——   阿里云购买流程   ——
加入阿里云合作伙伴[云创得力]关联大客户账户购买阿里云产品,享受更多优惠
1.申请产品优惠

咨询客服或网络在线咨询,协助上云服务
点击关联阿里云填写表单,等待客服服务

2.关联大客户账户

①无账号:客服微信发送的注册链接进行关联
②已注册阿里云:客服微信发送关联链接
续费、充值、新购均享优惠。

3.阿里云官网提交订单

产品架构师协助客户挑选配置
阿里云官网选配置提交订单

4.付款开通

付款后,即可申请阿里云原价发票

5.申请阿里云发票凭据

购买后可申请阿里云原价发票

6.技术服务

免费协助配置、备案,售后7*24反馈,全周期专业服务
最高可选208 vCPU,内存3072 GiB,带宽35GBps

热门产品  :
上云必购  :
云服务器 ECS hot
云虚拟主机 hot
云数据库 RDS MySQL 版
云数据库 Redis 版
云数据库 HBase 版
对象存储 OSS
块存储
表格存储
负载均衡
共享流量包
全站加速 CDN
弹性公网 IP
VPN 网关
产品搭配  :
域名注册 hot
阿里企业邮箱 hot
短信服务
日志服务 SLS
内容安全
SSL 证书
号码隐私保护
实时计算 Flink 版
堡垒机
消息队列 Kafka
数据库审计
核心产品  :
DDoS 防护 hot
WEB应用防火墙 hot
SSL 证书
云防火墙
漏洞扫描
CDN
渗透测试
游戏盾
企业应用  :
网站建设 hot
企业网站定制 hot
小程序云
短信服务

Deploying and Managing AD with

发布时间:2020-12-02 16:15:24

  Get-CimInstance -ClassName Win32_Product | Get-Random -Count 3 |fl

  Obtaining a List of Installed Applications:

  Get-CimInstance -ClassName Win32_Product |fl

  Deploying and Managing Active Directory with Windows PowerShell

  Chapter 1. Deploy your first forest and domain

  Get-NetAdapter

  Get-Member

  Set-NetIPAddress

  New-NetIPAddress

  Set-dnsClientServerAddress

  Get-NetIPAddress

  Rename-Computer

  Install-WindowsFeature

  Get-Command

  Format-Table

  Update-Help

  ConvertTo-SecureString


  Get-NetAdapter | Get-Member

  Set-NetIPInterface -InterfaceAlias "10 Network" -DHCP Disabled -PassThru


  New-NetIPAddress `

  -AddressFamily IPv4 `

  -InterfaceAlias "10 Network" `

  -IPAddress 192.168.10.2 `

  -PrefixLength 24 `

  -DefaultGateway 192.168.10.1


  New-NetIPAddress `

  -AddressFamily IPv6 `

  -InterfaceAlias "10 Network" `

  -IPAddress 2001:db8:0:10::2 `

  -PrefixLength 64 `

  -DefaultGateway 2001:db8:0:10::1


  Set-DnsClientServerAddress `

  -InterfaceAlias "10 Network" `

  -ServerAddresses 192.168.10.2,2001:db8:0:10::2


  Get-NetIPAddress -InterfaceAlias "10 Network"


  Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools


  Get-Command -Module ADDSDeployment | Format-Table Name


  Name

  ----

  Add-ADDSReadOnlyDomainControllerAccount

  Install-ADDSDomain

  Install-ADDSDomainController

  Install-ADDSForest

  Test-ADDSDomainControllerInstallation

  Test-ADDSDomainControllerUninstallation

  Test-ADDSDomainInstallation

  Test-ADDSForestInstallation

  Test-ADDSReadOnlyDomainControllerAccountCreation

  Uninstall-ADDSDomainController


  Update-Help -SourcePath \\dc02\PSHelp


  Save-Help -DestinationPath \\dc02\PSHelp -force

  Import-Module ADDSDeployment

  Test-ADDSForestInstallation `

  -DomainName 'afd.ink' `

  -DomainNetBiosName 'afd' `

  -DomainMode 6 `

  -ForestMode 6 `

  -NoDnsOnNetwork `

  -NoRebootOnCompletion


  Deploy the first domain controller and forest


  Install-ADDSForest `

  -DomainName 'afd.ink' `

  -DomainNetBiosName 'afd' `

  -DomainMode 4 `

  -ForestMode 4 `

  -NoDnsOnNetwork `

  -SkipPreChecks `

  -Force


3714.jpg


  a fuller list of the options for Install-ADDSForest:

3714.jpg


  Chapter 2. Manage DNS and DHCP


  Add-DnsServerPrimaryZone

  Add-DnsServerSecondaryZone

  Get-DnsServerZone

  Export-DnsServerZone

  Set-DnsServerPrimaryZone

  Set-DnsServerSecondaryZone

  Add-DnsServerStubZone

  Set-DnsServerStubZone

  Add-DnsServerConditionalForwarderZone

  Add-DnsServerZoneDelegation

  Set-DnsServerZoneDelegation

  Add-DnsServerResourceRecord

  Add-DnsServerResourceRecordA

  Add-DnsServerResourceRecordAAAA

  Add-DnsServerResourceRecordCName

  Add-DnsServerResourceRecordDnsKey

  Add-DnsServerResourceRecordDS

  Add-DnsServerResourceRecordMX

  Add-DnsServerResourceRecordPtr

  Get-DnsServerResourceRecord

  Set-DnsServerResourceRecord

  Set-DnsServerScavenging

  Start-DnsServerScavenging

  Get-DnsServerScavenging


  Add-DhcpServerInDC

  Add-DhcpServerv4Scope

  Add-DhcpServerv4ExclusionRange

  Set-DhcpServerv4OptionValue

  Add-DhcpServerv6Scope

  Add-DhcpServerv6ExclusionRange

  Set-DhcpServerv6OptionValue


  Create new primary zones


  Add-DnsServerPrimaryZone -Name 'nipit.cn' `

  -ComputerName 'dc01.afd.ink' `

  -ReplicationScope 'Domain' `

  -DynamicUpdate 'Secure' `

  -PassThru


  Creating a reverse lookup zone


  Add-DnsServerPrimaryZone -NetworkID 172.16.8.0/24 `

  -ReplicationScope 'Forest' `

  -DynamicUpdate 'NonsecureAndSecure' `

  -PassThru


  Add-DnsServerPrimaryZone -NetworkID 2001:db8:0:10::/64 `

  -ReplicationScope 'Forest' `

  -DynamicUpdate 'Secure' `

  -PassThru


  Creating file-based zones uses the -ZoneFile parameter


  Add-DnsServerPrimaryZone -Name 'nipict.com' `

  -ZoneFile 'nipict.com.dns' `

  -DynamicUpdate 'None'


  Change the settings of a primary zone

  Set-DnsServerPrimaryZone


3714.jpg


  Set-DnsServerPrimaryZone -Name 'nipict.com' `

  -Notify 'NotifyServers' `

  -NotifyServers "192.168.10.201","192.168.10.202" `

  -PassThru


  Get-DnsServerZone -Name ‘nipict.com’ | Format-List


  Export a primary zone


  Export-DnsServerZone -Name '0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa' `

  -Filename '0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.dns'


  The file is saved in the %windir%\system32\dns


  Create secondary zones


  Secondary DNS zones are primarily used for providing distributed DNS resolution when you are using traditional file-based DNS zones. Secondary DNS zones are used for both forward lookup and reverse lookup zones. The DnsServerSecondaryZone set of cmdlets is used to deploy and manage secondary DNS zones.


  A secondary DNS zone is a read-only zone and depends on transferring the data for the zone from another DNS server. That other server must be configured to allow zone transfers.


  Add-DnsServerSecondaryZone –Name 0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa `

  -ZoneFile "0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.dns" `

  -LoadExisting `

  -MasterServers 192.168.10.2,2001:db8:0:10::2 `

  -PassThru


  Set-DnsServerSecondaryZone -Name 0.1.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa `

  -MasterServers 192.168.10.3,2001:db8:0:10::3 `

  -PassThru


  Set-DnsServerPrimaryZone -Name 'nipit.cn' `

  -SecureSecondaries TransferToZoneNameServer `

  -PassThru


  Add-DnsServerStubZone -Name nipict.com `

  -MasterServers 192.168.10.4 `

  -ReplicationScope Domain `

  -PassThru


  Set-DnsServerStubZone -Name nipict.com `

  -LocalMasters 192.168.10.201,192.168.10.202 `

  -PassThru


  Configure conditional forwards


  Add-DnsServerConditionalForwarderZone -Name nipict.com`

  -MasterServers 192.168.10.2,2001:db8::10:2 `

  -ForwarderTimeout 5 `

  -ReplicationScope "Forest" `

  -Recursion $False `

  -PassThru


  Set-DnsServerConditionalForwarderZone -Name nipict.com `

  -MasterServers 192.168.10.3,2001:db8::10:3 `

  -PassThru


  To remove a conditional forward, use the Remove-DnsServerZone


  Manage zone delegation


  Add-DnsServerZoneDelegation -Name nipict.com `

  -ChildZoneName Engineering `

  -IPAddress 192.168.10.12,2001:db8:0:10::c `

  -NameServer dc01.afd.ink`

  -PassThru


  Set-DnsServerZoneDelegation -Name nipict.com `

  -ChildZoneName Engineering `

  -IPAddress 192.168.10.13,2001:db8:0:10::d `

  -NameServer dc02.afd.ink`

  -PassThru


  Manage DNS records


  Get-Help Add-DnsServerResourceRecord* | ft -auto Name,Synopsis


  Name Synopsis

  ----                              --------

  Add-DnsServerResourceRecord Adds a resource record of a specified type to...

  Add-DnsServerResourceRecordA Adds a type A resource record to a DNS zone.

  Add-DnsServerResourceRecordAAAA Adds a type AAAA resource record to a DNS server.

  Add-DnsServerResourceRecordCName Adds a type CNAME resource record to a DNS zone.

  Add-DnsServerResourceRecordDnsKey Adds a type DNSKEY resource record to a DNS zone.

  Add-DnsServerResourceRecordDS Adds a type DS resource record to a DNS zone.

  Add-DnsServerResourceRecordMX Adds an MX resource record to a DNS server.

  Add-DnsServerResourceRecordPtr Adds a type PTR resource record to a DNS server.


  Add-DnsServerResourceRecord -ZoneName "afd.ink" `

  -A `

  -Name wds-11 `

  -IPv4Address 192.168.10.11 `

  -CreatePtr `

  -PassThru


  Add-DnsServerResourceRecordA -ZoneName "afd.ink" `

  -Name wds-11 `

  -IPv4Address 192.168.10.11 `

  -CreatePtr `

  -PassThru


  Add-DnsServerResourceRecord -ZoneName "afd.ink" `

  -AAAA `

  -Name wds-11 `

  -IPv6Address 2001:db8:0:10::b `

  -CreatePtr `

  -PassThru


  Add-DnsServerResourceRecord -ZoneName "afd.ink" `

  -CName `

  -Name wds `

  -HostNameAlias wds-11.afd.ink `

  -PassThru


  Add-DnsServerResourceRecord -ZoneName "afd.ink" `

  -Name "." `

  -MX `

  -MailExchange mail.afd.ink`

  -Preference 10


  Add-DnsServerResourceRecord -ZoneName "afd.ink" `

  -Name "." `

  -MX `

  -MailExchange mail2.afd.ink`

  -Preference 20


  Add-DnsServerResourceRecord Parameters for SRV records:

3714.jpg


  Add-DnsServerResourceRecord -ZoneName "afd.ink" `

  -Name _nntp._tcp `

  -SRV `

  -DomainName "edge-1.afd.ink" `

  -Port 119 `

  -Priority 0 `

  -Weight 0 `

  -PassThru


  HostName RecordType Timestamp TimeToLive RecordData

  --------   ---------- --------- ---------- ----------

  _nntp._tcp SRV 0 01:00:00 [0][0][119][edge-1.afd.ink.]


  Configure zone scavenging and aging (配置区域清理和老化)


  Set-DnsServerScavenging -ScavengingState:$True `

  -ScavengingInterval 4:00:00:00 `

  -RefreshInterval 3:00:00:00 `

  -NoRefreshInterval 0 `

  -ApplyOnAllZones `

  -PassThru


  Get-DnsServerScavenging


  Start-DnsServerScavenging


  Deploy DHCP


  Install-WindowsFeature -ComputerName dc01 `

  -Name DHCP `

  -IncludeAllSubFeature `

  -IncludeManagementTools


  Add-DhcpServerInDC -DnsName 'dc01.afd.ink' -PassThru


  Add-DhcpServerv4Scope -Name "afd-dhcp" `

  -ComputerName "dc01" `

  -Description "Default IPv4 Scope for afd.ink" `

  -StartRange "172.16.8.100" `

  -EndRange "172.16.8.200" `

  -SubNetMask "255.255.255.0" `

  -State Active `

  -Type DHCP `

  -PassThru


  Add-DhcpServerv4ExclusionRange -ScopeID "172.16.8.0" `

  -ComputerName "dc01" `

  -StartRange "172.16.8.100" `

  -EndRange "172.16.8.120" `

  -PassThru


  Set-DhcpServerv4OptionValue -ScopeID 172.16.8.0 `

  -ComputerName "dc01" `

  -DnsDomain "afd.ink" `

  -DnsServer "172.16.8.10" `

  -Router "172.16.8.1" `

  -PassThru


  Add-DhcpServerv6Scope -Name "afd-IPv6-Default" `

  -ComputerName "dc01" `

  -Description "Default IPv6 Scope for afd.ink" `

  -Prefix 2001:db8:0:10:: `

  -State Active `

  -PassThru


  Add-DhcpServerv6ExclusionRange –ComputerName dc01 `

  -Prefix 2001:db8:0:10:: `

  -StartRange 2001:db8:0:10::1 `

  -EndRange 2001:db8:0:10::20 `

  -PassThru


  Set-DhcpServerv6OptionValue -Prefix 2001:db8:0:10:: `

  -ComputerName "dc01" `

  -DnsServer 2001:db8:0:10::1 `

  -DomainSearchList "afd.ink" `

  -PassThru


  Chapter 3. Create and manage users and groups

  ADUser

  ADGroup

  ADGroupMember

  ADAccountPassword

  ADPrincipalGroupMembership

  ADObject

  ADComputer


  Import-CSV

  ConvertTo-SecureString

  Get-Command

  Test-Path

  Read-Host

  Write-Host


  Create users


  New-ADUser


3714.jpg


3714.jpg

3714.jpg


  Get-ADUser -Identity Administrator


  $SecurePW = Read-Host -Prompt "Enter a password" -asSecureString

  New-ADUser -Name "gazh" `

  -AccountPassword $SecurePW `

  -SamAccountName 'gazh' `

  -DisplayName 'gazh' `

  -Enabled $True `

  -PassThru `

  -PasswordNeverExpires $True `

  -UserPrincipalName 'gazh'


产品问题、配置报价、售后请添加微信客服
产品使用问题、技术团队微信学习交流群(实时更新)