Active Directory Administration Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Promoting the server to a read-only domain controller

Follow these steps to promote the server to a domain controller:

  1. Open Server Manager or return to it when you've accomplished the previous steps
  2. In the left navigation pane, click AD DS.
  3. Click the More... link in the yellow ribbon titled: Configuration required for Active Directory Domain Services at server.
  1. In the All Servers Task Details and Notifications, follow the link to Promote this server to a domain controller:
  1. This starts the Active Directory Domain Services Configuration Wizard.
In the top-right corner of every  Active Directory Domain Services Configuration Wizard  screen, it shows you the hostname of the Windows Server installation you're promoting to a domain controller.
  1. On the Deployment configuration screen, as seen in the preceding screenshot, select Add a domain controller to an existing domain. Then, input the DNS domain name and administrator credentials for the Active Directory domain for which you intend to add a read-only domain controller. Click Next > to proceed to the Domain Controller Options screen: 
  1. On the Domain Controller Options screen, we're presented with a couple of options:
    • Select the option to add a Read only domain controller (RODC):
      When preferred, select the options to install the Domain Name System (DNS) Server and configure the intended read-only domain controller as a global catalog, too.
    • Select a site name from the drop-down list of available Active Directory sites.
    • Enter the Directory Service Restore Mode password for the intended read-only domain controller
  1. Click Next > to proceed to the next screen.
  2. On the RODC options page, perform the following optional actions:
    1. Select a user account for delegation.
    2. Select the accounts that are allowed to replicate passwords to the RODC.
    3. Select the accounts that are denied from replicating passwords to the RODC.
If a group or an account features on both the accounts that are allowed to replicate passwords to the RODC  and accounts that are denied from replicating passwords to the RODC , then the group or account is denied from replicating the password to the RODC.
  1. Click Next > to proceed to the next screen.
  2. On the Additional Options screen, select a fully writable domain controller to replicate the Active Directory database and the Active Directory SYSVOL from.
    Click Next > to continue to the Paths screen:
  1. On the Paths screen, verify the default locations underneath C:\Windows or change the values to store Active Directory-related files somewhere else.
  2. Click Next > to proceed.
  3. On the Review options screen, review the choices made. Click Next > to proceed to the Prerequisites Checks screen.
The  Review options  screen features a button labeled  View script. This button displays the Windows PowerShell script used to execute the r ead-only domain controller promotion. This reusable script may be a real time-saver, especially when adding several r ead-only domain controllers to an existing domain. 
  1. After the prerequisites checks have been performed, click Install on the Prerequisites checks screen to start promotion.

After successful promotion, the Windows Server installation will reboot as a read-only domain controller.

上一章目录下一章