Trust Relationship

Quy hoch Active Directory
Quy Hoch Active Directory

Author: Trn Anh Qun
MCSA, MCSE, MCTS
I. Thit k m hnh OU trong AD:
1. L do c thi!t "! #$:
OU c dung qun tr v mt chinh sach nh chung ta mun tt c cac nhn vin thuc phong KinhDoanh trong mi
trong tht c cai t tu ng MS OIIiceXP hay update nhung bn va nao khi ng nhp h thng thi chung ta phi tong tac qua
OU. Nhng r rang chung ta khng th qun ly v quyn han truy cp cua cac user nay bng OU, chinh vi vy chung ta cn phi tao ra
cac group va gan quyn thng qua nhung group nay
%. C&c '()c to #$, *rou+ v, $-er tron. AD
Tao 4 OU:
- BanGiamDoc
- KyThuat
INFORMATICS SERVICE PROVIDER INC
- KinhDoanh
- HanhchinhKetoan
Tao 4 Group tong ung voi mi OU
Tao cac User tong ung va Add vao tung Group thich hp
Cac boc tao OU:
Su dung cng cu Active Directory Users and Computers ( goi bng lnh tt dsa.msc )
Du tin ta tao OU bng cach phi chut vao tn Domain, chon New, chon Organization Unit.
G tn Ou cn tao
Tao tip Group tong ung cung bng cach bng chut vao tn OU tong ung, chon New, chon Group.
Tao tip User cung bng cach bng cach phi chut vao tn Domain, chon New, chon User.
Tin hanh add cac User tong ung vao tung Group
Phi chut vao Group BanGiamDoc chon Properties
Trong cua s BanGiamDoc Properties chon Add
Trong cua s Select Users, Contacts, Computers, or Groups chung ta g tn User la Giamdoc1
Bm Ok hoan thanh qua trinh Add User vao Group
Theo cac boc tong tu nh trn chung ta tao ra cac OU, Group va User tong ung con lai
II. Thit l m!i "u#n h$ Tru%t gi&# ' (ore%t:
Forest thu nht co tn la ISPHN1.COM
Forest thu hai co tn la ISPHCM1.COM
Chung ta s tao mi quan h Trust giua hai Iorest sao cho user cua Iorest nay co th ngi trn may tinh thuc Iorest kia ma vn truy
cp c vao Domain cua minh.
)*u + c,n h-i .#i%e /om#in v0 1ore%t l2n '334 5 /%#.m%c v0 /om#in.m%c 6
D thuc hin c Trust giua 2 Forest chung ta cn phi thit lp o 3 boc:
1. D/S:

DNS giu mt vai tro rt quan trong khi thit lp mi quan h Trust Forest. Nu DNS c cu hinh khng ung chung ta s
khng th nao thit lp c mi quan h Trust Forest.
Troc tin chung ta tin hanh kim tra DNS trn local Domain bng cng cu NSLOOKUP:
Nh hinh trn chung ta thy DNS khng th phn gii c tn cua chinh no. Nguyn nhn la do trong DNS database thiu
mt PTR Record ( Loai bn ghi phn gii ngc tu a chi IP ra tn host ). Chung ta s khc phuc bng cach thm 1 PTR Record vao
Reverse Lookup Zone cua DNS.
Bm phi chut vao subnet cua Domain ISPHN1.COM, chon New Pointer
Tai hp New Record chung ta in a chi IP cua may server tai ISPHN1.COM. Tai phn Host name chung ta g chinh xac tn FQDN
cua server vao. O vi du nay la ad.isphn1.com. Sau y chung ta bm OK tao mt bn ghi PTR moi.
Sau khi tao bn ghi moi, chung ta vao CMD g cu lnh IPCONFIG /FLUSHDNS va IPCONFIG /REGISTERDNS cp nht thay
i trong DNS
Sau y chung ta chay lai cu lnh NSLOOKUP ta s thy DNS phn gii thanh cng tn cua Server ra a chi IP
By gio tao Trust voi may chu trong Forest ISPHCM1.COM chung ta cn phn gii c tn may chu DNS trong HCM.
Nh trn hinh trn chung ta thy server tai HN cha th phn gii c tn server cua HCM la ISPSERVER.ISPHCM1.COM
Chung ta khc phuc bng cach nh sau.
Chung ta vao DNS tai server HN, phi chut vao server HN chon Properties
Trong Server Properties chung ta chon Tab Forwarder
Chung ta chon New, g tn Domain trong HCM vao
O Select domain`s Iorwarder IP address list chung ta anh a chi IP cua con DNS server cua ISPHCM1.COM vao. Trong trong
hp nay chung ta g 192.168.2.250
Sau khi add DNS server cua ISPHCM1.COM vao ri, chung ta chay lai 2 cu lnh IPCONFIG /ALL va IPCONFIG /REGISTERDNS
cp nht thay i. Sau y chung ta vao lai NSLOOKUP s thy may chu DNS tai HN co th phn gii c tn cua may chu
DNS tai HCM.
Dn y chung ta cu hinh xong DNS tai HN, cac boc o HCM tin hanh tong tu
%. S0 d1n. c2n. c1 Active Directory Do3in- nd Tru-t 4 .5i t6t c2n. c1 n,y '7n. 89nh do3in.3-c :
Phi chut vao Domain ISPHCM1.COM chon Properties
Trong ISPHCM1.COM chung ta chon tab Trust, sau y chon New Trust
O hp thoai New Trust Wizard chung ta g tn Forest hay Domain cn Trust vao, trong trong hp nay chung ta g ISPHN1.COM.
Bm Next tip tuc
Chung ta chon mi quan h Trust 2 hong co nghia la user c 2 bn u co th chung thuc o Domain khac
Tip theo chung ta chon chiu Trust, chung ta cung lua chon Trust 2 chiu, lua chon nay oi hoi chung ta phi co Account voi quyn
Admin o Domain kia co th thuc hin
Cua s User name and Password hin ra oi ta nhp Account co quyn Admin o Domain i din vao.
Sau khi nhp Account co quyn Admin xong chung ta bm Next. Mo ra cua s Outgoing Trust Authentication Level Local Domain.
Tai y chung ta co 2 lua chon. Chung ta s lua chon phong phap chung thuc Domain Wide Authentication trn local Domain co
nghia la Windows s chung thuc tu ng user cua domain khac i voi cac tai nguyn cua minh. Dy la phong phap chung thuc
thich hp voi cac Domain thuc cung mt t chuc. Bm Next tip tuc
Mo ra cua s Outgoing Trust Authentication Level SpeciIied Domain. Cua s nay la ngc lai cua cua s trn nhm lua chon
phong phap chung thuc trn SpeciIied Domain Chung ta cung chon option Domain Wide authentication
Cua s Trust Selections Complete hin ra thng bao rng qua trinh Trust sn sang. Bm Next tao quan h Trust
Cua s Trust Creation Complete hin ra bao rng tao Trust Relationship thanh cng. Bm Next cu hinh Trust
Trong cua s ConIirm Outgoing Trust chon Yes chp nhn chiu Trust i
Trong cua s ConIirm Incoming Trust chon Yes chp nhn chiu Trust n
Bm Finish hoan thanh qua trinh Trust Relationship
;. *rou+ <o8icy:
Sau khi tin hanh cu hinh xong DNS chun b cho Trust Relationship chung ta tin hanh cu hinh Group Policy.
Yu cu t ra o y la mt user thuc ISPHCM1.COM co th ngi trn may thuc Domain ISPHN1.COM truy cp vao Domain
ISPHCM1.COM.
D thuc hin iu nay chung ta cn chinh sua Group Policy cua Domain ISPHN1.COM cho php user HCM co th log on locally
trn cac may thuc Domain ISPHN1.COM
Chung ta su dung cng cu Domain Controller Security Settings add quyn truy cp log on locally cho cac user.
Cac boc tin hanh nh sau:
O cua s Domain Controller Security Settings, chon Users Right Assigment bn khung bn trai
Tip n chon Allow Log On Locally bn khung bn phi
Trong hp thoai Allow Log On Locally chung ta chon Add User or Group
Sau y trong hp thoai Add user or group chung ta g tn User hay Group o trong HCM ma chung ta cho php log on locally vao
may thuc Domain HN.
O y chung ta s cho php user co tn la KT thuc Forest ISPHCM1.COM co quyn Log On Locally.
Lu y: Sau khi bm OK lu lai thay i, chung ta phi vao RUN g cu lnh GPUPDATE cp nht ngay lp tuc nhung thay i
trong Group Policy.
Dn y chung ta cu hinh thanh cng cac boc Trust giua 2 Forest ISPHN1.COM va ISPHCM1.COM co th cho php 1 User
co tn la KT thuc Forest ISPHCM1.COM co th ngi trn may cua Forest ISPHN1.COM log on vao Forest ISPHCM1.COM.

Trust Relationship

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Trust Relationship

Uploaded by

Copyright:

Available Formats

Quy hoch Active Directory

Quy Hoch Active Directory

You might also like