TRIN KHAI ACTIVE DIRECTORY DOMAIN

SERVICES

Active Directory Domain Services (AD DS) l mt dch v trn Windows Server
2008,s dng thng tin lu tr trong Active Directory qun l cc i tng
users,group,computer.Cc i tng ny c t chc theo mt cu trc phn
cp.Gm c cc kiu :

Active Directory forest ( forest l i tng c to ra t mt nhm gm 2

hay nhiu domain tree c quan h tin cy vi nhau trust relationship)
Cc domain tree trong forest
Cc Organization Unit (OU) trong mi Domain

Nhng im mi ca Active Directory Domain Services ca Windows Server 2008 :

Auditing : lu tr cc s kin lin quan n nhng i tng trong Active

Directory.T c th bit c i tng thay i nhng g.V gi tr hin
tai v gi tr trc khi thay i cng c h thng ghi nhn li.
Password Policies c th c cu hnh cho nhng i tng ring bit
trong mt domain.V th bn s khng phi s dng chung mt chnh sch
mt khu cho tt c cc ngi dng trong cng mt domain
Read-Only Domain Controller l mt Domain Controller vi c s d liu
Active Directory dng read-only.Dch v ny gip bn tm bo mt c i
vi nhng ni m bo mt cha c m bo cao ,chng hn nh cc vn
phng .Read-Only Domain Controller khng cho php cc domain controller
cp thp hn thc hin nhng thay i ln Active Directory
Restartable AD DS : c im ny gip bn khi ng li AD DS trong khi
vn gi nguyn trng thi hot ng ca Domain Controller,gip bn hon
thnh nhng thao tc offline mt cch nhanh chng
Active Directory Certificate Services (AD CS) l mt dch v c dng
sinh ra v qun l cc certificate trn nhng h thng s dng cng ngh
public key .Bn c th s dng ADCS to ra cc my ch chng thc CA
( Certification Authorities) .Cc CA c tc dng nhn yu cu v chng
thc,sau x l v gi cc chng thc v li cho i tng gi yu
cu.
Active Directory Federation Services (AD FS) l mt dch v cung cp c
ch ng nhp - single sign-on(SSO) ,cho php bn ng nhp ch mt ln
nhng c th dng nhiu ng dng Web c quan h vi nhau
Active Directory Rights Management Services (ADRMS) l dch v c
dng kt hp vi cc ng dng h tr AD RMS (AD RMS enable
application),nhm bo v d liu quan trng ( bo co ti chnh,thng tin
khch hng,n hng,s sch k khai k ton .v..v.) trc nhng i tng

ngi dng khng c php (unauthorized users).Vi AD RMS,bn c th

xc nh nhng ai c th thc hin cc thao tc nh xem,chnh sa,in
n.trn d liu ca mnh
Active Directory Lightweght Directory Services (AD LDS) l mt dch
v th mc LDAP (Lightweght Directory Access Protocol) trn Windows Server
2008.AD LDS cung cp mt c ch nhm h tr cc ng dng directoryenabled ( s dng th mc lu tr d liu) .Dch v ny c chc nng
tng t nh AD DS,nhng khng i hi phi trin khai cc domain hoc
Domain Controller
(Mt ng dng directory enabled l ng dng khng dng c s d liu,file hoc
cc cu trc lu tr khc,m thay vo l th mc lu tr d liu ca mnh.Cc
ng dng dng ny c th l h thng qun l quan h khch hng,h thng qun
l nhn lc.)
CHUN B TRC KHI CI T.
1. Thit lp a ch IP cho card mng ca server hoc bn c th thit lp a ch
IP ca cc DNS Server trong h thng.Nu server ny l Domain Controller v
DNS Server u tin,qu trnh ci t AD DS s bao gm c vic ci t DNS
Server
2. Nu mun b sung server ny vo mt forest tn ti trn Windows Server
2000,Windows Server 2003 bn phi cp nht thng tin v forest bng lnh
adprep /forestprep
3. Nu mun b sung server ny vo mt domain tn ti trn Windows
Server 2000,Windows Server 2003 ,bn phi cp nhp thng tin v domain
v group policy bng lnh adprep /domainprep /gpprep
4. Nu mun ci t mt Read-Only Domain Controller,bn phi chun b forest
bng lnh adprep /rodcprep
5. Xy dng cc DNS Server trong h thng mng nu c,trong qu trnh ci t
AD DS s c ci t DNS Server
CI T DOMAIN CONTROLLER (DC)
Cng nh Windows Server 2003,th Windows Server 2008 trc khi nng cp ln
DC phi cu hnh Preferred DNS v IP Loopback l 127.0.0.1 hoc v IP
192.168.1.1

 Windows Server 2003, ci t thm cc dch v nh DHCP,DNS vo

Add/Remove Windows Components . Windows Server 2008 c thay th
bng cng c qun tr Server Manager vi cc Roles v Features.V mc nh
Windows Server 2008 cha ci t cc dch v nn bn phi ci t dch v AD DS
trc khi ln Domain Controller.

Vo Server Manager Add Roles .Chn dch v Active Directory Domain

Services

Chn Next.Ti bng Active Directory Domain Services gii thiu cho bn v dch v
ny v mt s lu khi ci t trong phn Things to Note

Chn Next tip tc.Ti bng Confirm Installation Selections s yu cu bn xc

nhn ln cui trc khi ci t.Chn Install

i cho n khi hon tt qu trnh ci t dch v Active Directory Domain Services

Chn Close hon tt

Vo Run g dcpromo v chn OK

i trong vi giy h thng kim tra ci t dch v AD DS cha.

Ti bng Welcome to the Active Directory Domain Services Installation Wizard chn
Next

Ti bng Operating System Compability s cho bn bit v tnh tng thch ca

Windows Server 2008.

Chn Next tip tc

Ti bng Choose a Deployment Configuration chn Create a new domain in a
new forest to mt domain mi trn mt forest mi

Chn Next tip tc.Ti bng Name the Forest Root Domain.Ti FQDN of the
forest root domain g tn domain vo.Sau chn Next v ch vi giy h
thng kim tra tn domain s dng cha .

Ti bng Set Forest Functional Level,chn phin bn Windows Server 2008 tn

dng ht tnh nng .Sau chn Next

Ti bng Additional Domain Controller Options,h thng kim tra xem th dch
v DNS Server c cha,v t ng nh du ci t DNS Server.Lu l bn
khng th ci t Read-only domain controller trn DC u tin ny

Chn Next.Ti bng Location for Database,Log File,and SYSVOL cho php bn thit
lp ng dn ca database,log file v sysvol.Hy mc nh trong C:\Windows

Chn Next tip tc.Ti bng Directory Services Restore Mode Administrator
Password,thit lp password.Lu ,password ny khng phi l password ca ti
khon Administrator trong domain v password phi theo kiu complexity (gm cc
k t a,A,@,1.)
y ti s g password l pass@word1

Chn Next.Ti bng Summary cho bn bit thng tin m bn thit lp trn.Nu
ng v y ,chn Next thc hin vic ci t

H thng ang tin hnh ci t

Sau khi ci t hon tt ,chn Finish kt thc

Khi ng li thay i c hiu lc

Kim tra h thng.