: Active Directory c qun l bi: NT, 2003 Native Move: Active Directory c qun l bi: 2000, 2003 2003 Mode: AD c qun l bi my ch 2003 v ch khi AD dng ny mi h tr y cc tnh nng ca Active Directory trn Windows Server 2003. Ti buc phi nng cp domain ca ti (mc nh l Mix Mode) ln 2003 Mode. Vo administrative tools -> Active Directory Users and Computers - chut phi vo domain vnexperts chn Raise Domain Function Level.

Sau thc hin li cu lnh: Netdom Computername dc1.vnexperts.net /add: vne.vnexperts.net. Tht may mn kt qu ng nh mong i ti add c them mt tn mi l vne.vnexperts.net cho my ch dc1.vnexperts.net

Step 3: nng cp tn mi thnh tn chnh. Nh vy my ch Domain Controller ca ti c hai tn: dc1.vnexperts.net v vne.vnexperts.net nhng hin ti my ch vn ly tn dc1.vnexperts.net l tn chnh gi ti phi chuyn tn chnh thnh vne.vnexperts.net. S dng cu lnh: Netdom Computername dc1.vnexperts.net /makeprimary: vne.vnexperts.net Thc hin song cu lnh ny h thng s bt ti phi khi ng li.

Step 4: Cho tn mi ca my ch DC thc hin chc nng Sau khi khi ng li my tnh, h thng s vn tn ti hai tn: vne.vnexperts.net v dc1.vnexperts.net v tn vne.vnexperts.net cha hot ng trong khi tn dc1.vnexperts.net b chut quyn. S dng cu lnh: Netdom Computername vne.vnexperts.net /enumerate cho tn mi ca my ch i vo hot ng.

Step 5: Remove tn c My ch Domain Controller ca ti vn tn ti hai tn gi ti cn phi remove tn c l dc1.vnexperts.net S dng cu lnh: Netdom Computername vne.vnexperts.net /remove: dc1.vnexperts.net remove tn c i.

Step 6 Xem kt qu Vo Active Directory User and Computer vo OU Domain Controller xem kt qu c nh hnh di y:

Phn 8 ca bi vit ti s trnh by vi cc bn cch nng cp my ch DC th cp thnh Master phng tnh hung my ch Master b hng.

Phn 8 DC vi tr Master

Active Directory cho php nhiu my ch Domain Controller hot ng tng ng, tnh nng Replication s t ng ng b ton b d liu gia cc Domain Controller. Tuy nhin c nhng thuc tnh trong Forest v Domain ch c my ch Master th mi c nhng tnh nng . Trong phn ny ca bi vit ti s gii thiu vi cc bn cch thay i vai tr Master trong Active Directory.

Trong hnh v trn th hin h thng vi: 1 Forest l vnexperts.net 2 Domain tree l: vnexperts.net v vne.com 4 Domain con: mcsa.vnexperts.net v ccna.vnexperts.net l omain con ca domain tree vnexperts.net; a.vne.com v b.vne.com l domain con ca domain tree vne.com. Forest Master Role

C h thng trn c mt Forest duy nht l: vnexperts.net V ch c mt my ch Domain Controller trong forest ny hot ng vi vai tr Master, thng l my ch ci Active Directory u tin trn forest. C hai Vai tr Master trong Forest l: - Schema Master Role - Domain Naming Master Role Schema Master Role: Trong Forest ch c my ch ng vai tr Schema Master mi c kh nng update schema - gin ca Active Directory. Trong Forest khi mun thay i bt k cu trc ca Active Directory bn phi l Schema Master. Domain Naming Master Role: My ch Domain Controller vi vai tr Domain Naming Master s m nhim vic to ra domain con mi hay remove mt domain con. Tm li s hot ng vi chc nng qun l tn to v xo domain. Domain Master Role Mi Domain Tree hay Domain con trong Domain Forest u c mt my ch ng vai tr Master Domain Role. My ch hot ng vi vai tr Domain Master Role mc nh l my ch Domain Controller u tin ca Domain . C 3 Domain Master Role: - Relative Identifier - RID Master - Primary Domain Controller PDC Master - Infrastructure Master Mi Domain ch c mt my ch m nhim vai tr Domain Master Role, c th mt my ch m nhim tt c cc tc v trn nhng bn c th gn cho mi my ch lm mt nhim v trn. RID Master: Mi domain trong Forest ch c mt Domain Controller ng vai tr RID Master. Khi mt user, mt computers c to mi trong active directory th RID ng vai tr kim tra tnh duy nht ca record . Sau RID gn cho mi thng tin mt Security ID. PDC Master: Trong mi domain c mt PDC master, khi h thng bao gm cc my ch domain controller: NT v c 2003. PDC lm nhim v cho php client i password, sau thc hin Replications vi cc Domain Controller khc trong Domain. Infrastructure Master: Khi i tn hay add mt user vo mt group no , Infrastructure ca Active Directory s lm nhim v qun l user v group. Mt user c th thuc nhiu group, mt group c th cha nhiu user v group khc v qun l vn thuc v Infrastructure Master.

Trong bi vit ny ti s trnh by vi cc bn c hai tnh hung xy ra khi thay i Master ca Forest hay ca Domain. n gin ti ch thc hin trn forest vnexperts.net khng c domain con hay domain tree, vi hai my ch domain controller: vne.vnexperts.net v dc3.vnexperts.net Forest Master Role v Domain Master Role u l vne.vnexperts.net. 1. Khi tt c cc Domain Controller u hot ng 2. Khi Master Server b hng v bn phi nng cp my th cp ln Master Domain. I. View Master Role xem hin ti Domain Controller no ng vai tr master bn c th thc hin theo cch sau: - Xem RID, PDC, Infrastructure Master role bn ch cn vo Active Directory Users and Computer chut phi ln n chn Operations Master

xem Forest Master role:

- Domain Naming Master Role: vo Administrative Tools chn Active Directory Domains and Trusts chut phi vo n chn Operations Master.

- Schema Master Role: Mun xem c Schema Master Role bn phi vo Active Directory Schema Snap-in, tht khng may l mc nh Active Directory Schema Snapin li khng c t ng ci t cng vi Active Directory. Nhng bn c th ci t Snap-In ny bng cch vo cmd g: regsvr32 schmmgmt.dll ci t Snap-in ny. Sau h thng bo Success:

Vo run g mmc trong ca s ny chn file add/remove Snap-in chn Add ri ch n: Active Directory Schema Snap-in sau chut phi chn Operations Master s xem c my ch no l my ch Schema Master.

II. Thay i Master khi cc Domain Controllers u ang hot ng tt. Tnh hung xy ra khi my ch Master c ci t trc vi cu hnh my khng cao, khng n nh. Cng ty nng cp my ch Domain Controller mi v yu cu mi user v group khng c thay i. Khi bn phi chuyn Master Role cho my ch mi. Vi tnh hung ny chng ta thc hin tng i n gin. Trong m hnh ca ti c hai my ch domain controller: vne.vnexperts.net v dc3.vnexperts.net hin ti my ch vne.vnexperts.net l Master role ca c Forest Master v Domain Master. Ti s chuyn i v tr Master role cho my ch dc3.vnexperts.net a. u tin ti nng Domain Master Role - Bao gm: RID, PDC v Infrastructure.

Vo my ch vne.vnexperts.net vo phn Active Directory User and Computer chut phi ti chn Connect to Domain Controller ri la chn connect vo my ch dc3.vnexperts.net

Nhn OK ri tip tc chut phi vo Domain vnexperts.net chn Operations Master, ngay trong tab u tin l tab RID ti thy: current Master v Change, nhn Change thay i RID master t my ch vne.vnexperts.net sang my ch dc3.vnexperts.net

Tht may mn qu trnh thc hin rt hon ho, c th ti tip tc chuyn sang tab PDC v Infrastructure chuyn master sang dc3.vnexperts.net. b. Nng Forest Master Role - Nh va ni trn Forest Master role c: Schema Master Role v Domain Naming Master role Chuyn Domain Naming master Vo my ch vne.vnexperts.net Administrative tools Active Directory Domain and Trust chut phi vo chn Connect to Domain Controller. Trong ca s ti chn my ch dc3.vnexperts.net ri OK.

Tip n ti chut phi vo Active Directory Domains and Trust chn Operations Master, trong ca s ti thy xut hin: Current Master v my ch cn chuyn sang l dc3.vnexperts.net

Nhn vo Change v kt qu tht tt p! Vic chuyn i Domain Master Role hon ton thnh cng.

Chuyn Schema Master Role Vo run g mmc ri add snap-in Active Directory Schema vo Trong ca s Active Directory Schema ti chut phi chn Change Domain Controller, la chn phn Specify Name ti chn n my ch: dc3.vnexperts.net nhn OK

Trong ca s Active Directory Schema chut phi chn Operations Master, ti thy current master l vne.vnexperts.net my ch cn transfer ti l dc3.vnexperts.net ti nhn vo Change. Kt qu tht ng nh mong i.

Kt thc phn I ny chng ta hon ton c th chuyn i Master Role ca Domain v ca Forest. Nhng ti c mt lu l bn nn thc hin theo th t trn nu bn thc hin bc chuyn i master role ca Schema lun s b li. l kinh nghim thc t ca ti cn ti sao th ti tm hiu v s trnh by vi cc bn cc bi vit sau. II. Tnh hung khi Master Role b hng. Vic chuyn i Master Role khi tt c cc Domain Controller u ang hot ng bnh thng l v cng n gin nh ti trnh by trn, nhng tht khng may i khi my ch Master Role ca chng ta b hng khng th khc phc li c. Yu cu phi nng cp mt my ch Domain Controller c sn trong h thng thnh my ch Master Role ca Forest hay ca Domain tu theo yu cu ca h thng. Lu ch khi no my ch Master Role thc s hng bn mi lm theo phng php ny, bi khi bn t nng cp Master Role cho mt my ch Domain Controller, khi my ch Master trc c bt ln s b sung nhau bi h thng khng th c hai Master Role. Seize Cn c dch l chim ot, v chng ta s dng cng c ny ot quyn Master t mt my ch th cp.

Trong tnh hung 1 ti nng cp my ch dc3.vnexperts.net thnh my ch Master. Gi ti tt my ch dc3.vnexperts.net v thc hin cc bc chim ot quyn master t my ch vne.vnexperts.net, coi nh my ch dc3.vnexperts.net hng hn. Chng ta dung mt tool l: ntdsutil Step 1: vo run g cmd vo command line Step 2: trong giao din ny g ntdsutil trong tools ny chng ta g: roles Step 3: connect vo my ch vne.vnexperts.net (phi s dng FQDN nh th ny) - G connections vo giao din kt ni - G connect to server vne.vnexperts.net kt ni ti my ch cn thit. Step 4: g Quit vo giao din: fsmo maintenance - G Seize Schema Master ri enter - G Seize Domain Naming Master ri enter - G Seize RID Master ri Enter - G Seize PDC ri Enter - G Seize Infrastructure Master ri Enter Di y ti a mt hnh nh v vic Seize (chim ot) Schema Master Role Sau khi g seize schema master h thng s hi ti c chc chn lm vic ny khng ti chn YES h thng bt u Seize i mt lt s hon tt qu trnh C nh vy ti ln lt Seize cc Master role nh: RID, PDC, Infrastructure, Domain Naming

Sau Seize c 5 Master Role ti chn quit, quit thot khi giao din cmd. Khi ng li my tnh vo Active Directory Domain and Trust chut phi chn Operations Master ti xem kt qu lm vic ca ti v kt qu tht tuyt!

Gi ti hon ton c th yn tm l my ch vne.vnexperts.net hot ng nh mt Master Server. Trong bi vit sau ti s bt u trnh by cc bn v Exchange Server 2003.