Windows Server 2008与2012建立林信任详细步骤
<p> 当公司发展规模较大后,会有多个分公司或者合并收购其他公司的情况出现,这时候就会涉及到多个域以及员工工作调离的情况,这里就会牵涉到用户和计算机跨域的迁移。要跨域迁移,我们首先需要建立好两个域的林信任。</p><p> <strong>环境说明</strong>:</p>
<p> contoso.com域:windows server 2008 R2</p>
<p> test.com域:Windows Server 2012</p>
<p> <strong>一、建立DNS辅助区域</strong></p>
<p> 1.登录到windows 2012域,test.com,打开DNS管理器,选中域名->属性。</p>
<center><img border="1" alt="Windows Server 2008与2012建立林信任" width="600" height="439" src="https://img.jbzj.com/file_images/article/201305/2013051210552821.png" /></center>
<p> 2.打开区域传送选项,勾选“允许区域传送”,在“只允许到下列服务器”添加windows 2008 contoso域服务器的地址。</p>
<p> </p>
<center><img border="1" alt="image" width="600" height="418" src="https://img.jbzj.com/file_images/article/201305/2013051210552822.png" /></center>
<p> 3.然后登录到contoso.com域服务器,同样在DNS中建立到test.com的区域传送。</p>
<center><img border="1" alt="image" width="394" height="450" src="https://img.jbzj.com/file_images/article/201305/2013051210552823.png" /></center>
<p> 4.回到test.com,在DNS正向查找区域新建区域。</p>
<center><img border="1" alt="image" width="393" height="449" src="https://img.jbzj.com/file_images/article/201305/2013051210552824.png" /></center>
<p> 5.新建区域向导选择辅助区域。下一步。</p>
<center><img border="1" alt="image" width="600" height="420" src="https://img.jbzj.com/file_images/article/201305/2013051210552825.png" /></center>
<p> 6.输入contoso.com的区域名称。</p>
<center><img border="1" alt="image" width="600" height="418" src="https://img.jbzj.com/file_images/article/201305/2013051210552826.png" /></center>
<p> 7.在主DNS服务器中添加contoso.com的服务器地址。</p>
<center><img border="1" alt="image" width="600" height="420" src="https://img.jbzj.com/file_images/article/201305/2013051210552827.png" /></center>
<p> 8.完成区域向导建立。</p>
<center><img border="1" alt="image" width="600" height="419" src="https://img.jbzj.com/file_images/article/201305/2013051210552828.png" /></center>
<p> 9.在contoso.com域中用同样的方法建立test.com的辅助区域。</p>
<center><img border="1" alt="image" width="600" height="423" src="https://img.jbzj.com/file_images/article/201305/2013051210552829.png" /> </center>
<p> <strong>二、建立林信任关系</strong></p>
<p> 1.登录contoso.com,打开active directory域和信任关系,打开域的属性。</p>
<center><img border="1" alt="image" width="389" height="444" src="https://img.jbzj.com/file_images/article/201305/2013051210552830.png" /></center>
<p> 2.在信任选项中新建信任。</p>
<center><img border="1" alt="image" width="600" height="414" src="https://img.jbzj.com/file_images/article/201305/2013051210552831.png" /></center>
<p> 3.下一步。</p>
<center><img border="1" alt="image" width="600" height="411" src="https://img.jbzj.com/file_images/article/201305/2013051210552832.png" /></center>
<p> 4.输入需要建立信任的test.com域,下一步。</p>
<center><img border="1" alt="image" width="600" height="457" src="https://img.jbzj.com/file_images/article/201305/2013051210552833.png" /></center>
<p> 5.选择“林信任”</p>
<center><img border="1" alt="image" width="424" height="484" src="https://img.jbzj.com/file_images/article/201305/2013051210552834.png" /></center>
<p> 6.根据实际需求,这里我们选择“双向”信任</p>
<center><img border="1" alt="image" width="600" height="455" src="https://img.jbzj.com/file_images/article/201305/2013051210552835.png" /></center>
<p> 7.选择此域和指定的域。</p>
<center><img border="1" alt="image" width="424" height="484" src="https://img.jbzj.com/file_images/article/201305/2013051210552836.png" /></center>
<p> 8.填入test.com域的管理员和密码。</p>
<center><img border="1" alt="image" width="424" height="484" src="https://img.jbzj.com/file_images/article/201305/2013051210552837.png" /></center>
<p> 9.传出信任,选择全林性身份验证</p>
<center><img border="1" alt="image" width="424" height="484" src="https://img.jbzj.com/file_images/article/201305/2013051210552838.png" /></center>
<p> 10.指定林的身份验证,同样选择全林身份验证。</p>
<center><img border="1" alt="image" width="600" height="452" src="https://img.jbzj.com/file_images/article/201305/2013051210552839.png" /></center>
<p> 11.下一步。</p>
<center><img border="1" alt="image" width="600" height="454" src="https://img.jbzj.com/file_images/article/201305/2013051210552840.png" /></center>
<p> 12.确认传出信任。</p>
<center><img border="1" alt="image" width="600" height="451" src="https://img.jbzj.com/file_images/article/201305/2013051210552841.png" /></center>
<p> 13.确认传入信任。</p>
<p> </p>
<center><img border="1" alt="image" width="600" height="455" src="https://img.jbzj.com/file_images/article/201305/2013051210552842.png" /></center>
<p> 14.完成信任建立。</p>
<center><img border="1" alt="image" width="600" height="454" src="https://img.jbzj.com/file_images/article/201305/2013051210552843.png" /></center>
<p> 15.这里可看到已经建立好了林的信任。</p>
<center><img border="1" alt="image" width="600" height="415" src="https://img.jbzj.com/file_images/article/201305/2013051210552844.png" /></center>
<p> 16.在test.com上也同样建立好了contoso.com的林信任。</p>
<center><img border="1" alt="image" width="600" height="412" src="https://img.jbzj.com/file_images/article/201305/2013051210552845.png" /></center>
頁:
[1]