Active Directory Domain Service

AD DS Design

• Single forest single domain is preferred

• Time is important (PDC)

• Implement multiple/backup domain controllers

• 2,150,000,000 objects per domain

• FQDN less than 64 characters

FSMO (Flexible single master operation)

# To check the FSMO servers

netdom query fsmo

# To transfer / seize

netdom /?

Install Domain controllers in the first site

# Install AD DS on the first DC

Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools

## Windows PowerShell script for AD DS Deployment#Import-Module ADDSDeploymentInstall-ADDSForest `-CreateDnsDelegation:$false `-DatabasePath "C:\Windows\NTDS" `-DomainMode "Win2012R2" `-DomainName "vccware.com" `-DomainNetbiosName "VCCWARE" `-ForestMode "Win2012R2" `-InstallDns:$true `-LogPath "C:\Windows\NTDS" `-NoRebootOnCompletion:$false `-SysvolPath "C:\Windows\SYSVOL" `-SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) `-Force:$true

w32tm /config /computer:BJDC01.vccware.com /manualpeerlist:time.windows.com /syncfromflags:manual /update

Change the DNS from 127.0.0.1 back in the network adaptor configuration
# Install AD DS on the second DC

Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools

## Windows PowerShell script for AD DS Deployment#Import-Module ADDSDeploymentInstall-ADDSDomainController `-NoGlobalCatalog:$false `-CreateDnsDelegation:$false `-CriticalReplicationOnly:$false `-DatabasePath "C:\Windows\NTDS" `-DomainName "vccware.com" `-InstallDns:$true `-LogPath "C:\Windows\NTDS" `-NoRebootOnCompletion:$false `-ReplicationSourceDC "BJAD01.vccware.com" `-SiteName "Default-First-Site-Name" `-SysvolPath "C:\Windows\SYSVOL" `-SafeModeAdministratorPassword (ConvertTo-SecureString "123.com" -AsPlainText -Force) `-Force:$true