Active Directory Domain Service

AD DS Design

• Single forest single domain is preferred

• Time is important (PDC)

• Implement multiple/backup domain controllers

• 2,150,000,000 objects per domain

• FQDN less than 64 characters

FSMO (Flexible single master operation)

# To check the FSMO servers

netdom query fsmo

# To transfer / seize

netdom /?

Install Domain controllers in the first site

# Install AD DS on the first DC

Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools

#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName "vccware.com" `
-DomainNetbiosName "VCCWARE" `
-ForestMode "Win2012R2" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) `
-Force:$true

w32tm /config /computer:BJDC01.vccware.com /manualpeerlist:time.windows.com /syncfromflags:manual /update

Change the DNS from 127.0.0.1 back in the network adaptor configuration
# Install AD DS on the second DC

Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools

#
# Windows PowerShell script for AD DS Deployment
#
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-CriticalReplicationOnly:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainName "vccware.com" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC "BJAD01.vccware.com" `
-SiteName "Default-First-Site-Name" `
-SysvolPath "C:\Windows\SYSVOL" `
-SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) `
-Force:$true