核心網路指南Core Network Guide

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

本指南計劃和部署所需的正常運作的網路,並在新的樹系新 Active Directory domain 核心元件的方式指示。This guide provides instructions on how to plan and deploy the core components required for a fully functioning network and a new Active Directory domain in a new forest.

注意

本指南已可供下載 TechNet 主題館從 Microsoft Word 格式。This guide is available for download in Microsoft Word format from TechNet Gallery. 如需詳細資訊,請查看核心網路指南適用於 Windows Server 2016For more information, see Core Network Guide for Windows Server 2016.

本指南包含下列各節。This guide contains the following sections.

有關本指南About this guide

本指南適用於安裝新的網路,或想要建立網域型更換網路所組成工作群組網路網路和系統管理員。This guide is designed for network and system administrators who are installing a new network or who want to create a domain-based network to replace a network that consists of workgroups. 本指南提供部署是非常有用,如果您認為需要未來將更多服務及功能新增至您的網路。The deployment scenario provided in this guide is particularly useful if you foresee the need to add more services and features to your network in the future.

您檢視的設計,以及部署引導在本案例中部署用來協助您判斷這個指南提供服務和設定,您需要技術的建議。It is recommended that you review design and deployment guides for each of the technologies used in this deployment scenario to assist you in determining whether this guide provides the services and configuration that you need.

核心網路網路硬體、裝置的收藏,軟體提供的基本服務,您組織的資訊技術 (IT),必須。A core network is a collection of network hardware, devices, and software that provides the fundamental services for your organization's information technology (IT) needs.

Windows Server core 網路為您提供許多好處,其中包括下列。A Windows Server core network provides you with many benefits, including the following.

  • 適用於電腦和其他傳輸控制項通訊協定日網際網路通訊協定 (TCP/IP) 的相容裝置之間網路連接核心通訊協定。Core protocols for network connectivity between computers and other Transmission Control Protocol/Internet Protocol (TCP/IP) compatible devices. TCP/IP 是一套連接電腦以及建立網路標準通訊協定。TCP/IP is a suite of standard protocols for connecting computers and building networks. TCP/IP 是網路通訊協定的軟體提供的 Microsoft Windows 作業系統,實作支援 TCP/IP 通訊協定。TCP/IP is network protocol software provided with Microsoft Windows operating systems that implements and supports the TCP/IP protocol suite.

  • 動態主機設定通訊協定」(DHCP) 自動 IP 位址指派的電腦和其他裝置設定為 DHCP 戶端。Dynamic Host Configuration Protocol (DHCP) automatic IP address assignment to computers and other devices that are configured as DHCP clients. 手動所有網路上的電腦上的 IP 位址設定,而且費時彈性不如動態提供電腦與其他裝置使用 DHCP 伺服器的 IP 位址設定。Manual configuration of IP addresses on all computers on your network is time-consuming and less flexible than dynamically providing computers and other devices with IP address configurations using a DHCP server.

  • 網域名稱系統」(DNS) 的名稱解析服務。Domain Name System (DNS) name resolution service. DNS 可讓使用者、電腦、應用程式與服務使用網域全名的電腦或裝置的網路上尋找電腦和裝置的 IP 位址。DNS allows users, computers, applications, and services to find the IP addresses of computers and devices on the network by using the Fully Qualified Domain Name of the computer or device.

  • 森林,這是一或多個 Active Directory 網域分享相同課程和屬性定義(結構描述)、網站及複寫資訊(設定)和樹系的搜尋功能(通用)。A forest, which is one or more Active Directory domains that share the same class and attribute definitions (schema), site and replication information (configuration), and forest-wide search capabilities (global catalog).

  • 建立新的樹系森林根網域,也就是第一個的網域。A forest root domain, which is the first domain created in a new forest. 企業系統管理員和架構管理員群組的樹系管理群組,這位於森林根網域中。The Enterprise Admins and Schema Admins groups, which are forest-wide administrative groups, are located in the forest root domain. 此外,森林根網域,與其他網域,是電腦、使用者和群組物件 Active Directory Domain Services (AD DS) 中的系統管理員所定義的收藏。In addition, a forest root domain, as with other domains, is a collection of computer, user, and group objects that are defined by the administrator in Active Directory Domain Services (AD DS). 這些物件共用常見 directory 資料庫和安全性原則。These objects share a common directory database and security policies. 它們也可以共用與其他網域安全關係,如果您為您的組織成長加入網域。They can also share security relationships with other domains if you add domains as your organization grows. Directory 服務也會儲存 directory 資料,並允許授權的電腦、應用程式和使用者資料的存取。The directory service also stores directory data and allows authorized computers, applications, and users to access the data.

  • 使用者和電腦 account 資料庫。A user and computer account database. Directory 服務提供可讓您的連絡人和電腦連接到您的網路及存取網路資源,例如應用程式、資料庫,共用的檔案和資料夾和印表機授權建立使用者和電腦帳號中央的使用者帳號資料庫。The directory service provides a centralized user accounts database that allows you to create user and computer accounts for people and computers that are authorized to connect to your network and access network resources, such as applications, databases, shared files and folders, and printers.

核心網路也可讓您以調整您的網路,您組織的成長,以及變更 IT 需求。A core network also allows you to scale your network as your organization grows and IT requirements change. 例如,核心網路的問題,您可以新增網域、的 IP 子網路、遠端存取服務、wireless 服務,及其他功能及提供 Windows Server 2016 伺服器角色。For example, with a core network you can add domains, IP subnets, remote access services, wireless services, and other features and server roles provided by Windows Server 2016.

網路的硬體需求Network hardware requirements

若要成功部署核心網路,您必須部署網路的硬體,包括:To successfully deploy a core network, you must deploy network hardware, including the following:

  • 乙太網路、(fast ring)乙太網路,或纜 Gb 乙太網路Ethernet, Fast Ethernet, or Gigabyte Ethernet cabling

  • 中心、層級 2 或 3 切換、路由器或其他裝置執行的轉送電腦與裝置間網路流量的功能。A hub, Layer 2 or 3 switch, router, or other device that performs the function of relaying network traffic between computers and devices.

  • 符合最低的硬體需求各自 client 和 server 作業系統的電腦。Computers that meet the minimum hardware requirements for their respective client and server operating systems.

未提供哪些本指南What this guide does not provide

本指南不提供下列部署的指示:This guide does not provide instructions for deploying the following:

  • 網路的硬體,例如纜、路由器、參數和 hubNetwork hardware, such as cabling, routers, switches, and hubs

  • 其他網路資源,例如印表機和檔案伺服器Additional network resources, such as printers and file servers

  • 連接網際網路Internet connectivity

  • 遠端存取Remote access

  • Wireless 存取Wireless access

  • Client 電腦部署Client computer deployment

注意

電腦執行的 Windows client 作業系統接收 DHCP 伺服器的 IP 位址租用預設設定。Computers running Windows client operating systems are configured by default to receive IP address leases from the DHCP server. 因此,不其他 DHCP」或「網際網路通訊協定第 4 版 (IPv4) 就需要 client 電腦的設定。Therefore, no additional DHCP or Internet Protocol version 4 (IPv4) configuration of client computers is required.

技術概觀Technology Overviews

下列章節提供所需的技術部署建立核心網路簡短的概觀。The following sections provide brief overviews of the required technologies that are deployed to create a core network.

Active Directory Domain ServicesActive Directory Domain Services

Directory 是階層結構網路,例如使用者和電腦上儲存物件的相關資訊。A directory is a hierarchical structure that stores information about objects on the network, such as users and computers. Directory 服務,例如 AD DS,提供適用於儲存 directory 資料,並讓網路使用者和系統管理員可以使用此資料的方法。A directory service, such as AD DS, provides the methods for storing directory data and making this data available to network users and administrators. 例如,AD DS 儲存帳號,包括名稱、電子郵件地址、密碼,以及電話數字的相關資訊,並讓其他授權的使用者在相同網路存取此資訊。For example, AD DS stores information about user accounts, including names, email addresses, passwords, and phone numbers, and enables other authorized users on the same network to access this information.

DNSDNS

DNS 是 TCP/IP 網路,例如網際網路或組織網路的名稱解析通訊協定。DNS is a name resolution protocol for TCP/IP networks, such as the Internet or an organization network. DNS 伺服器主控讓電腦 client 的資訊和服務解析容易辨識,英數 DNS 名稱彼此使用電腦的 IP 位址。A DNS server hosts the information that enables client computers and services to resolve easily recognized, alphanumeric DNS names to the IP addresses that computers use to communicate with each other.

DHCPDHCP

DHCP 是標準簡化主機 IP 設定的管理的 IP。DHCP is an IP standard for simplifying the management of host IP configuration. 標準 DHCP 提供使用 DHCP 伺服器管理 DHCP 式戶端,您網路上的 IP 位址動態配置及其他設定的相關詳細資料的方式。The DHCP standard provides for the use of DHCP servers as a way to manage dynamic allocation of IP addresses and other related configuration details for DHCP-enabled clients on your network.

DHCP 可讓您使用 DHCP 伺服器動態指派的電腦或其他裝置,例如印表機、您區域網路上的 IP 位址。DHCP allows you to use a DHCP server to dynamically assign an IP address to a computer or other device, such as a printer, on your local network. 每個 TCP/IP 網路上的電腦必須唯一的 IP 位址,因為的 IP 位址,其相關子網路遮罩找出主機電腦和電腦連接的子網路。Every computer on a TCP/IP network must have a unique IP address, because the IP address and its related subnet mask identify both the host computer and the subnet to which the computer is attached. 使用 DHCP,您可以確保所有電腦設定為 DHCP 戶端都獲得適當的網路位置的子網路的 IP 位址,使用 DHCP 選項,例如預設閘道和 DNS 伺服器,您可以自動提供 DHCP 戶端正確運作,您網路上所需的資訊。By using DHCP, you can ensure that all computers that are configured as DHCP clients receive an IP address that is appropriate for their network location and subnet, and by using DHCP options, such as default gateway and DNS servers, you can automatically provide DHCP clients with the information that they need to function correctly on your network.

TCP 型網路,它可以減少參與重新設定電腦的系統管理工作量與複雜。For TCP/IP-based networks, DHCP reduces the complexity and amount of administrative work involved in reconfiguring computers.

TCP/IPTCP/IP

以下是在 Windows Server 2016 TCP/IP:TCP/IP in Windows Server 2016 is the following:

  • 網路根據業界標準網路通訊協定的軟體。Networking software based on industry-standard networking protocols.

  • 路由企業網路通訊協定支援 windows 電腦的區域網路(區域網路)和寬區域 (WAN) 環境連接。A routable enterprise networking protocol that supports the connection of your Windows-based computer to both local area network (LAN) and wide area network (WAN) environments.

  • 核心技術與公共事業適用於 windows 的電腦連接的不同系統,以分享的資訊。Core technologies and utilities for connecting your Windows-based computer with dissimilar systems for the purpose of sharing information.

  • 適用於通用網際網路服務,例如全球檔案傳輸通訊協定(檔案)伺服器存取基本知識。A foundation for gaining access to global Internet services, such as the World Wide Web and File Transfer Protocol (FTP) servers.

  • 穩定,延展性跨平台,client 日伺服器架構。A robust, scalable, cross-platform, client/server framework.

TCP/IP 提供基本 TCP/IP 公用程式,可讓 Windows 電腦連接並分享的資訊和其他 Microsoft、非 Microsoft 系統,包括:TCP/IP provides basic TCP/IP utilities that enable Windows-based computers to connect and share information with other Microsoft and non-Microsoft systems, including:

  • Windows Server 2016Windows Server 2016

  • Windows 10Windows 10

  • Windows Server 2012 R2Windows Server 2012 R2

  • Windows 8.1Windows 8.1

  • Windows Server 2012Windows Server 2012

  • Windows 8Windows 8

  • Windows Server 2008 R2Windows Server 2008 R2

  • Windows 7Windows 7

  • Windows Server 2008Windows Server 2008

  • Windows VistaWindows Vista

  • 網際網路主機Internet hosts

  • 蘋果 Macintosh 系統Apple Macintosh systems

  • 大型 IBM 主機IBM mainframes

  • UNIX 和 Linux 系統UNIX and Linux systems

  • 開放 VM 系統Open VMS systems

  • 網路準備印表機Network-ready printers

  • 平板電腦和行動電話有線乙太網路或 wireless 802.11 的技術支援Tablets and cellular telephones with wired Ethernet or wireless 802.11 technology enabled

核心網路概觀Core Network Overview

下圖顯示 Windows Server Core 網路拓撲。The following illustration shows the Windows Server Core Network topology.

Windows Server Core 網路拓撲

注意

本指南也包含針對安全的網路存取方案,例如 802.1 X 有線和 wireless 部署,可以使用核心網路小幫手指南實作提供基本知識選用的網路原則 Server (NPS) 與 Web 伺服器 (IIS) 伺服器加入您的網路拓撲指示。This guide also includes instructions for adding optional Network Policy Server (NPS) and Web Server (IIS) servers to your network topology to provide the foundation for secure network access solutions, such as 802.1X wired and wireless deployments that you can implement using Core Network Companion guides. 如需詳細資訊,請查看部署網路存取驗證和 Web 服務為選擇性功能For more information, see Deploying optional features for network access authentication and Web services.

核心網路元件Core Network Components

以下是核心網路的元件。Following are the components of a core network.

路由器Router

本部署指南核心網路部署具有兩個子網路分隔路由器 DHCP 轉送功能的指示操作。This deployment guide provides instructions for deploying a core network with two subnets separated by a router that has DHCP forwarding enabled. 您可以但是,部署層級 2 切換、層級 3 切換控制或中樞」,根據您的需求和資源。You can, however, deploy a Layer 2 switch, a Layer 3 switch, or a hub, depending on your requirements and resources. 如果您要部署的參數,必須能 DHCP 轉接開關切換至或您必須在每個子網路放置 DHCP 伺服器。If you deploy a switch, the switch must be capable of DHCP forwarding or you must place a DHCP server on each subnet. 如果您要部署的中心,您要部署的單一子網路,不需要 DHCP 轉接或第二個範圍 DHCP 伺服器上。If you deploy a hub, you are deploying a single subnet and do not need DHCP forwarding or a second scope on your DHCP server.

靜態 TCP/IP 設定Static TCP/IP configurations

在這個部署伺服器靜態 IPv4 位址設定。The servers in this deployment are configured with static IPv4 addresses. Client 電腦接收 DHCP 伺服器的 IP 位址租用預設設定。Client computers are configured by default to receive IP address leases from the DHCP server.

Active Directory Domain Services 通用和 DNS 伺服器 DC1Active Directory Domain Services global catalog and DNS server DC1

同時 Active Directory Domain Services (AD DS) 網域名稱系統」(DNS) 名 DC1,提供 directory,此伺服器上安裝並名稱解析服務到所有電腦及網路上的裝置。Both Active Directory Domain Services (AD DS) and Domain Name System (DNS) are installed on this server, named DC1, which provides directory and name resolution services to all computers and devices on the network.

DHCP 伺服器 DHCP1DHCP server DHCP1

DHCP 伺服器,名 DHCP1,提供網際網路通訊協定」(IP) 位址租用電腦網路的範圍的設定。The DHCP server, named DHCP1, is configured with a scope that provides Internet Protocol (IP) address leases to computers on the local subnet. DHCP 伺服器也可以設定的其他領域提供其他子網路到電腦的 IP 位址租用如果 DHCP 轉接在路由器設定。The DHCP server can also be configured with additional scopes to provide IP address leases to computers on other subnets if DHCP forwarding is configured on routers.

Client 電腦Client computers

執行 Windows client 作業系統的電腦設定預設為 DHCP 戶端,從伺服器 DHCP 自動取得 IP 位址和 DHCP 選項。Computers running Windows client operating systems are configured by default as DHCP clients, which obtain IP addresses and DHCP options automatically from the DHCP server.

核心網路計劃Core Network Planning

部署核心網路之前,您必須計劃下列項目。Before you deploy a core network, you must plan the following items.

下列章節這些項目提供更多詳細資料。The following sections provide more detail on each of these items.

注意

如需協助規劃部署,也會看到附錄 E-核心網路規劃準備表For assistance with planning your deployment, also see Appendix E - Core Network Planning Preparation Sheet.

規劃子網路Planning subnets

網路傳輸控制項通訊協定日網際網路通訊協定 (TCP/IP),在路由器用來連接硬體和使用不同的實體網路區段稱為子網路上的軟體。In Transmission Control Protocol/Internet Protocol (TCP/IP) networking, routers are used to interconnect the hardware and software used on different physical network segments called subnets. 路由器也會用來轉送 IP 子網路中的每個之間的封包。Routers are also used to forward IP packets between each of the subnets. 判斷您的網路,包括數目路由器,您需要本文中的指示進行之前,先子網路中的實體配置。Determine the physical layout of your network, including the number of routers and subnets you need, before proceeding with the instructions in this guide.

此外,您必須設定伺服器您網路上的靜態 IP 位址,以判斷您想要核心網路伺服器的所在位置的子網路使用的 IP 位址範圍。In addition, to configure the servers on your network with static IP addresses, you must determine the IP address range that you want to use for the subnet where your core network servers are located. 本指南,私人 IP 位址範圍 10.0.0.1-10.0.0.254 和 10.0.1.1-10.0.1.254 做為範例,但您可以使用您想要任何私人 IP 位址。In this guide, the private IP address ranges 10.0.0.1 - 10.0.0.254 and 10.0.1.1 - 10.0.1.254 are used as examples, but you can use any private IP address range that you prefer.

重要

選取您想要使用的每個子網路的 IP 位址範圍之後,請確定您設定您的路由器,作為子網路上使用路由器安裝所在的相同的 IP 位址範圍的 IP 位址。After you select the IP address ranges that you want to use for each subnet, ensure that you configure your routers with an IP address from the same IP address range as that used on the subnet where the router is installed. 例如是否使用之 IP 位址 192.168.1.1,預設設定您的路由器,但您要安裝路由器上的 IP 位址各種不同的 10.0.0.0 月 24 子網路,必須重新設定要使用 IP 位址 10.0.0.0 24 IP 位址範圍從路由器。For example, if your router is configured by default with an IP address of 192.168.1.1, but you are installing the router on a subnet with an IP address range of 10.0.0.0/24, you must reconfigure the router to use an IP address from the 10.0.0.0/24 IP address range.

下列辨識範圍所指定的網際網路要求建議 (RFC) 1918 年私人 IP 位址:The following recognized private IP address ranges are specified by Internet Request for Comments (RFC) 1918:

  • 10.0.0.0 - 10.255.255.25510.0.0.0 - 10.255.255.255

  • 172.16.0.0 - 172.31.255.255172.16.0.0 - 172.31.255.255

  • 192.168.0.0 - 192.168.255.255192.168.0.0 - 192.168.255.255

當您使用的私人 IP 位址範圍 RFC 1918 中所指定時,您無法直接連接到網際網路,因為要求移或這些位址,會自動捨棄網際網路服務提供者 (ISP) 路由器使用私人 IP 位址。When you use the private IP address ranges as specified in RFC 1918, you cannot connect directly to the Internet using a private IP address because requests going to or from these addresses are automatically discarded by Internet service provider (ISP) routers. 若要新增網際網路連接到您的網路核心之後,您必須合約 isp 取得公用 IP 位址。To add Internet connectivity to your core network later, you must contract with an ISP to obtain a public IP address.

重要

使用私人 IP 位址,您必須使用某些類型的 proxy 伺服器或網路位址轉譯 (NAT) 伺服器来轉換的私人 IP 位址範圍公用 IP 位址,可以在網際網路上傳送到您區域網路上。When using private IP addresses, you must use some type of proxy or network address translation (NAT) server to convert the private IP address ranges on your local network to a public IP address that can be routed on the Internet. 大部分路由器提供 NAT 服務,因此選取路由器 NAT 能力的應該非常簡單。Most routers provide NAT services, so selecting a router that is NAT-capable should be fairly simple.

如需詳細資訊,請查看規劃 DHCP1 部署For more information, see Planning the deployment of DHCP1.

規劃基本所有伺服器設定Planning basic configuration of all servers

每個伺服器的核心網路,您必須重新命名電腦和指派和設定靜態 IPv4 位址和其他 TCP/IP 屬性的電腦。For each server in the core network, you must rename the computer and assign and configure a static IPv4 address and other TCP/IP properties for the computer.

規劃命名規格適用於電腦和裝置Planning naming conventions for computers and devices

在您的網路上的一致性,最好使用一致伺服器、印表機及其他裝置的名稱。For consistency across your network, it is a good idea to use consistent names for servers, printers, and other devices. 電腦名稱可用於協助使用者和系統管理員輕鬆地找出用途和伺服器、印表機或其他裝置的位置。Computer names can be used to help users and administrators easily identify the purpose and location of the server, printer, or other device. 例如,如果您三個 DNS 伺服器、一個金山、洛杉磯,其中一個月在芝加哥,您可能會使用命名規格伺服器功能-位置-號碼:For example, if you have three DNS servers, one in San Francisco, one in Los Angeles, and one in Chicago, you might use the naming convention server function-location-number:

  • DNS 房間 01。DNS-DEN-01. 此名稱代表丹佛,科羅拉多州的 DNS 伺服器。This name represents the DNS server in Denver, Colorado. 如果其他 DNS 伺服器] 會新增丹佛,在名稱數值可以增加,如下所示 DNS-房間 02 和 DNS-房間 03。If additional DNS servers are added in Denver, the numeric value in the name can be incremented, as in DNS-DEN-02 and DNS-DEN-03.

  • DNS SPAS 01。DNS-SPAS-01. 此名稱代表南方 Pasadena,加州 DNS 伺服器。This name represents the DNS server in South Pasadena, California.

  • DNS ORL 01。DNS-ORL-01. 此名稱代表日,其中的 DNS 伺服器。This name represents the DNS server in Orlando, Florida.

本指南伺服器命名規格非常簡單,以及包含主要伺服器功能和數字。For this guide, the server naming convention is very simple, and consists of the primary server function and a number. 例如網域控制站為 DC1],DHCP 伺服器命名 DHCP1。For example, the domain controller is named DC1 and the DHCP server is named DHCP1.

建議您選擇命名規範,才能安裝核心網路使用本指南。It is recommended that you choose a naming convention before you install your core network using this guide.

規劃靜態 IP 位址Planning static IP addresses

您必須先靜態 IP 位址設定每一部電腦,計劃您子網路和 IP 位址範圍。Before configuring each computer with a static IP address, you must plan your subnets and IP address ranges. 此外,您必須判斷您的 DNS 伺服器的 IP 位址。In addition, you must determine the IP addresses of your DNS servers. 如果您要安裝提供其他網路,例如其他子網路或網際網路存取權的路由器,您必須知道路由器,也靜態 IP 位址設定中稱為 [預設閘道 IP 的位址。If you plan to install a router that provides access to other networks, such as additional subnets or the Internet, you must know the IP address of the router, also called a default gateway, for static IP address configuration.

下表範例值提供靜態 IP 位址設定。The following table provides example values for static IP address configuration.

設定項目Configuration items 範例值Example values
IP 位址IP address 10.0.0.210.0.0.2
子網路遮罩Subnet mask 255.255.255.0255.255.255.0
預設閘道器(路由器 IP 位址)Default gateway (Router IP address) 10.0.0.110.0.0.1
慣用的 DNS 伺服器Preferred DNS server 10.0.0.210.0.0.2

注意

如果您打算部署一部以上的 DNS 伺服器,您也可以計劃的其他 DNS 伺服器的 IP 位址。If you plan on deploying more than one DNS server, you can also plan the Alternate DNS Server IP address.

規劃 DC1 部署Planning the deployment of DC1

以下是金鑰規劃步驟之前,請先安裝 Active Directory Domain Services (AD DS) 和 DNS DC1 上的。Following are key planning steps before installing Active Directory Domain Services (AD DS) and DNS on DC1.

規劃樹系根網域的名稱Planning the name of the forest root domain

判斷您的組織需要幾個樹系為 AD DS 設計程序的第一個步驟。A first step in the AD DS design process is to determine how many forests your organization requires. 樹系的最上層 AD DS 容器,並一或多個網域分享的常見架構和通用所組成。A forest is the top-level AD DS container, and consists of one or more domains that share a common schema and global catalog. 組織可以有多個,但最組織的單一森林設計慣用的型號和管理最簡單。An organization can have multiple forests, but for most organizations, a single forest design is the preferred model and the simplest to administer.

當您在組織中建立網域控制站第一次時,您所建立的第一個網域(也稱為森林根網域)和第一次樹系。When you create the first domain controller in your organization, you are creating the first domain (also called the forest root domain) and the first forest. 您需要此動作,使用此快速入門之前,但是,您必須判斷您的組織的最佳網域名稱。Before you take this action using this guide, however, you must determine the best domain name for your organization. 在大部分案例中,組織名稱是網域名稱,且通常係這個網域名稱。In most cases, the organization name is used as the domain name, and in many cases this domain name is registered. 如果您打算部署外部面向網際網路網頁伺服器提供資訊和服務您針對或協力廠商、選擇網域名稱已無法使用,並使您的組織擁有它,然後登記的網域名稱。If you are planning to deploy external-facing Internet based Web servers to provide information and services for your customers or partners, choose a domain name that is not already in use, and then register the domain name so that your organization owns it.

規劃網域功能等級Planning the forest functional level

您必須安裝 AD DS,來選擇您想要使用的樹系功能層級。While installing AD DS, you must choose the forest functional level that you want to use. 網域與樹系的功能,在 Windows Server 2003 Active Directory,提供一種方式可讓網域-或全樹系的 Active Directory 功能,您網路的環境中。Domain and forest functionality, introduced in Windows Server 2003 Active Directory, provides a way to enable domain- or forest-wide Active Directory features within your network environment. 網域功能與樹系的不同層級可用,根據您的環境。Different levels of domain functionality and forest functionality are available, depending on your environment.

樹系功能讓您森林中的所有網域的功能。Forest functionality enables features across all the domains in your forest. 使用下列的樹系功能層級︰The following forest functional levels are available:

  • Windows Server 2008。Windows Server 2008 . 此功能樹系的層級支援執行 Windows Server 2008 和 Windows Server 作業系統的版本中的網域控制站。This forest functional level supports only domain controllers that are running Windows Server 2008 and later versions of the Windows Server operating system.

  • Windows Server 2008 R2。Windows Server 2008 R2 . 此功能樹系的層級支援 Windows Server 2008 R2 網域控制站和執行較新版本的 Windows Server 作業系統的網域控制站。This forest functional level supports Windows Server 2008 R2 domain controllers and domain controllers that are running later versions of the Windows Server operating system.

  • Windows Server 2012。Windows Server 2012 . 此功能樹系的層級支援 Windows Server 2012 網域控制站和執行較新版本的 Windows Server 作業系統的網域控制站。This forest functional level supports Windows Server 2012 domain controllers and domain controllers that are running later versions of the Windows Server operating system.

  • Windows Server 2012 R2。Windows Server 2012 R2 . 此功能樹系的層級支援 Windows Server 2012 R2 網域控制站和執行較新版本的 Windows Server 作業系統的網域控制站。This forest functional level supports Windows Server 2012 R2 domain controllers and domain controllers that are running later versions of the Windows Server operating system.

  • Windows Server 2016。Windows Server 2016. 此功能樹系的層級支援只有 Windows Server 2016 網域控制站和執行較新版本的 Windows Server 作業系統的網域控制站。This forest functional level supports only Windows Server 2016 domain controllers and domain controllers that are running later versions of the Windows Server operating system.

如果您要部署新的網域中新的網域控制站所有將會執行 Windows Server 2016,建議和 Windows Server 2016 森林功能層級設定 AD DS,AD DS 安裝期間。If you are deploying a new domain in a new forest and all of your domain controllers will be running Windows Server 2016, it is recommended that you configure AD DS with the Windows Server 2016 forest functional level during AD DS installation.

重要

引發的樹系功能層級之後,網域控制站執行更早版本作業系統,無法引入樹系。After the forest functional level is raised, domain controllers that are running earlier operating systems cannot be introduced into the forest. 例如,如果您提高 Windows Server 2016 的樹系功能層級,執行的是 Windows Server 2012 R2 或 Windows Server 2008 的網域控制站無法新增樹系。For example, if you raise the forest functional level to Windows Server 2016, domain controllers running Windows Server 2012 R2 or Windows Server 2008 cannot be added to the forest.

下表中提供的 AD DS 範例設定項目。Example configuration items for AD DS are provided in the following table.

設定項目:Configuration items: 範例值:Example values:
完整的 DNS 名稱Full DNS name 範例:Examples:

-corp.contoso.com- corp.contoso.com
-example.com- example.com
森林功能層級Forest functional level Windows Server 2008- Windows Server 2008
Windows Server 2008 R2- Windows Server 2008 R2
Windows Server 2012- Windows Server 2012
Windows Server 2012 R2- Windows Server 2012 R2
Windows Server 2016- Windows Server 2016
Active Directory Domain Services 資料庫資料夾位置Active Directory Domain Services Database folder location E:\Configuration\E:\Configuration\

或接受預設的位置。Or accept the default location.
Active Directory Domain Services 登入檔案的資料夾位置Active Directory Domain Services Log files folder location E:\Configuration\E:\Configuration\

或接受預設的位置。Or accept the default location.
Active Directory Domain Services SYSVOL 資料夾位置Active Directory Domain Services SYSVOL folder location E:\Configuration\E:\Configuration\

或接受預設的位置Or accept the default location
Directory 還原模式系統管理員密碼Directory Restore Mode Administrator Password J\ * p2leO4$ FJ*p2leO4$F
回應檔案名稱(選擇性)Answer file name (optional) 廣告 DS_AnswerFileAD DS_AnswerFile

規劃區域 DNSPlanning DNS zones

主要、Active Directory 整合 DNS 伺服器,預設會建立向前對應區域的 DNS 伺服器角色安裝期間。On primary, Active Directory-integrated DNS servers, a forward lookup zone is created by default during installation of the DNS Server role. 往後對應區域讓電腦與另一部電腦或裝置的 IP 位址,其 DNS 名稱所依據的查詢裝置。A forward lookup zone allows computers and devices to query for another computer's or device's IP address based on its DNS name. 除了區域正向對應,建議您建立 DNS 反向對應區域。In addition to a forward lookup zone, it is recommended that you create a DNS reverse lookup zone. 使用 DNS 反向對應查詢、電腦或裝置探索另一部電腦或裝置使用的 IP 位址的名稱。With a DNS reverse lookup query, a computer or device can discover the name of another computer or device using its IP address. 部署反向對應區域通常改善 DNS 效能和大幅增加 DNS 查詢的成功。Deploying a reverse lookup zone typically improves DNS performance and greatly increases the success of DNS queries.

當您建立反向對應區域時,所定義 DNS 標準中,保留在網際網路 DNS 提供反向查詢執行實際且可靠的方式來命名空間 in-addr.arpa 網域中 DNS 設定。When you create a reverse lookup zone, the in-addr.arpa domain, which is defined in the DNS standards and reserved in the Internet DNS namespace to provide a practical and reliable way to perform reverse queries, is configured in DNS. 若要建立反向命名空間的正確 in-addr.arpa 網域中,使用的數字帶小數點的 IP 位址反向排序。To create the reverse namespace, subdomains within the in-addr.arpa domain are formed, using the reverse ordering of the numbers in the dotted-decimal notation of IP addresses.

In-addr.arpa 網域適用於所有 TCP/IP 網路網際網路通訊協定第 4 (IPv4) 為基礎的位址。The in-addr.arpa domain applies to all TCP/IP networks that are based on Internet Protocol version 4 (IPv4) addressing. 新的時區精靈會自動假設您使用這個網域當您建立新反向對應的區域。The New Zone Wizard automatically assumes that you are using this domain when you create a new reverse lookup zone.

當您執行的新的時區精靈時,建議使用下列選項:While you are running the New Zone Wizard, the following selections are recommended:

設定項目Configuration Items 範例值Example values
輸入區Zone type 主要區域,並市集區域 Active Directory 中選取Primary zone, and Store the zone in Active Directory is selected
Active Directory 區域複寫領域Active Directory Zone Replication Scope 在這個網域中的所有 DNS 伺服器To all DNS servers in this domain
第一反向對應區域名稱精靈頁面First Reverse Lookup Zone Name wizard page IPv4 反向對應區域IPv4 Reverse Lookup Zone
第二個反向對應區域名稱精靈頁面Second Reverse Lookup Zone Name wizard page 網路 ID = 10.0.0。Network ID = 10.0.0.
動態更新Dynamic Updates 允許安全的動態更新Allow only secure dynamic updates

規劃網域存取Planning domain access

若要登入至網域中,電腦必須成員網域的電腦和使用者 account 必須建立在嘗試登入之前 AD DS。To log on to the domain, the computer must be a domain member computer and the user account must be created in AD DS before the logon attempt.

注意

個人電腦正在執行 Windows 有 [本機使用者和群組使用者帳號,稱為安全性帳號 Manager(坡)使用者帳號資料庫資料庫。Individual computers that are running Windows have a local users and groups user account database that is called the Security Accounts Manager (SAM) user accounts database. 當您在本機電腦坡資料庫中建立帳號時,您可以登入本機電腦,但您無法登入網域。When you create a user account on the local computer in the SAM database, you can log onto the local computer, but you cannot log on to a domain. 網域帳號網域控制站,無法使用 [本機使用者和群組本機電腦上的建立的 Active Directory 使用者和電腦 Microsoft Management Console (MMC)。Domain user accounts are created with the Active Directory Users and Computers Microsoft Management Console (MMC) on a domain controller, not with local users and groups on the local computer.

在第一次成功登入後的網域登入認證,除非您的電腦已移除網域,或登入設定的手動變更保存登入的設定。After the first successful logon with domain logon credentials, the logon settings persist unless the computer is removed from the domain or the logon settings are manually changed.

之前您登入網域:Before you log on to the domain:

  • 建立帳號 Active Directory 使用者與電腦。Create user accounts in Active Directory Users and Computers. 每個使用者必須 Active Directory Domain Services 使用者帳號 Active Directory 使用者與電腦。Each user must have an Active Directory Domain Services user account in Active Directory Users and Computers. 如需詳細資訊,請查看在 Active Directory 使用者和電腦建立帳號For more information, see Create a User Account in Active Directory Users and Computers.

  • 請確定正確的 IP 位址設定。Ensure the correct IP address configuration. 若要將電腦加入網域,電腦必須 IP 位址。To join a computer to the domain, the computer must have an IP address. 本指南,伺服器靜態 IP 位址設定,並 client 電腦 IP 位址租用收到 DHCP 伺服器。In this guide, servers are configured with static IP addresses and client computers receive IP address leases from the DHCP server. 基於這個原因,必須先戶端加入網域部署 DHCP 伺服器。For this reason, the DHCP server must be deployed before you join clients to the domain. 如需詳細資訊,請查看部署 DHCP1For more information, see Deploying DHCP1.

  • 加入網域的電腦。Join the computer to the domain. 必須加入網域的電腦提供或存取網路資源。Any computer that provides or accesses network resources must be joined to the domain. 如需詳細資訊,請查看的伺服器電腦加入網域並登入的 Client 電腦加入網域並登入For more information, see Joining Server Computers to the Domain and Logging On and Joining Client Computers to the Domain and Logging On.

規劃 DHCP1 部署Planning the deployment of DHCP1

以下是金鑰規劃步驟之前 DHCP1 上安裝 DHCP 伺服器角色。Following are key planning steps before installing the DHCP server role on DHCP1.

規劃伺服器 DHCP 和 DHCP 轉接Planning DHCP servers and DHCP forwarding

由於 DHCP 訊息廣播的訊息,它們不轉送之間路由器子網路。Because DHCP messages are broadcast messages, they are not forwarded between subnets by routers. 如果您有多個子網路,並想要提供 DHCP 為每個子網路的服務,您必須執行下列其中一個動作:If you have multiple subnets and want to provide DHCP service for each subnet, you must do one of the following:

  • 安裝每個子網路 DHCP 伺服器Install a DHCP server on each subnet

  • 設定路由器 DHCP 廣播的郵件轉寄子網路上並設定多個領域子網路每一個範圍 DHCP 伺服器上。Configure routers to forward DHCP broadcast messages across subnets and configure multiple scopes on the DHCP server, one scope per subnet.

在大部分案例中,設定,將 DHCP 廣播的郵件轉寄路由器有更多成本效益的比 DHCP 伺服器每個區段實體網路上的部署。In most cases, configuring routers to forward DHCP broadcast messages is more cost effective than deploying a DHCP server on each physical segment of the network.

規劃 IP 位址範圍Planning IP address ranges

每個子網路中必須有它自己獨特的 IP 位址。Each subnet must have its own unique IP address range. 這些範圍表示範圍 DHCP 伺服器上。These ranges are represented on a DHCP server with scopes.

領域是使用 DHCP 服務子網路上的電腦的 IP 位址管理群組。A scope is an administrative grouping of IP addresses for computers on a subnet that use the DHCP service. 系統管理員會先建立的每個實體的子網路的範圍,然後使用範圍定義用所使用的參數。The administrator first creates a scope for each physical subnet and then uses the scope to define the parameters used by clients.

領域具有下列屬性:A scope has the following properties:

  • IP 位址,包括或排除使用 DHCP 服務租用提供的地址。A range of IP addresses from which to include or exclude addresses used for DHCP service lease offerings.

  • 子網路遮罩] 判斷子網路首碼指定 IP 位址。A subnet mask, which determines the subnet prefix for a given IP address.

  • 指派建立時領域名稱。A scope name assigned when it is created.

  • 租用期間值,已指派給 DHCP 戶端接收動態配置的 IP 位址。Lease duration values, which are assigned to DHCP clients that receive dynamically allocated IP addresses.

  • 指派給 DHCP 戶端,例如 DNS 伺服器的 IP 位址和路由器] / [預設閘道 IP 位址設定的任何 DHCP 範圍選項。Any DHCP scope options configured for assignment to DHCP clients, such as DNS server IP address and router/default gateway IP address.

  • 保留也會用來確保 DHCP client 收到相同的 IP 位址。Reservations are optionally used to ensure that a DHCP client always receives the same IP address.

部署之前您的伺服器,會列出您子網路和您想要使用的每個子網路的 IP 位址範圍。Before deploying your servers, list your subnets and the IP address range you want to use for each subnet.

子網路遮罩計劃Planning subnet masks

使用 [子網路遮罩分辨網路 Id 和主機 Id 中 IP 位址。Network IDs and host IDs within an IP address are distinguished by using a subnet mask. 每個子網路遮罩是 32 位元數字使用連續元群組的所有的網路找出 (1) ID 和所有零 (0) 找出主機 ID 部分的 IP 位址。Each subnet mask is a 32-bit number that uses consecutive bit groups of all ones (1) to identify the network ID and all zeroes (0) to identify the host ID portions of an IP address.

例如,常用的 IP 位址 131.107.16.200 子網路遮罩是下列 32 位元二進位數字:For example, the subnet mask normally used with the IP address 131.107.16.200 is the following 32-bit binary number:

11111111 11111111 00000000 00000000

此子網路遮罩數字是 16 一位元後面 16 零位元,指出這個 IP 位址的網路 ID 和主機 ID 區段這兩個 16 位元的長度。This subnet mask number is 16 one-bits followed by 16 zero-bits, indicating that the network ID and host ID sections of this IP address are both 16 bits in length. 一般而言,這個子網路遮罩小數點標記中顯示為 255.255.0.0。Normally, this subnet mask is displayed in dotted decimal notation as 255.255.0.0.

下表顯示子網路遮罩網際網路位址類別。The following table displays subnet masks for the Internet address classes.

地址課Address class 子網路遮罩的位元Bits for subnet mask 子網路遮罩Subnet mask
A 課Class A 11111111 00000000 00000000 0000000011111111 00000000 00000000 00000000 255.0.0.0255.0.0.0
BClass B 11111111 11111111 00000000 0000000011111111 11111111 00000000 00000000 255.255.0.0255.255.0.0
C 課Class C 11111111 11111111 11111111 0000000011111111 11111111 11111111 00000000 255.255.255.0255.255.255.0

當您建立領域 DHCP 中,輸入 ip 範圍 DHCP 提供這些預設子網路遮罩值。When you create a scope in DHCP and you enter the IP address range for the scope, DHCP provides these default subnet mask values. 一般而言,子網路遮罩的預設值是適用於任何特殊需求大部分網路與其中每個 IP 網路區段對應單一實體網路。Typically, default subnet mask values are acceptable for most networks with no special requirements and where each IP network segment corresponds to a single physical network.

有時候,您可以使用 [自訂子網路遮罩實作 IP 子網路。In some cases, you can use customized subnet masks to implement IP subnetting. IP 子網路,您也可以細分預設主機 ID 部分指定的原始課程為基礎的網路 ID 量度子網路的 IP 位址With IP subnetting, you can subdivide the default host ID portion of an IP address to specify subnets, which are subdivisions of the original class-based network ID.

自訂子網路遮罩長度,您可以減少用於實際主機收到的位元By customizing the subnet mask length, you can reduce the number of bits that are used for the actual host ID.

若要防止地址和路由問題,您應該確定區段網路上的所有 TCP/IP 電腦都使用相同的子網路遮罩與每個電腦或裝置具有獨特的 IP 位址。To prevent addressing and routing problems, you should make sure that all TCP/IP computers on a network segment use the same subnet mask and that each computer or device has an unique IP address.

規劃範圍排除項目Planning exclusion ranges

當您建立範圍 DHCP 伺服器時,您可以指定 IP 位址範圍包含所有的租用 DHCP 戶端,例如電腦與其他裝置以允許 DHCP 伺服器的 IP 位址。When you create a scope on a DHCP server, you specify an IP address range that includes all of the IP addresses that the DHCP server is allowed to lease to DHCP clients, such as computers and other devices. 如果您然後並手動設定某些伺服器與其他裝置靜態相同的 IP 位址範圍使用 DHCP 伺服器的 IP 位址,您不小心可以建立 IP 位址衝突,有您和 DHCP 伺服器兩指派相同的 IP 位址不同的裝置。If you then go and manually configure some servers and other devices with static IP addresses from the same IP address range that the DHCP server is using, you can accidentally create an IP address conflict, where you and the DHCP server have both assigned the same IP address to different devices.

若要解開這個問題,您可以建立 DHCP 範圍排除項目範圍。To solve this problem, you can create an exclusion range for the DHCP scope. 排除項目範圍是介於領域的 IP 位址 DHCP 伺服器不受允許使用連續 IP 位址。An exclusion range is a contiguous range of IP addresses within the scope's IP address range that the DHCP server is not allowed to use. 如果您建立排除範圍,DHCP 伺服器不會指派範圍,讓您以手動方式將這些位址指派而不需要建立 IP 位址衝突中的位址。If you create an exclusion range, the DHCP server does not assign the addresses in that range, allowing you to manually assign these addresses without creating an IP address conflict.

您可以從排除 IP 位址 distribution DHCP 伺服器建立的每個領域排除範圍。You can exclude IP addresses from distribution by the DHCP server by creating an exclusion range for each scope. 適用於所有裝置與靜態 IP 位址設定,您應該使用排除項目。You should use exclusions for all devices that are configured with a static IP address. 排除的位址應該會包含所有伺服器,非 DHCP 戶端、無磁碟工作站,或其他路由並遠端存取和 PPP 手動指派的 IP 位址。The excluded addresses should include all IP addresses that you assigned manually to other servers, non-DHCP clients, diskless workstations, or Routing and Remote Access and PPP clients.

建議您在使用額外的地址,以配合未來網路成長設定您的範圍排除項目。It is recommended that you configure your exclusion range with extra addresses to accommodate future network growth. 下表 ip 10.0.0.1-10.0.0.254 和 255.255.255.0 子網路遮罩領域提供的範例排除範圍。The following table provides an example exclusion range for a scope with an IP address range of 10.0.0.1 - 10.0.0.254 and a subnet mask of 255.255.255.0.

設定項目Configuration items 範例值Example values
排除項目範圍開始 IP 位址Exclusion range Start IP Address 10.0.0.110.0.0.1
排除項目範圍結束 IP 位址Exclusion range End IP Address 10.0.0.2510.0.0.25

規劃靜態的 TCP/IP 設定Planning TCP/IP static configuration

特定裝置,例如路由器、DHCP 伺服器和 DNS 伺服器,必須使用靜態 IP 位址設定。Certain devices, such as routers, DHCP servers, and DNS servers, must be configured with a static IP address. 此外,您可能有其他裝置,例如印表機、想要確保永遠具有相同的 IP 位址。In addition, you might have additional devices, such as printers, that you want to ensure always have the same IP address. 列出的裝置,您靜態想要設定的每個子網路,並規劃排除範圍您想要使用 DHCP 伺服器上,以確保 DHCP 伺服器不會租用靜態設定裝置的 IP 位址。List the devices that you want to configure statically for each subnet, and then plan the exclusion range you want to use on the DHCP server to ensure that the DHCP server does not lease the IP address of a statically configured device. 排除項目範圍是有限的一連串中排除 DHCP 服務方案的範圍的 IP 位址。An exclusion range is a limited sequence of IP addresses within a scope, excluded from DHCP service offerings. 排除項目範圍確保給您網路上的 DHCP 戶端伺服器不提供任何這些範圍中的位址。Exclusion ranges assure that any addresses in these ranges are not offered by the server to DHCP clients on your network.

例如,如果子網路的 IP 位址範圍是透過 192.168.0.254 192.168.0.1 10 個裝置您想要使用靜態 IP 位址設定,您可以建立排除項目範圍 192.168.0 的。x包含十部或多個 IP 位址的範圍:192.168.0.1 透過 192.168.0.15。For example, if the IP address range for a subnet is 192.168.0.1 through 192.168.0.254 and you have ten devices that you want to configure with a static IP address, you can create an exclusion range for the 192.168.0.x scope that includes ten or more IP addresses: 192.168.0.1 through 192.168.0.15.

在此範例中,使用 10 排除 IP 位址伺服器和其他裝置設定成靜態 IP 位址,還有適用的新裝置,您可能想要新增未來靜態設定五個其他的 IP 位址。In this example, you use ten of the excluded IP addresses to configure servers and other devices with static IP addresses and five additional IP addresses are left available for static configuration of new devices that you might want to add in the future. 使用這個排除項目範圍,透過 192.168.0.254 192.168.0.16 位址集區與剩餘 DHCP 伺服器。With this exclusion range, the DHCP server is left with an address pool of 192.168.0.16 through 192.168.0.254.

下表中提供 AD DS 和 DNS 範例額外的設定項目。Additional example configuration items for AD DS and DNS are provided in the following table.

設定項目Configuration items 範例值Example values
網路連接繫結Network Connect Bindings 乙太網路Ethernet
DNS 伺服器設定DNS Server Settings DC1.corp.contoso.comDC1.corp.contoso.com
慣用的 DNS 伺服器的 IP 位址Preferred DNS server IP address 10.0.0.210.0.0.2
新增範圍對話方塊的值Add Scope dialog box values

1.範圍名稱1. Scope Name
2.開始 IP 位址2. Starting IP Address
3.結束 IP 位址3. Ending IP Address
4.子網路遮罩4. Subnet Mask
5.預設閘道(選擇性)5. Default Gateway (optional)
6.租用期間6. Lease duration
1.主要子網路1. Primary Subnet
2. 10.0.0.12. 10.0.0.1
3. 10.0.0.2543. 10.0.0.254
4. 255.255.255.04. 255.255.255.0
5. 10.0.0.15. 10.0.0.1
6.8 天6. 8 days
IPv6 DHCP 伺服器操作模式IPv6 DHCP Server Operation Mode 不支援Not enabled

核心網路部署Core Network Deployment

若要部署的核心網路,基本步驟如下:To deploy a core network, the basic steps are as follows:

  1. 設定所有伺服器]Configuring All Servers

  2. 部署 DC1Deploying DC1

  3. 加入網域的電腦伺服器,並登入Joining Server Computers to the Domain and Logging On

  4. 部署 DHCP1Deploying DHCP1

  5. 加入網域的電腦 Client 並登入Joining Client Computers to the Domain and Logging On

  6. 部署選擇性功能網路存取驗證和 Web 服務Deploying optional features for network access authentication and Web services

注意

  • 本指南大部分程序提供相同的 Windows PowerShell 命令。Equivalent Windows PowerShell commands are provided for most procedures in this guide. 之前,請先執行 Windows PowerShell cmdlet 這些,適用於您的網路部署值取代範例值。Before running these cmdlets in Windows PowerShell, replace example values with values that are appropriate for your network deployment. 此外,您必須輸入每個 cmdlet 在同一行 Windows PowerShell 中。In addition, you must enter each cmdlet on a single line in Windows PowerShell. 在本指南個人 cmdlet 可能會出現在幾個行因為格式限制和文件中的顯示設定您的瀏覽器或其他應用程式。In this guide, individual cmdlets might appear on several lines due to formatting constraints and the display of the document by your browser or other application.
  • 本文中的程序中不包含那些案例指示使用者 Account 控制項對話方塊要求您的權限才能繼續。The procedures in this guide do not include instructions for those cases in which the User Account Control dialog box opens to request your permission to continue. 如果此對話方塊同時執行程序本指南,如果對話方塊一個因應以您的動作,按一下 [繼續If this dialog box opens while you are performing the procedures in this guide, and if the dialog box was opened in response to your actions, click Continue.

設定所有伺服器]Configuring All Servers

其他技術,例如 Active Directory Domain Services 或 DHCP,在安裝之前請務必進行下列項目。Before installing other technologies, such as Active Directory Domain Services or DHCP, it is important to configure the following items.

每個伺服器執行這些動作,您可以使用下列的各節。You can use the following sections to perform these actions for each server.

資格在系統管理員,或相當於,才能執行這些程序最小值。Membership in Administrators, or equivalent, is the minimum required to perform these procedures.

將電腦重新命名Rename the computer

若要變更電腦的名稱,您可以在本區段中使用此程序。You can use the procedure in this section to change the name of a computer. 重新命名電腦適合用於環境中的作業系統已自動建立您不想要使用的電腦名稱。Renaming the computer is useful for circumstances in which the operating system has automatically created a computer name that you do not want to use.

注意

使用 Windows PowerShell 來執行這個程序、開放 PowerShell 及在不同行中輸入下列 cmdlet,然後按 ENTER。To perform this procedure by using Windows PowerShell, open PowerShell and type the following cmdlets on separate lines, and then press ENTER. 您還必須更換電腦名稱以您想要使用的名稱。You must also replace ComputerName with the name that you want to use.

Rename-Computer電腦名稱ComputerName

Restart-Computer

若要重新命名電腦是執行 Windows Server 2016、Windows Server 2012 R2,以及 Windows Server 2012To rename computers running Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012
  1. 在伺服器管理員中,按一下本機伺服器In Server Manager, click Local Server. 電腦屬性會顯示在詳細資料窗格中。The computer Properties are displayed in the details pane.

  2. 屬性,請在電腦名稱,按一下 [現有的電腦名稱。In Properties, in Computer name, click the existing computer name. 系統屬性對話方塊。The System Properties dialog box opens. 按一下變更Click Change. 電腦名稱日網域變更對話方塊。The Computer Name/Domain Changes dialog box opens.

  3. 電腦名稱日網域變更對話方塊中,在電腦名稱,輸入您的電腦的新名稱。In the Computer Name/Domain Changes dialog box, in Computer name, type a new name for your computer. 例如,如果您想要為電腦 DC1,輸入DC1For example, if you want to name the computer DC1, type DC1.

  4. 按一下[確定]兩次,然後按關閉Click OK twice, and then click Close. 如果您想要重新開機立即,完成名稱的變更,請按一下現在重新開機If you want to restart the computer immediately to complete the name change, click Restart Now. 否則,請按重新開機之後Otherwise, click Restart Later.

注意

如何重新命名執行其他 Microsoft 作業系統的電腦上的資訊,請查看附錄 A-重新命名電腦For information on how to rename computers that are running other Microsoft operating systems, see Appendix A - Renaming computers.

設定靜態 IP 位址Configure a static IP address

您可以設定「網際網路通訊協定第 4 (IPv4) 本主題中使用的程序的靜態 IP,以上網屬性地址執行 Windows Server 2016 的電腦。You can use the procedures in this topic to configure the Internet Protocol version 4 (IPv4) properties of a network connection with a static IP address for computers running Windows Server 2016.

注意

使用 Windows PowerShell 來執行這個程序、開放 PowerShell 及在不同行中輸入下列 cmdlet,然後按 ENTER。To perform this procedure by using Windows PowerShell, open PowerShell and type the following cmdlets on separate lines, and then press ENTER. 您必須也取代介面名稱與 IP 位址,在此範例中您想要設定您的電腦使用的值。You must also replace interface names and IP addresses in this example with the values that you want to use to configure your computer.

New-NetIPAddress -IPAddress 10.0.0.2 -InterfaceAlias "Ethernet" -DefaultGateway 10.0.0.1 -AddressFamily IPv4 -PrefixLength 24

Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 127.0.0.1

若要設定執行 Windows Server 2016、Windows Server 2012 R2,以及 Windows Server 2012 的電腦上的靜態 IP 位址To configure a static IP address on computers running Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012
  1. 工作列,在 [網路] 圖示,以滑鼠右鍵按一下,然後按一下開放式網路和共用中心]In the task bar, right-click the Network icon, and then click Open Network and Sharing Center.

  2. 網路和共用中心],按一下 [變更介面卡設定In Network and Sharing Center, click Change adapter settings. 裝置管理員資料夾開啟並顯示 [可用的網路連接。The Network Connections folder opens and displays the available network connections.

  3. 裝置管理員,以滑鼠右鍵按一下您想要設定,然後按一下 [連接屬性In Network Connections, right-click the connection that you want to configure, and then click Properties. 網路屬性對話方塊。The network connection Properties dialog box opens.

  4. 在網路連接屬性對話方塊中,在此連接使用下列項目],請選取網際網路通訊協定第 4 版本 (TCP 日 IPv4),,然後按一下屬性In the network connection Properties dialog box, in This connection uses the following items, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 網際網路通訊協定第 4 版本 (TCP 日 IPv4) 屬性對話方塊。The Internet Protocol Version 4 (TCP/IPv4) Properties dialog box opens.

  5. 網際網路通訊協定第 4 版本 (TCP 日 IPv4) 屬性,在一般索引標籤上,按一下 [使用下列的 IP 位址In Internet Protocol Version 4 (TCP/IPv4) Properties, on the General tab, click Use the following IP address. 的 IP 位址,輸入您想要使用 IP 位址。In IP address, type the IP address that you want to use.

  6. 按] 索引標籤,將游標在子網路遮罩Press tab to place the cursor in Subnet mask. 會自動輸入子網路遮罩的預設值。A default value for subnet mask is entered automatically. 接受預設子網路遮罩,或輸入您想要使用的子網路遮罩。Either accept the default subnet mask, or type the subnet mask that you want to use.

  7. 預設閘道,輸入您的預設閘道 IP 位址。In Default gateway, type the IP address of your default gateway.

    注意

    您必須設定預設閘道以相同的 IP 位址,您的區域網路(區域網路)介面您的路由器上使用。You must configure Default gateway with the same IP address that you use on the local area network (LAN) interface of your router. 例如,如果您的路由器連接到網際網路,以及您區域網路至於例如寬區域網路 (WAN),設定的區域網路介面使用相同的 IP 位址,您將會指定為預設閘道For example, if you have a router that is connected to a wide area network (WAN) such as the Internet as well as to your LAN, configure the LAN interface with the same IP address that you will then specify as the Default gateway. 在另一部範例中,如果您已連接到兩個的區域網路位置區域網路使用位址範圍 10.0.0.0 月 24,B 區域網路使用位址範圍 192.168.0.0 月 24 路由器設定的區域網路 A 路由器 IP 位址該位址範圍,例如 10.0.0.1 地址。In another example, if you have a router that is connected to two LANs, where LAN A uses the address range 10.0.0.0/24 and LAN B uses the address range 192.168.0.0/24, configure the LAN A router IP address with an address from that address range, such as 10.0.0.1. 此外,在這個位址 DHCP 範圍,請設定預設閘道以 10.0.0.1 的 IP 位址。In addition, in the DHCP scope for this address range, configure Default gateway with the IP address 10.0.0.1. 區域網路 B 設定的區域網路 B 路由器介面的地址範圍,例如 192.168.0.1、地址,然後再設定區域網路 B 範圍 192.168.0.0 月 24 使用預設閘道192.168.0.1 的值。For the LAN B, configure the LAN B router interface with an address from that address range, such as 192.168.0.1, and then configure the LAN B scope 192.168.0.0/24 with a Default gateway value of 192.168.0.1.

  8. 慣用 DNS 伺服器],輸入您的 DNS 伺服器的 IP 位址。In Preferred DNS server, type the IP address of your DNS server. 如果您打算使用為慣用 DNS 伺服器的本機電腦,請輸入本機電腦的 IP 位址。If you plan to use the local computer as the preferred DNS server, type the IP address of the local computer.

  9. 其他 DNS 伺服器,如果有的話,輸入您替代的 DNS 伺服器的 IP 位址。In Alternate DNS Server, type the IP address of your alternate DNS server, if any. 如果您想要使用做為備用 DNS 伺服器的本機電腦,請輸入本機電腦的 IP 位址。If you plan to use the local computer as an alternate DNS server, type the IP address of the local computer.

  10. 按一下[確定],然後按關閉Click OK, and then click Close.

注意

如需如何設定執行其他 Microsoft 作業系統的電腦上的靜態 IP 位址資訊,請查看附錄 B-設定靜態 IP 位址For information on how to configure a static IP address on computers that are running other Microsoft operating systems, see Appendix B - Configuring static IP addresses.

部署 DC1Deploying DC1

若要部署 DC1 的電腦執行 Active Directory Domain Services (AD DS) 和 DNS,您必須先完成下列步驟進行以下列順序:To deploy DC1, which is the computer running Active Directory Domain Services (AD DS) and DNS, you must complete these steps in the following order:

系統管理員權限Administrative privileges

如果您正在安裝小的網路,而且不只系統管理員的網路,建議您建立帳號,並再成員企業系統管理員和網域系統管理員的身分加入您的使用者帳號。If you are installing a small network and are the only administrator for the network, it is recommended that you create a user account for yourself, and then add your user account as a member of both Enterprise Admins and Domain Admins. 這樣將會讓您做的所有網路資源,系統管理員的身分變得更容易。Doing so will make it easier for you to act as the administrator for all network resources. 我們也建議您登入此帳號只有在您需要執行管理工作,並建立執行非 IT 不同的使用者負責相關工作時。It is also recommended that you log on with this account only when you need to perform administrative tasks, and that you create a separate user account for performing non-IT related tasks.

如果您有較大的公司使用多個管理員,請參考 AD DS 文件,以判斷組織員工的最佳群組成員資格。If you have a larger organization with multiple administrators, refer to AD DS documentation to determine the best group membership for organization employees.

網域帳號與帳號本機電腦上不同Differences between domain user accounts and user accounts on the local computer

其中一個優點網域為基礎的是,您不需要帳號建立網域中的每一部電腦上。One of the advantages of a domain-based infrastructure is that you do not need to create user accounts on each computer in the domain. 電腦是否 client 的電腦或伺服器是如此。This is true whether the computer is a client computer or a server.

因此,您不應該帳號建立網域中的每一部電腦上。Because of this, you should not create user accounts on each computer in the domain. 建立 Active Directory 使用者和電腦所有使用者帳號,並使用上述程序指派群組成員資格。Create all user accounts in Active Directory Users and Computers and use the preceding procedures to assign group membership. 根據預設,所有使用者帳號都的網域使用者群組成員。By default, all user accounts are members of the Domain Users group.

使用者網域群組的所有成員可以都登入 client 的任何電腦之後該已經加入網域。All members of the Domain Users group can log on to any client computer after it is joined to the domain.

您可以設定帳號,若要指定的使用者可以登入電腦的日期和時間。You can configure user accounts to designate the days and times that the user is allowed to log on to the computer. 您也可以指定每個使用者可以使用哪一台電腦。You can also designate which computers each user is allowed to use. 這些設定,開放 Active Directory 使用者和電腦,找出您想要設定帳號,按兩下 [account。To configure these settings, open Active Directory Users and Computers, locate the user account that you want to configure, and double-click the account. 在帳號屬性,按一下 [ Account索引標籤,然後再按一下登入小時來登入In the user account Properties, click the Account tab, and then click either Logon Hours or Log On To.

安裝 AD DS,以及新的樹系的 DNSInstall AD DS and DNS for a New Forest

您可以使用下列程序的其中一個安裝 Active Directory Domain Services (AD DS) 和 DNS,並在新的樹系建立新的網域。You can use one of the following procedures to install Active Directory Domain Services (AD DS) and DNS and to create a new domain in a new forest.

第一個步驟的指示在第二個程序會顯示您如何使用伺服器管理員安裝 AD DS 和 DNS 使用 Windows PowerShell 中,執行下列動作。The first procedure provides instructions on performing these actions by using Windows PowerShell, while the second procedure shows you how to install AD DS and DNS by using Server Manager.

重要

步驟執行此程序完成之後,會自動重新啟動電腦。After you finish performing the steps in this procedure, the computer is automatically restarted.

安裝 AD DS 和 DNS 使用 Windows PowerShellInstall AD DS and DNS Using Windows PowerShell

您可以使用下列命令來安裝和 AD DS 和 DNS 設定。You can use the following commands to install and configure AD DS and DNS. 您必須在此範例中的網域名稱取代您想要為您的網域使用的值。You must replace the domain name in this example with the value that you want to use for your domain.

注意

如需 Windows PowerShell 命令,查看下列的參考主題。For more information about these Windows PowerShell commands, see the following reference topics.

資格在系統管理員,至少需要執行這個程序。Membership in Administrators is the minimum required to perform this procedure.

  • 系統管理員身分執行 Windows PowerShell 中輸入下列命令,,然後按 ENTER 鍵:Run Windows PowerShell as an Administrator, type the following command, and then press ENTER:

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

安裝完成後成功,下列訊息會顯示在 Windows PowerShell 中。When installation has successfully completed, the following message is displayed in Windows PowerShell.

Success Restart Needed  Exit Code   Feature Result
------- --------------  ---------   --------------
True    No              Success     {Active Directory Domain Services, Group P...
  • Windows PowerShell 中,輸入下列命令,更換文字corp.contoso.com與您的網域名稱,然後按 ENTER 鍵:In Windows PowerShell, type the following command, replacing the text corp.contoso.com with your domain name, and then press ENTER:
Install-ADDSForest -DomainName "corp.contoso.com"
  • 安裝和設定程序期間,才會顯示在頂端的 Windows PowerShell 視窗,會顯示下列命令提示字元。During the installation and configuration process, which is visible at the top of the Windows PowerShell window, the following prompt appears. 它會顯示之後,輸入密碼,然後按 ENTER 鍵。After it appears, type a password and then press ENTER.

    SafeModeAdministratorPassword:SafeModeAdministratorPassword:

  • 您輸入密碼並按下 ENTER 後,會顯示下列確認的提示。After you type a password and press ENTER, the following confirmation prompt appears. 輸入相同的密碼,然後按 ENTER 鍵。Type the same password and then press ENTER.

    確認 SafeModeAdministratorPassword:Confirm SafeModeAdministratorPassword:

  • 下列提示出現時,輸入的字母Y,然後按 ENTER 鍵。When the following prompt appears, type the letter Y and then press ENTER.

<span data-ttu-id="b3da8-579">將會設定為網域控制站目標伺服器,並重新啟動完成這項作業時。</span><span class="sxs-lookup"><span data-stu-id="b3da8-579">The target server will be configured as a domain controller and restarted when this operation is complete.</span></span>
<span data-ttu-id="b3da8-580">您想要進行此操作嗎?</span><span class="sxs-lookup"><span data-stu-id="b3da8-580">Do you want to continue with this operation?</span></span>
<span data-ttu-id="b3da8-581">[Y] 是 [A] 是所有的 [N] 不 [L] 不到 [所有 [S] 暫停 [?]協助(預設值為 [Y」):</span><span class="sxs-lookup"><span data-stu-id="b3da8-581">[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):</span></span>
  • 如果您想要您可以讀取 AD DS 和 DNS 的標準模式、成功安裝期間會顯示警告訊息。If you want to, you can read the warning messages that are displayed during normal, successful installation of AD DS and DNS. 這些訊息是標準,無法安裝失敗的指示。These messages are normal and are not an indication of install failure.

  • 在成功安裝之後,則會顯示訊息,您將會使電腦可以重新登入電腦使用。After installation succeeds, a message appears stating that you are about to be logged off of the computer so that the computer can restart. 如果您按一下關閉、立即登出電腦,以及電腦重新開機。If you click Close, you are immediately logged off the computer, and the computer restarts. 如果您不要按關閉,在電腦重新開機之後預設一段時間。If you do not click Close, the computer restarts after a default period of time.

  • 伺服器會重新之後,您可以檢查 Active Directory Domain Services 和 DNS 成功的安裝。After the server is restarted, you can verify successful installation of Active Directory Domain Services and DNS. 打開 Windows PowerShell,輸入下列命令,然後按 ENTER。Open Windows PowerShell, type the following command, and press ENTER.

Get-WindowsFeature

在這個命令的結果,Windows PowerShell 中會顯示,並且應該是類似下列影像中的結果。The results of this command are displayed in Windows PowerShell, and should be similar to the results in the image below. 適用於已安裝的技術,技術名稱的左括弧包含字元X,以及的值安裝的狀態已安裝For installed technologies, the brackets to the left of the technology name contain the character X, and the value of Install State is Installed.

Get-WindowsFeature 命令的結果

安裝 AD DS 和 DNS 使用伺服器管理員Install AD DS and DNS Using Server Manager

  1. DC1,在中伺服器管理員,按一下 [管理,然後按一下 [新增角色與功能On DC1, in Server Manager, click Manage, and then click Add Roles and Features. 新增角色與功能精靈開啟。The Add Roles and Features Wizard opens.

  2. 在您開始之前,請先,按一下 [In Before You Begin, click Next.

    注意

    在您開始之前,請先頁面上新增角色與精靈中的功能不顯示如果先前已選取預設略過此頁面功能精靈與新增的角色執行。The Before You Begin page of the Add Roles and Features Wizard is not displayed if you have previously selected Skip this page by default when the Add Roles and Features Wizard was run.

  3. 選擇安裝類型,確認以角色為基礎,或為基礎的功能的安裝已選取,然後按一下 [下一步In Select Installation Type, ensure that Role-Based or feature-based installation is selected, and then click Next.

  4. 選取目的伺服器,確保選取伺服器伺服器集區的選取。In Select destination server, ensure that Select a server from the server pool is selected. 伺服器集區,請確定已選取 [本機電腦。In Server Pool, ensure that the local computer is selected. 按一下下一步Click Next.

  5. 選擇伺服器角色,請在角色,按一下 [ Active Directory Domain ServicesIn Select server roles, in Roles, click Active Directory Domain Services. 新增所需的 Active Directory Domain Services 功能,按一下 [新增功能In Add features that are required for Active Directory Domain Services, click Add Features. 按一下下一步Click Next.

  6. 選擇功能,按一下 [下一步,在Active Directory Domain Services,檢視的資訊,提供,然後按一下下一步In Select features, click Next, and in Active Directory Domain Services, review the information that is provided, and then click Next.

  7. 確認安裝選項,按一下 [安裝In Confirm installation selections, click Install. 安裝進度頁面會顯示在安裝期間狀態。The Installation progress page displays status during the installation process. 當程序完成時,訊息詳細資訊,按一下這個網域控制站伺服器升級When the process completes, in the message details, click Promote this server to a domain controller. Active Directory Domain Services 組態精靈開啟。The Active Directory Domain Services Configuration Wizard opens.

  8. 部署組態新增新的樹系In Deployment Configuration, select Add a new forest. 根網域名稱,輸入您的網域的完整的網域名稱 (FQDN)。In Root domain name, type the fully qualified domain name (FQDN) for your domain. 例如,如果您 FQDN corp.contoso.com,輸入corp.contoso.com。按一下下一步For example, if your FQDN is corp.contoso.com, type corp.contoso.com. Click Next.

  9. 網域控制站選項,請在選取新的樹系和根網域功能等級,選取樹系功能等級和網域您想要使用的功能等級。In Domain Controller Options, in Select functional level of the new forest and root domain, select the forest functional level and domain functional level that you want to use. 指定網域控制站功能,確保網域名稱系統」(DNS) 伺服器全球 Catalog (GC)選取。In Specify domain controller capabilities, ensure that Domain Name System (DNS) server and Global Catalog (GC) are selected. 密碼確認密碼,輸入您想要使用的 Directory 服務還原模式 (DSRM) 密碼。In Password and Confirm password, type the Directory Services Restore Mode (DSRM) password that you want to use. 按一下下一步Click Next.

  10. DNS 選項,按一下 [In DNS Options, click Next.

  11. 的其他選項、驗證 NetBIOS 名稱指定給網域中,並視需要變更該只。In Additional Options, verify the NetBIOS name that is assigned to the domain, and change it only if necessary. 按一下下一步Click Next.

  12. 路徑,請在指定的位置資料庫 AD DS,登入檔案,以及 SYSVOL,執行下列其中一個動作:In Paths, in Specify the location of the AD DS database, log files, and SYSVOL, do one of the following:

    • 接受預設值。Accept the default values.

    • 輸入您想要使用的資料夾位置資料夾資料庫登入檔案的資料夾,並SYSVOL 資料夾Type folder locations that you want to use for Database folder, Log files folder, and SYSVOL folder.

  13. 按一下下一步Click Next.

  14. 檢視選項,檢視您的選擇。In Review Options, review your selections.

  15. 如果您想要設定匯出到 Windows PowerShell 指令碼,請按一下檢視指令碼If you want to export settings to a Windows PowerShell script, click View script. 指令碼開啟在「記事本」中,您可以將它儲存到您想要的資料夾位置。The script opens in Notepad, and you can save it to the folder location that you want. 按一下下一步Click Next. 必要條件檢查、進行驗證您的選擇。In Prerequisites Check, your selections are validated. 檢查完成時,按安裝When the check completes, click Install. Windows 的提示,請按一下關閉When prompted by Windows, click Close. 伺服器重新開機才能完成安裝 AD DS 和 DNS。The server restarts to complete installation of AD DS and DNS.

  16. 伺服器重新開機之後,若要確認成功安裝,檢視伺服器管理員」主控台。To verify successful installation, view the Server Manager console after the server restarts. AD DS 和 DNS 應該會顯示在左窗格中,例如反白顯示下列影像中的項目。Both AD DS and DNS should appear in the left pane, like the highlighted items in the image below.

AD DS 和 DNS 伺服器管理員中

建立帳號 Active Directory 使用者與電腦Create a User Account in Active Directory Users and Computers

Active Directory 使用者電腦 Microsoft Management Console (MMC) 中建立新的網域帳號,您可以使用此程序。You can use this procedure to create a new domain user account in Active Directory Users and Computers Microsoft Management Console (MMC).

資格在網域系統管理員,或相當於,才能執行此程序最小值。Membership in Domain Admins, or equivalent, is the minimum required to perform this procedure.

注意

使用 Windows PowerShell 來執行這個程序,開放 PowerShell 和一行,輸入下列 cmdlet,然後按 ENTER。To perform this procedure by using Windows PowerShell, open PowerShell and type the following cmdlet on one line, and then press ENTER. 您也必須取代使用者 account 名稱在此範例中為您想要使用的值。You must also replace the user account name in this example with the value that you want to use.

New-ADUser -SamAccountName User1 -AccountPassword (read-host "Set user password" -assecurestring) -name "User1" -enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false

按下 ENTER 後,請輸入密碼帳號。After you press ENTER, type the password for the user account. Account 建立,預設授與成員資格加入網域使用者群組。The account is created and, by default, is granted membership to the Domain Users group.

使用下列 cmdlet,您可以指定新的使用者 account 其他群組成員資格。With the following cmdlet, you can assign additional group memberships for the new user account. 以下範例會 User1 加入網域系統管理員」及企業系統管理員」群組。The example below adds User1 to the Domain Admins and Enterprise Admins groups. 請確定之前,請先執行此命令的變更 account 的使用者名稱、網域名稱和群組],以符合您的需求。Ensure before running this command that you change the user account name, domain name, and groups to match your requirements.

Add-ADPrincipalGroupMembership -Identity "CN=User1,CN=Users,DC=corp,DC=contoso,DC=com" -MemberOf "CN=Enterprise Admins,CN=Users,DC=corp,DC=contoso,DC=com","CN=Domain Admins,CN=Users,DC=corp,DC=contoso,DC=com"

若要建立的使用者 accountTo create a user account
  1. 在 DC1,在伺服器管理員中,按一下工具,然後按一下 [ Active Directory 使用者和電腦On DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers. Active Directory 使用者和電腦 MMC 開啟。The Active Directory Users and Computers MMC opens. 如果您未選取,按一下您的網域節點。If it is not already selected, click the node for your domain. 例如,如果您的網域 corp.contoso.com,請按一下corp.contoso.comFor example, if your domain is corp.contoso.com, click corp.contoso.com.

  2. 在詳細資料窗格中,以滑鼠右鍵按一下您要新增的使用者帳號的資料夾。In the details pane, right-click the folder in which you want to add a user account.

    何處?Where?

    • Active Directory 使用者和電腦日網域節點/資料夾Active Directory Users and Computers/domain node/folder
  3. 移至,然後按一下 [使用者Point to New, and then click User. 新物件-使用者對話方塊。The New Object - User dialog box opens.

  4. 第一個名稱,輸入第一的使用者的名稱。In First name, type the user's first name.

  5. 簡稱,輸入使用者的簡稱。In Initials, type the user's initials.

  6. 姓氏,輸入使用者的最後一個名稱。In Last name, type the user's last name.

  7. 修改的全名來新增簡稱或反向排序的名字與姓氏。Modify Full name to add initials or reverse the order of first and last names.

  8. 登入的使用者名稱,輸入登入的使用者名稱。In User logon name, type the user logon name. 按一下下一步Click Next.

  9. 新物件-使用者,請在的密碼確認密碼、輸入使用者的密碼,然後選取適當的密碼的選項。In New Object - User, in Password and Confirm password, type the user's password, and then select the appropriate password options.

  10. 按一下下一步,檢視的新使用者 account 設定,然後按完成]Click Next, review the new user account settings, and then click Finish.

指派群組成員資格Assign Group Membership

您可以使用此程序群組 Active Directory 使用者電腦 Microsoft Management Console (MMC) 中新增的使用者,電腦上或群組。You can use this procedure to add a user, computer, or group to a group in Active Directory Users and Computers Microsoft Management Console (MMC).

資格在網域系統管理員,或相當於的最低需求才能執行此程序。Membership in Domain Admins, or equivalent is the minimum required to perform this procedure.

若要指定群組成員資格To assign group membership
  1. 在 DC1,在伺服器管理員中,按一下工具,然後按一下 [ Active Directory 使用者和電腦On DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers. Active Directory 使用者和電腦 MMC 開啟。The Active Directory Users and Computers MMC opens. 如果您未選取,按一下您的網域節點。If it is not already selected, click the node for your domain. 例如,如果您的網域 corp.contoso.com,請按一下corp.contoso.comFor example, if your domain is corp.contoso.com, click corp.contoso.com.

  2. 在詳細資料窗格中,按兩下您想新增成員群組所在的資料夾。In the details pane, double-click the folder that contains the group to which you want to add a member.

    何處?Where?

    • Active Directory 使用者和電腦/網域節點/群組所在的資料夾Active Directory Users and Computers/domain node/folder that contains the group
  3. 在詳細資料窗格中,以滑鼠右鍵按一下您想要新增到群組,例如使用者或電腦,然後按一下 [物件屬性In the details pane, right-click the object that you want to add to a group, such as a user or computer, and then click Properties. 物件的屬性對話方塊。The object's Properties dialog box opens. 按一下的成員索引標籤。Click the Member of tab.

  4. 的成員索引標籤上,按一下 [新增]On the Member of tab, click Add.

  5. [輸入物件名稱來選取,輸入您想要新增的物件,然後按一下 [的群組的名稱[確定]In Enter the object names to select, type the name of the group to which you want to add the object, and then click OK.

  6. 若要指定其他使用者、群組或電腦群組成員資格,重複步驟 4 和 5 此程序。To assign group membership to other users, groups or computers, repeat steps 4 and 5 of this procedure.

設定 DNS 反向對應區域Configure a DNS Reverse Lookup Zone

您可以使用此程序,設定反向對應區域在「網域名稱系統」(DNS)。You can use this procedure to configure a reverse lookup zone in Domain Name System (DNS).

資格在網域系統管理員,至少需要執行這個程序。Membership in Domain Admins is the minimum required to perform this procedure.

注意

  • 媒體和大型的組織,建議您設定並使用 Active Directory 使用者和電腦 DNSAdmins 群組。For medium and large organizations, it's recommended that you configure and use the DNSAdmins group in Active Directory Users and Computers. 如需詳細資訊,請查看額外的技術資源For more information, see Additional Technical Resources
  • 使用 Windows PowerShell 來執行這個程序,開放 PowerShell 和一行,輸入下列 cmdlet,然後按 ENTER。To perform this procedure by using Windows PowerShell, open PowerShell and type the following cmdlet on one line, and then press ENTER. 您也必須取代 DNS 反向對應區域和 zonefile 名稱在此範例中您想要使用的值。You must also replace the DNS reverse lookup zone and zonefile names in this example with the values that you want to use. 請確定您回復網路 ID 反向區域的名稱。Ensure that you reverse the network ID for the reverse zone name. 如果網路 ID 192.168.0,,例如建立反向尋找區域名稱0.168.192.in in-addr.arpaFor example, if the network ID is 192.168.0, create the reverse lookup zone name 0.168.192.in-addr.arpa.

Add-DnsServerPrimaryZone 0.0.10.in-addr.arpa -ZoneFile 0.0.10.in-addr.arpa.dns

若要設定 DNS 反向對應區域To configure a DNS reverse lookup zone
  1. DC1,在伺服器管理員中,按一下 [工具,然後按DNSOn DC1, in Server Manager, click Tools, and then click DNS. DNS MMC 開啟。The DNS MMC opens.

  2. 在 DNS,如果未展開,按兩下以展開樹伺服器名稱。In DNS, if it is not already expanded, double-click the server name to expand the tree. 例如,如果 DC1 DNS 伺服器名稱,按兩下 [ DC1For example, if the DNS server name is DC1, double-click DC1.

  3. 選取 [反向對應區域,以滑鼠右鍵按一下反向對應區域,然後按一下 [新增區域Select Reverse Lookup Zones, right-click Reverse Lookup Zones, and then click New Zone. 新的時區精靈開啟。The New Zone Wizard opens.

  4. 歡迎使用新的時區精靈,按一下 [In Welcome to the New Zone Wizard, click Next.

  5. 區域類型主要區域In Zone Type, select Primary zone.

  6. 如果您的 DNS 伺服器寫入網域控制站,確保在 Active Directory 中儲存區域選取。If your DNS server is a writeable domain controller, ensure that Store the zone in Active Directory is selected. 按一下下一步Click Next.

  7. Active Directory 區域複寫領域執行網域控制站在這個網域中的所有 DNS 伺服器,除非您有特定的理由,來選擇不同的選項。In Active Directory Zone Replication Scope, select To all DNS servers running on domain controllers in this domain, unless you have a specific reason to choose a different option. 按一下下一步Click Next.

  8. 第一次反向對應區域的名稱頁面上,選取回復對應區域 IPv4In the first Reverse Lookup Zone Name page, select IPv4 Reverse Lookup Zone. 按一下下一步Click Next.

  9. 在第二個反向對應區域的名稱頁面上,執行下列其中一個動作:In the second Reverse Lookup Zone Name page, do one of the following:

    • 網路 ID,輸入您的 IP 位址各種不同的網路來電顯示。In Network ID, type the network ID of your IP address range. 例如,如果您的 IP 位址範圍是透過 10.0.0.254 10.0.0.1,輸入10.0.0For example, if your IP address range is 10.0.0.1 through 10.0.0.254, type 10.0.0.

    • 反向對應區域名稱,會自動新增您區域 IPv4 反向對應的名稱。In Reverse lookup zone name, your IPv4 reverse lookup zone name is automatically added. 按一下下一步Click Next.

  10. 動態更新,選取您想要允許的動態更新的類型。In Dynamic Update, select the type of dynamic updates that you want to allow. 按一下下一步Click Next.

  11. 完成新增區精靈,檢視您的選擇,然後按完成]In Completing the New Zone Wizard, review your choices, and then click Finish.

加入網域的電腦伺服器,並登入Joining Server Computers to the Domain and Logging On

您有安裝 Active Directory Domain Services (AD DS),並建立一個或多個使用者帳號已經加入網域的電腦的權限之後,您可以加入網域並登入伺服器核心網路伺服器以安裝其他技術,例如「動態主機設定通訊協定」(DHCP)。After you have installed Active Directory Domain Services (AD DS) and created one or more user accounts that have permissions to join a computer to the domain, you can join core network servers to the domain and log on to the servers in order to install additional technologies, such as Dynamic Host Configuration Protocol (DHCP).

在 [所有伺服器,您的部署,除了伺服器執行 AD DS,執行下列動作:On all servers that you are deploying, except for the server running AD DS, do the following:

  1. 完成的程序,以提供設定所有伺服器]Complete the procedures provided in Configuring All Servers.

  2. 使用下列兩個程序的指示,加入您的伺服器網域並登入執行其他部署工作伺服器:Use the instructions in the following two procedures to join your servers to the domain and to log on to the servers to perform additional deployment tasks:

注意

使用 Windows PowerShell 來執行這個程序,開放 PowerShell 輸入下列 cmdlet,並再按下 ENTER。To perform this procedure by using Windows PowerShell, open PowerShell and type the following cmdlet, and then press ENTER. 您必須也將您想要使用名稱的網域名稱取代。You must also replace the domain name with the name that you want to use.

Add-Computer -DomainName corp.contoso.com

當您接到這樣做時,請輸入的使用者名稱和密碼 account 的權限加入網域的電腦。When you are prompted to do so, type the user name and password for an account that has permission to join a computer to the domain. 若要重新開機,輸入下列命令,然後按 ENTER。To restart the computer, type the following command and press ENTER.

Restart-Computer

若要加入網域執行 Windows Server 2016、Windows Server 2012 R2,以及 Windows Server 2012 的電腦To join computers running Windows Server 2016, Windows Server 2012 R2 , and Windows Server 2012 to the domain
  1. 在伺服器管理員中,按一下本機伺服器In Server Manager, click Local Server. 在詳細資料窗格中,按一下群組In the details pane, click WORKGROUP. 系統屬性對話方塊。The System Properties dialog box opens.

  2. 系統屬性對話方塊中,按變更In the System Properties dialog box, click Change. 電腦名稱日網域變更對話方塊。The Computer Name/Domain Changes dialog box opens.

  3. 電腦名稱,請在的成員,按一下 [網域,然後輸入您想要加入的網域名稱。In Computer Name, in Member of, click Domain, and then type the name of the domain that you want to join. 如果 corp.contoso.com 的網域名稱,例如,輸入corp.contoso.comFor example, if the domain name is corp.contoso.com, type corp.contoso.com.

  4. 按一下[確定]Click OK. Windows 安全性對話方塊。The Windows Security dialog box opens.

  5. 電腦名稱日網域變更,請在使用者名稱,輸入使用者名稱,並在密碼,請輸入密碼,然後按一下[確定]In Computer Name/Domain Changes, in User name, type the user name, and in Password, type the password, and then click OK. 電腦名稱日網域變更對話方塊,一則歡迎您的網域。The Computer Name/Domain Changes dialog box opens, welcoming you to the domain. 按一下[確定]Click OK.

  6. 電腦名稱日網域變更對話方塊中,會顯示訊息表示,您必須重新開機,適用於所做的變更。The Computer Name/Domain Changes dialog box displays a message indicating that you must restart the computer to apply the changes. 按一下[確定]Click OK.

  7. 系統屬性對話方塊中,於電腦名稱索引標籤上,按一下 [關閉On the System Properties dialog box, on the Computer Name tab, click Close. Microsoft Windows對話方塊中開啟,且會顯示訊息,再試一次表示,您必須重新開機,適用於所做的變更。The Microsoft Windows dialog box opens, and displays a message, again indicating that you must restart the computer to apply the changes. 按一下現在重新Click Restart Now.

注意

如需如何加入網域執行其他 Microsoft 作業系統的電腦上的資訊,請附錄 C-加入網域的電腦For information on how to join computers that are running other Microsoft operating systems to the domain, see Appendix C - Joining computers to the domain.

若要登入執行 Windows Server 2016 的電腦網域To log on to the domain using computers running Windows Server 2016
  1. 登入電腦,或重新開機。Log off the computer, or restart the computer.

  2. 按下 CTRL + ALT + DELETE。Press CTRL + ALT + DELETE. 登入畫面顯示。The logon screen appears.

  3. 在 [左下角,按一下 [以其他使用者In the lower left corner, click Other User.

  4. 的使用者名稱,輸入您的使用者名稱。In User name, type your user name.

  5. 密碼、輸入您的網域密碼,然後按一下箭頭,或按下 ENTER。In Password, type your domain password, and then click the arrow, or press ENTER.

注意

如何登入以使用電腦執行其他 Microsoft 作業系統的網域資訊,請查看附錄 D-登入網域For information on how to log on to the domain using computers that are running other Microsoft operating systems, see Appendix D - Log on to the domain.

部署 DHCP1Deploying DHCP1

您必須先部署的核心網路這個元件,執行下列動作:Before deploying this component of the core network, you must do the following:

若要部署 DHCP1,也就是在電腦執行的是「動態主機設定通訊協定」(DHCP) 伺服器角色,您必須先完成下列步驟進行以下列順序:To deploy DHCP1, which is the computer running the Dynamic Host Configuration Protocol (DHCP) server role, you must complete these steps in the following order:

注意

若要使用 Windows PowerShell 來執行這些程序,開放 PowerShell 不同行,輸入下列 cmdlet,然後按 ENTER 鍵。To perform these procedures by using Windows PowerShell, open PowerShell and type the following cmdlets on separate lines, and then press ENTER. 您必須也取代領域名稱、IP 位址開始和結束範圍、子網路遮罩和其他值在此範例中您想要使用的值。You must also replace the scope name, IP address start and end ranges, subnet mask, and other values in this example with the values that you want to use.

Install-WindowsFeature DHCP -IncludeManagementTools

Add-DhcpServerv4Scope -name "Corpnet" -StartRange 10.0.0.1 -EndRange 10.0.0.254 -SubnetMask 255.255.255.0 -State Active

Add-DhcpServerv4ExclusionRange -ScopeID 10.0.0.0 -StartRange 10.0.0.1 -EndRange 10.0.0.15

Set-DhcpServerv4OptionValue -OptionID 3 -Value 10.0.0.1 -ScopeID 10.0.0.0 -ComputerName DHCP1.corp.contoso.com

Add-DhcpServerv4Scope -name "Corpnet2" -StartRange 10.0.1.1 -EndRange 10.0.1.254 -SubnetMask 255.255.255.0 -State Active

Add-DhcpServerv4ExclusionRange -ScopeID 10.0.1.0 -StartRange 10.0.1.1 -EndRange 10.0.1.15

Set-DhcpServerv4OptionValue -OptionID 3 -Value 10.0.1.1 -ScopeID 10.0.1.0 -ComputerName DHCP1.corp.contoso.com

Set-DhcpServerv4OptionValue -DnsDomain corp.contoso.com -DnsServer 10.0.0.2

Add-DhcpServerInDC -DnsName DHCP1.corp.contoso.com

安裝動態主機設定通訊協定」(DHCP)Install Dynamic Host Configuration Protocol (DHCP)

安裝和使用新增角色及功能精靈 DHCP 伺服器角色的設定,您可以使用此程序。You can use this procedure to install and configure the DHCP Server role using the Add Roles and Features Wizard.

資格在網域系統管理員,或相當於,才能執行此程序最小值。Membership in Domain Admins, or equivalent, is the minimum required to perform this procedure.

若要安裝 DHCPTo install DHCP
  1. DHCP1,在伺服器管理員中,按一下 [管理,然後按新增角色與功能On DHCP1, in Server Manager, click Manage, and then click Add Roles and Features. 新增角色與功能精靈開啟。The Add Roles and Features Wizard opens.

  2. 在您開始之前,請先,按一下 [In Before You Begin, click Next.

    注意

    在您開始之前,請先頁面上新增角色與精靈中的功能不顯示如果先前已選取預設略過此頁面功能精靈與新增的角色執行。The Before You Begin page of the Add Roles and Features Wizard is not displayed if you have previously selected Skip this page by default when the Add Roles and Features Wizard was run.

  3. 選擇安裝類型,確認以角色為基礎,或為基礎的功能的安裝已選取,然後按一下 [下一步In Select Installation Type, ensure that Role-Based or feature-based installation is selected, and then click Next.

  4. 選取目的伺服器,確保選取伺服器伺服器集區的選取。In Select destination server, ensure that Select a server from the server pool is selected. 伺服器集區,請確定已選取 [本機電腦。In Server Pool, ensure that the local computer is selected. 按一下下一步Click Next.

  5. 選取伺服器角色,請在角色、選取DHCP 伺服器In Select Server Roles, in Roles, select DHCP Server. 加入的功能需要 DHCP 伺服器的,按一下 [新增功能In Add features that are required for DHCP Server, click Add Features. 按一下下一步Click Next.

  6. 選擇功能,按一下 [下一步,在DHCP 伺服器,檢視的資訊,提供,然後按一下下一步In Select features, click Next, and in DHCP Server, review the information that is provided, and then click Next.

  7. 確認安裝選項,按一下 [必要時自動重新開機目的伺服器In Confirm installation selections, click Restart the destination server automatically if required. 當系統提示您確認選擇時,請按一下[是],然後按一下 [安裝When you are prompted to confirm this selection, click Yes, and then click Install. 安裝進度頁面上的安裝程序期間會顯示狀態。The Installation progress page displays status during the installation process. 當程序完成時,該訊息「所需的設定。When the process completes, the message "Configuration required. 成功安裝電腦名稱「會顯示在電腦名稱電腦時,您可以安裝 DHCP 伺服器的名稱。Installation succeeded on ComputerName" is displayed, where ComputerName is the name of the computer upon which you installed DHCP Server. 在視窗訊息中,按一下 [完成 DHCP 設定In the message window, click Complete DHCP configuration. 開啟 DHCP 後 Post-Install 設定精靈。The DHCP Post-Install configuration wizard opens. 按一下下一步Click Next.

  8. 授權,指定您要用來授權在 Active Directory Domain Services,DHCP 伺服器,然後按一下 [認證認可In Authorization, specify the credentials that you want to use to authorize the DHCP server in Active Directory Domain Services, and then click Commit. 授權完成後,請按一下關閉After authorization is complete, click Close.

建立和啟動 DHCP 新的領域Create and Activate a New DHCP Scope

您可以使用此程序,以建立新的 DHCP 領域使用 DHCP Microsoft Management Console (MMC)。You can use this procedure to create a new DHCP scope using the DHCP Microsoft Management Console (MMC). 當您完成程序時,範圍便會觸動,之後您建立排除範圍防止 DHCP 伺服器租借,建議您使用靜態設定伺服器的 IP 位址和其他裝置,需要靜態 IP 位址。When you complete the procedure, the scope is activated and the exclusion range that you create prevents the DHCP server from leasing the IP addresses that you use to statically configure your servers and other devices that require a static IP address.

資格在DHCP 系統管理員,或相當於,才能執行此程序最小值。Membership in DHCP Administrators, or equivalent, is the minimum required to perform this procedure.

若要建立並啟用 DHCP 新的領域To create and activate a new DHCP Scope
  1. 在 DHCP1,在伺服器管理員中,按一下工具,然後按DHCPOn DHCP1, in Server Manager, click Tools, and then click DHCP. DHCP MMC 開啟。The DHCP MMC opens.

  2. DHCP,展開 [伺服器名稱。In DHCP, expand the server name. 例如,如果 DHCP1.corp.contoso.com DHCP 伺服器名稱,按一下向下箭號下一步DHCP1.corp.contoso.comFor example, if the DHCP server name is DHCP1.corp.contoso.com, click the down arrow next to DHCP1.corp.contoso.com.

  3. 在 [伺服器名稱,以滑鼠右鍵按一下IPv4,然後按一下 [新的領域Beneath the server name, right-click IPv4, and then click New Scope. 新的領域精靈開啟。The New Scope Wizard opens.

  4. 歡迎使用新的領域精靈,按一下 [In Welcome to the New Scope Wizard, click Next.

  5. 範圍名稱,請在名稱,輸入名稱的範圍。In Scope Name, in Name, type a name for the scope. 例如,輸入子網路 1For example, type Subnet 1.

  6. 描述,輸入新的領域,描述,然後按In Description, type a description for the new scope, and then click Next.

  7. Ip,執行下列動作:In IP Address Range, do the following:

    1. 開始 IP 位址,輸入 IP 位址的範圍中的第一個 IP 位址。In Start IP address, type the IP address that is the first IP address in the range. 例如,輸入10.0.0.1For example, type 10.0.0.1.

    2. 結束 IP 位址,輸入 IP 位址的範圍中的最後一個 IP 位址。In End IP address, type the IP address that is the last IP address in the range. 例如,輸入10.0.0.254For example, type 10.0.0.254. 值適用於長度子網路遮罩會自動輸入,根據您所輸入的 IP 位址開始 IP 位址Values for Length and Subnet mask are entered automatically, based on the IP address you entered for Start IP address.

    3. 如有需要,修改中的值長度子網路遮罩,視您位址配置。If necessary, modify the values in Length or Subnet mask, as appropriate for your addressing scheme.

    4. 按一下下一步Click Next.

  8. [新增排除項目,執行下列動作:In Add Exclusions, do the following:

    1. 開始 IP 位址,輸入 IP 位址的範圍排除項目中的第一個 IP 位址。In Start IP address, type the IP address that is the first IP address in the exclusion range. 例如,輸入10.0.0.1For example, type 10.0.0.1.

    2. 結束 IP 位址,輸入 IP 位址的最後一個 IP 位址範圍排除項目,例如,輸入10.0.0.15In End IP address, type the IP address that is the last IP address in the exclusion range, For example, type 10.0.0.15.

  9. 按一下新增,然後按一下 [Click Add, and then click Next.

  10. 租用期間,修改預設值的時間,和分鐘,視您的網路,然後再按一下下一步In Lease Duration, modify the default values for Days, Hours, and Minutes, as appropriate for your network, and then click Next.

  11. 設定 DHCP 選項,請選取是,我要設定現在這些選項,然後按一下 [下一步In Configure DHCP Options, select Yes, I want to configure these options now, and then click Next.

  12. (預設閘道)路由器,執行下列其中一個動作:In Router (Default Gateway), do one of the following:

    • 如果您尚未路由器您網路上,按一下 [下一步If you do not have routers on your network, click Next.

    • 的 IP 位址中,輸入 IP 位址,您的路由器或預設閘道。In IP address, type the IP address of your router or default gateway. 例如,輸入10.0.0.1For example, type 10.0.0.1. 按一下新增,然後按一下 [Click Add, and then click Next.

  13. 的網域名稱和 DNS 伺服器],執行下列動作:In Domain Name and DNS Servers, do the following:

    1. 父系網域,輸入名稱解析戶端使用 DNS 網域名稱。In Parent domain, type the name of the DNS domain that clients use for name resolution. 例如,輸入corp.contoso.comFor example, type corp.contoso.com.

    2. 伺服器名稱,輸入名稱解析戶端使用 DNS 電腦的名稱。In Server name, type the name of the DNS computer that clients use for name resolution. 例如,輸入DC1For example, type DC1.

    3. 按一下解析Click Resolve. DNS 伺服器的 IP 位址會新增的 IP 位址The IP address of the DNS server is added in IP address. 按一下新增,等待 DNS 伺服器 IP 位址驗證,才能完成,然後按Click Add, wait for DNS server IP address validation to complete, and then click Next.

  14. WINS 伺服器],因為您未在您的網路,需要 WINS 伺服器按下一步In WINS Servers, because you do not have WINS servers on your network, click Next.

  15. 啟動範圍是,我想要立即啟動這個領域In Activate Scope, select Yes, I want to activate this scope now.

  16. 按一下下一步,然後按完成Click Next, and then click Finish.

重要

若要建立新的領域的其他子網路,請重複此程序。To create new scopes for additional subnets, repeat this procedure. 想要部署,並確保 DHCP 郵件轉寄可以在所有的路由器會導致其他子網路,每個子網路使用不同的 IP 位址。Use a different IP address range for each subnet that you plan to deploy, and ensure that DHCP message forwarding is enabled on all routers that lead to other subnets.

加入網域的電腦 Client 並登入Joining Client Computers to the Domain and Logging On

注意

使用 Windows PowerShell 來執行這個程序,開放 PowerShell 輸入下列 cmdlet,並再按下 ENTER。To perform this procedure by using Windows PowerShell, open PowerShell and type the following cmdlet, and then press ENTER. 您必須也將您想要使用名稱的網域名稱取代。You must also replace the domain name with the name that you want to use.

Add-Computer -DomainName corp.contoso.com

當您接到這樣做時,請輸入的使用者名稱和密碼 account 的權限加入網域的電腦。When you are prompted to do so, type the user name and password for an account that has permission to join a computer to the domain. 若要重新開機,輸入下列命令,然後按 ENTER。To restart the computer, type the following command and press ENTER.

Restart-Computer

若要加入的網域執行 Windows 10 的電腦To join computers running Windows 10 to the domain
  1. 登入本機電腦。Log on to the computer with the local Administrator account.

  2. [搜尋網路與 Windows,輸入系統In Search the web and Windows, type System. 在搜尋結果中,按一下 [系統(控制台)In search results, click System (Control panel). 系統對話方塊。The System dialog box opens.

  3. 系統,按一下 [進階系統設定In System, click Advanced system settings. 系統屬性對話方塊。The System Properties dialog box opens. 按一下電腦名稱索引標籤。Click the Computer Name tab.

  4. 電腦名稱,按一下 [變更In Computer Name, click Change. 電腦名稱日網域變更對話方塊。The Computer Name/Domain Changes dialog box opens.

  5. 電腦名稱日網域變更,請在的成員,按一下 [網域,然後輸入您想要加入的網域名稱。In Computer Name/Domain Changes , In Member of, click Domain, and then type the name of the domain you want to join. 如果 corp.contoso.com 的網域名稱,例如,輸入corp.contoso.comFor example, if the domain name is corp.contoso.com, type corp.contoso.com.

  6. 按一下[確定]Click OK. Windows 安全性對話方塊。The Windows Security dialog box opens.

  7. 電腦名稱日網域變更,請在使用者名稱,輸入使用者名稱,並在密碼,請輸入密碼,然後按一下[確定]In Computer Name/Domain Changes, in User name, type the user name, and in Password, type the password, and then click OK. 電腦名稱日網域變更對話方塊,一則歡迎您的網域。The Computer Name/Domain Changes dialog box opens, welcoming you to the domain. 按一下[確定]Click OK.

  8. 電腦名稱日網域變更對話方塊中,會顯示訊息表示,您必須重新開機,適用於所做的變更。The Computer Name/Domain Changes dialog box displays a message indicating that you must restart the computer to apply the changes. 按一下[確定]Click OK.

  9. 系統屬性對話方塊中,於電腦名稱索引標籤上,按一下 [關閉On the System Properties dialog box, on the Computer Name tab, click Close. Microsoft Windows對話方塊中開啟,且會顯示訊息,再試一次表示,您必須重新開機,適用於所做的變更。The Microsoft Windows dialog box opens, and displays a message, again indicating that you must restart the computer to apply the changes. 按一下現在重新Click Restart Now.

若要加入的網域執行 Windows 8.1 的電腦To join computers running Windows 8.1 to the domain
  1. 登入本機電腦。Log on to the computer with the local Administrator account.

  2. 以滑鼠右鍵按一下[開始],然後按系統Right-click Start, and then click System. 系統對話方塊。The System dialog box opens.

  3. 系統,按一下 [進階系統設定In System, click Advanced system settings. 系統屬性對話方塊。The System Properties dialog box opens. 按一下電腦名稱索引標籤。Click the Computer Name tab.

  4. 電腦名稱,按一下 [變更In Computer Name, click Change. 電腦名稱日網域變更對話方塊。The Computer Name/Domain Changes dialog box opens.

  5. 電腦名稱日網域變更,請在的成員,按一下 [網域,然後輸入您想要加入的網域名稱。In Computer Name/Domain Changes , In Member of, click Domain, and then type the name of the domain you want to join. 如果 corp.contoso.com 的網域名稱,例如,輸入corp.contoso.comFor example, if the domain name is corp.contoso.com, type corp.contoso.com.

  6. 按一下[確定]Click OK. Windows 安全性對話方塊。The Windows Security dialog box opens.

  7. 電腦名稱日網域變更,請在使用者名稱,輸入使用者名稱,並在密碼,請輸入密碼,然後按一下[確定]In Computer Name/Domain Changes, in User name, type the user name, and in Password, type the password, and then click OK. 電腦名稱日網域變更對話方塊,一則歡迎您的網域。The Computer Name/Domain Changes dialog box opens, welcoming you to the domain. 按一下[確定]Click OK.

  8. 電腦名稱日網域變更對話方塊中,會顯示訊息表示,您必須重新開機,適用於所做的變更。The Computer Name/Domain Changes dialog box displays a message indicating that you must restart the computer to apply the changes. 按一下[確定]Click OK.

  9. 系統屬性對話方塊中,於電腦名稱索引標籤上,按一下 [關閉On the System Properties dialog box, on the Computer Name tab, click Close. Microsoft Windows對話方塊中開啟,且會顯示訊息,再試一次表示,您必須重新開機,適用於所做的變更。The Microsoft Windows dialog box opens, and displays a message, again indicating that you must restart the computer to apply the changes. 按一下現在重新Click Restart Now.

若要登入執行 Windows 10 電腦網域To log on to the domain using computers running Windows 10
  1. 登入電腦,或重新開機。Log off the computer, or restart the computer.

  2. 按下 CTRL + ALT + DELETE。Press CTRL + ALT + DELETE. 登入畫面顯示。The logon screen appears.

  3. 在 [左下,按一下 [以其他使用者In the lower left, click Other User.

  4. 的使用者名稱,輸入您的網域和使用者名稱的格式網域使用者In User name, type your domain and user name in the format domain\user. 來登入網域 corp.contoso.com 名帳號,例如使用者-01,輸入CORP\User-01For example, to log on to the domain corp.contoso.com with an account named User-01, type CORP\User-01.

  5. 密碼、輸入您的網域密碼,然後按一下箭頭,或按下 ENTER。In Password, type your domain password, and then click the arrow, or press ENTER.

部署選擇性功能網路存取驗證和 Web 服務Deploying optional features for network access authentication and Web services

如果您想要部署的網路存取伺服器,例如 wireless 存取點或 VPN 伺服器安裝核心網路之後,建議您部署 NPS 伺服器和網頁伺服器。If you intend to deploy network access servers, such as wireless access points or VPN servers, after installing your core network, it is recommended that you deploy both an NPS server and a Web server. 對於網路存取部署,建議使用的安全性憑證架構的驗證方法。For network access deployments, the use of secure certificate-based authentication methods is recommended. 您可以使用 NPS 管理存取權的網路原則和部署安全的驗證方法。You can use NPS to manage network access policies and to deploy secure authentication methods. 您可以使用 Web 伺服器發行您憑證授權單位提供安全驗證憑證的憑證撤銷清單 (CRL)。You can use a Web server to publish the certificate revocation list (CRL) of your certification authority (CA) that provides certificates for secure authentication.

注意

您可以使用核心網路小幫手指南部署伺服器的憑證和其他功能。You can deploy server certificates and other additional features by using Core Network Companion Guides. 如需詳細資訊,請查看額外的技術資源For more information, see Additional Technical Resources.

下圖顯示拓撲新增 NPS 與 Web 伺服器與 Windows Server Core 網路。The following illustration shows the Windows Server Core Network topology with added NPS and Web servers.

Windows Server Core 網路拓撲新增 NPS 與 Web 伺服器

下列章節提供 NPS 與 Web 伺服器新增到您的網路的資訊。The following sections provide information on adding NPS and Web servers to your network.

部署 NPS1Deploying NPS1

準備用來部署其他網路存取技術,例如私人網路 virtual (VPN) 伺服器、wireless 存取點,並 802.1 X 驗證的參數步驟以安裝網路原則 Server (NPS) 伺服器。The Network Policy Server (NPS) server is installed as a preparatory step for deploying other network access technologies, such as virtual private network (VPN) servers, wireless access points, and 802.1X authenticating switches.

網路原則 Server (NPS) 可讓您集中設定及管理網路原則,使用下列功能:遠端驗證 Dial 使用者服務 (RADIUS) 伺服器與 RADIUS proxy。Network Policy Server (NPS) allows you to centrally configure and manage network policies with the following features: Remote Authentication Dial-In User Service (RADIUS) server and RADIUS proxy.

NPS 核心網路,選擇性元件,但下列其中一項時,您應該會安裝 NPS:NPS is an optional component of a core network, but you should install NPS if any of the following are true:

  • 您計畫以展開網路包含遠端存取伺服器 RADIUS 通訊協定,例如電腦執行的是 Windows Server 2016、Windows Server 2012 R2、Windows Server 2012、Windows Server 2008 R2 或 Windows Server 2008 和路由並遠端存取服務,車票服務閘道或遠端桌面閘道相容。You are planning to expand your network to include remote access servers that are compatible with the RADIUS protocol, such as a computer running Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008 and Routing and Remote Access service, Terminal Services Gateway, or Remote Desktop Gateway.

  • 想要部署 802.1 X 驗證的有線或無線存取。You plan to deploy 802.1X authentication for wired or wireless access.

部署之前的角色這項服務,您必須為 NPS 伺服器設定您的電腦上執行下列步驟。Before deploying this role service, you must perform the following steps on the computer you are configuring as an NPS server.

若要部署,也就是在電腦 NPS1 伺服器角色網路原則與服務存取權的網路原則 Server (NPS) 角色服務執行的是,您必須先完成此步驟:To deploy NPS1, which is the computer running the Network Policy Server (NPS) role service of the Network Policy and Access Services server role, you must complete this step:

注意

本指南部署 NPS 獨立伺服器上的指示或 VM 名 NPS1。This guide provides instructions for deploying NPS on a standalone server or VM named NPS1. 另一個建議的部署模型是網域控制站 NPS 安裝。Another recommended deployment model is the installation of NPS on a domain controller. 如果您偏好網域控制站而不是在獨立的伺服器上安裝 NPS,安裝 NPS DC1 上。If you prefer installing NPS on a domain controller instead of on a standalone server, install NPS on DC1.

規劃 NPS1 部署Planning the deployment of NPS1

如果您想要部署的網路存取伺服器,例如 wireless 存取點或 VPN 伺服器部署核心網路之後,建議您部署 NPS。If you intend to deploy network access servers, such as wireless access points or VPN servers, after deploying your core network, it is recommended that you deploy NPS.

當您使用遠端驗證 Dial 使用者服務 (RADIUS) 伺服器 NPS 時,NPS 執行驗證和授權連接到您的網路存取伺服器的要求。When you use NPS as a Remote Authentication Dial-In User Service (RADIUS) server, NPS performs authentication and authorization for connection requests through your network access servers. NPS 也可讓您集中設定及管理原則的網路存取網路的人、它們如何存取網路及時,他們可以存取網路可用來判斷。NPS also allows you to centrally configure and manage network policies that determine who can access the network, how they can access the network, and when they can access the network.

以下是金鑰計劃的步驟,安裝 NPS 之前。Following are key planning steps before installing NPS.

  • 規劃安全性。Plan the user accounts database. 根據預設,如果您加入執行 Active Directory domain、NPS 伺服器 NPS 會執行驗證,AD DS 使用者帳號資料庫授權。By default, if you join the server running NPS to an Active Directory domain, NPS performs authentication and authorization using the AD DS user accounts database. 有時候,像是使用大型網路使用 NPS RADIUS proxy 為轉送連接要求其他 RADIUS 伺服器,您可能要安裝 NPS 成員非網域的電腦上。In some cases, such as with large networks that use NPS as a RADIUS proxy to forward connection requests to other RADIUS servers, you might want to install NPS on a non-domain member computer.

  • 規劃 RADIUS 計量。Plan RADIUS accounting. NPS 可讓您登入計量資料 SQL Server 資料庫或在本機電腦上的文字檔案。NPS allows you to log accounting data to a SQL Server database or to a text file on the local computer. 如果您想要使用 SQL Server 登入,計劃安裝及執行 SQL Server server 的設定。If you want to use SQL Server logging, plan the installation and configuration of your server running SQL Server.

安裝網路原則伺服器 (NPS)Install Network Policy Server (NPS)

若要使用的新增角色與功能精靈安裝網路原則 Server (NPS),您可以使用此程序。You can use this procedure to install Network Policy Server (NPS) by using the Add Roles and Features Wizard. NPS 是以角色服務的網路原則與服務存取伺服器角色。NPS is a role service of the Network Policy and Access Services server role.

注意

根據預設,NPS RADIUS 連接埠 1812 年,1813 年、1645 年 1646 年所有安裝的網路介面卡上的資料傳輸接聽。By default, NPS listens for RADIUS traffic on ports 1812, 1813, 1645, and 1646 on all installed network adapters. 使用進階安全性 Windows 防火牆尚未安裝 NPS 時,如果上述連接埠防火牆例外會自動建立網際網路通訊協定第 6 版 (IPv6) 和 IPv4 流量的安裝程序期間。If Windows Firewall with Advanced Security is enabled when you install NPS, firewall exceptions for these ports are automatically created during the installation process for both Internet Protocol version 6 (IPv6) and IPv4 traffic. 如果您的網路存取伺服器設定 RADIUS 流量傳送到以外這些預設的連接埠,移除例外建立 NPS 在安裝期間,Windows 防火牆使用進階安全性,並建立例外 RADIUS 流量您使用的連接埠。If your network access servers are configured to send RADIUS traffic over ports other than these defaults, remove the exceptions created in Windows Firewall with Advanced Security during NPS installation, and create exceptions for the ports that you do use for RADIUS traffic.

管理認證Administrative Credentials

若要完成此程序,您必須成員的網域系統管理員群組。To complete this procedure, you must be a member of the Domain Admins group.

注意

若要使用 Windows PowerShell 來執行這個程序,開放 PowerShell 輸入下列命令,並再按下 ENTER。To perform this procedure by using Windows PowerShell, open PowerShell and type the following, and then press ENTER.

Install-WindowsFeature NPAS -IncludeManagementTools

若要安裝 NPSTo install NPS
  1. NPS1,在伺服器管理員中,按一下 [管理,然後按新增角色與功能On NPS1, in Server Manager, click Manage, and then click Add Roles and Features. 新增角色與功能精靈開啟。The Add Roles and Features Wizard opens.

  2. 在您開始之前,請先,按一下 [In Before You Begin, click Next.

    注意

    在您開始之前,請先頁面上新增角色與精靈中的功能不顯示如果先前已選取預設略過此頁面功能精靈與新增的角色執行。The Before You Begin page of the Add Roles and Features Wizard is not displayed if you have previously selected Skip this page by default when the Add Roles and Features Wizard was run.

  3. 選擇安裝類型,確認以角色為基礎,或為基礎的功能的安裝已選取,然後按一下 [下一步In Select Installation Type, ensure that Role-Based or feature-based installation is selected, and then click Next.

  4. 選取目的伺服器,確保選取伺服器伺服器集區的選取。In Select destination server, ensure that Select a server from the server pool is selected. 伺服器集區,請確定已選取 [本機電腦。In Server Pool, ensure that the local computer is selected. 按一下下一步Click Next.

  5. 選取伺服器角色,請在角色、選取網路原則與服務存取In Select Server Roles, in Roles, select Network Policy and Access Services. 對話方塊詢問是否它應該會新增所需的網路原則與服務存取的功能。A dialog box opens asking if it should add features that are required for Network Policy and Access Services. 按一下新增功能,然後按一下 [Click Add Features, and then click Next.

  6. 選擇功能,按一下 [下一步,在網路原則與服務存取,檢視的資訊,提供,然後按一下下一步In Select features, click Next, and in Network Policy and Access Services, review the information that is provided, and then click Next.

  7. 選擇角色服務,按一下 [的網路原則伺服器In Select role services, click Network Policy Server. 新增所需的網路原則伺服器功能,按一下 [新增功能In Add features that are required for Network Policy Server, click Add Features. 按一下下一步Click Next.

  8. 確認安裝選項,按一下 [必要時自動重新開機目的伺服器In Confirm installation selections, click Restart the destination server automatically if required. 當系統提示您確認選擇時,請按一下[是],然後按一下 [安裝When you are prompted to confirm this selection, click Yes, and then click Install. 安裝進度頁面會顯示在安裝期間狀態。The Installation progress page displays status during the installation process. 此程序完成時,該訊息」成功安裝電腦名稱「出現時,其中電腦名稱電腦時,您的網路原則伺服器的名稱。When the process completes, the message "Installation succeeded on ComputerName" is displayed, where ComputerName is the name of the computer upon which you installed Network Policy Server. 按一下關閉Click Close.

NPS 伺服器登記預設網域中Register the NPS Server in the Default Domain

您可以使用此程序位於網域中伺服器網域成員登記 NPS 伺服器。You can use this procedure to register an NPS server in the domain where the server is a domain member.

NPS 伺服器必須登記完畢 Active Directory 中,讓他們使用的是讀取的帳號撥號屬性授權程序期間的權限。NPS servers must be registered in Active Directory so that they have permission to read the dial-in properties of user accounts during the authorization process. 登記 NPS 伺服器新增伺服器RAS 及 IAS 伺服器]群組中 Active Directory。Registering an NPS server adds the server to the RAS and IAS Servers group in Active Directory.

管理認證Administrative credentials

若要完成此程序,您必須成員的網域系統管理員群組。To complete this procedure, you must be a member of the Domain Admins group.

注意

若要執行此程序使用 Windows PowerShell 中的網路介面 (Netsh) 命令、開放 PowerShell 輸入下列命令,並再按下 ENTER。To perform this procedure by using network shell (Netsh) commands within Windows PowerShell, open PowerShell and type the following, and then press ENTER.

netsh nps add registeredserver domain=corp.contoso.com server=NPS1.corp.contoso.com

若要在其預設網域登記 NPS 伺服器To register an NPS server in its default domain
  1. 在 NPS1,在伺服器管理員中,按一下 [工具],然後按一下的網路原則伺服器On NPS1, in Server Manager, click Tools, and then click Network Policy Server. 網路原則伺服器 MMC 開啟。The Network Policy Server MMC opens.

  2. 以滑鼠右鍵按一下NPS(本機),然後按一下 [登記伺服器 Active Directory 中的Right-click NPS (Local), and then click Register server in Active Directory. 的網路原則伺服器對話方塊。The Network Policy Server dialog box opens.

  3. 的網路原則伺服器,按一下 [ [確定],,然後按一下 [ [確定]再試一次。In Network Policy Server, click OK, and then click OK again.

如需的網路原則伺服器,查看的網路原則 Server (NPS)For more information about Network Policy Server, see Network Policy Server (NPS).

部署 WEB1Deploying WEB1

在 Windows Server 2016 網頁伺服器 (IIS) 角色提供安全,輕鬆管理、模組且最具擴充性的平台會可靠地裝載的網站、服務和應用程式。The Web Server (IIS) role in Windows Server 2016 provides a secure, easy-to-manage, modular and extensible platform for reliably hosting web sites, services, and applications. 使用網際網路資訊服務 (IIS),您可以分享網際網路、內部網路,或外部網路使用者的資訊。With Internet Information Services (IIS), you can share information with users on the Internet, an intranet, or an extranet. IIS 是整合 IIS、ASP.NET、FTP 服務、PHP 及 Windows 通訊基本知識 (WCF) 的整合的 web 平台。IIS is a unified web platform that integrates IIS, ASP.NET, FTP services, PHP, and Windows Communication Foundation (WCF).

網頁伺服器 (IIS) 伺服器角色除了可讓您存取 CRL 發行網域成員電腦,可讓您設定及管理多個網站、web 應用程式,以及 FTP 網站。In addition to allowing you to publish a CRL for access by domain member computers, the Web Server (IIS) server role allows you to set up and manage multiple web sites, web applications, and FTP sites. IIS 也提供下列優點:IIS also provides the following benefits:

  • 最大化 web 透過減少的伺服器英呎列印和自動應用程式隔離的安全性。Maximize web security through a reduced server foot print and automatic application isolation.

  • 輕鬆地部署與執行 ASP.NET、傳統型 ASP 和 PHP web 應用程式在相同的伺服器上。Easily deploy and run ASP.NET, classic ASP, and PHP web applications on the same server.

  • 隔離的應用程式提供同事處理程序的唯一身分和沙箱設定預設進一步減少安全性風險。Achieve application isolation by giving worker processes a unique identity and sandboxed configuration by default, further reducing security risks.

  • 輕鬆地新增、移除及自訂模組,適用於客戶需求甚至取代建 IIS 元件。Easily add, remove, and even replace built-in IIS components with custom modules, suited for customer needs.

  • 來加速您透過建動態快取和美化的壓縮的網站。Speed up your website through built-in dynamic caching and enhanced compression.

您必須部署 WEB1,是執行的網頁伺服器 (IIS) 伺服器角色電腦,請執行下列動作:To deploy WEB1, which is the computer that is running the Web Server (IIS) server role, you must do the following:

安裝網頁伺服器 (IIS) 伺服器角色Install the Web Server (IIS) server role

若要完成此程序,您必須成員的系統管理員群組。To complete this procedure, you must be a member of the Administrators group.

注意

若要使用 Windows PowerShell 來執行這個程序,開放 PowerShell 輸入下列命令,並再按下 ENTER。To perform this procedure by using Windows PowerShell, open PowerShell and type the following, and then press ENTER.

Install-WindowsFeature Web-Server -IncludeManagementTools

  1. 伺服器管理員,按一下 [管理,然後按一下 [新增角色與功能In Server Manager, click Manage, and then click Add Roles and Features. 新增角色與功能精靈開啟。The Add Roles and Features Wizard opens.

  2. 在您開始之前,請先,按一下 [In Before You Begin, click Next.

    注意

    在您開始之前,請先頁面上新增角色與精靈中的功能不顯示如果先前已選取預設略過此頁面功能精靈與新增的角色執行。The Before You Begin page of the Add Roles and Features Wizard is not displayed if you have previously selected Skip this page by default when the Add Roles and Features Wizard was run.

  3. 選擇安裝類型頁面上,按一下 [On the Select Installation Type page, click Next.

  4. 選擇目的伺服器頁面中,確定本機電腦已選取,然後按下一步On the Select destination server page, ensure that the local computer is selected, and then click Next.

  5. 選擇伺服器角色頁面上,捲動到 [,然後選取網頁伺服器 (IIS)On the Select server roles page, scroll to and select Web Server (IIS). 新增所需的網頁伺服器 (IIS) 功能對話方塊。The Add features that are required for Web Server (IIS) dialog box opens. 按一下新增功能,然後按一下 [Click Add Features, and then click Next.

  6. 按一下下一步直到您接受預設的所有網頁伺服器設定,然後按一下 [安裝Click Next until you have accepted all of the default web server settings, and then click Install.

  7. 安裝所有已成功,請確認,然後按一下關閉Verify that all installations were successful, and then click Close.

其他技術資源Additional Technical Resources

如需本指南技術的詳細資訊,查看下列的資源:For more information about the technologies in this guide, see the following resources:

Windows Server 2016、Windows Server 2012 R2 和 Server 2012 技術文件庫的 Windows 資源Windows Server 2016, Windows Server 2012 R2 , and Windows Server 2012 Technical Library Resources

透過電子附錄 AAppendices A through E

下列章節包含額外的設定電腦正在執行 Windows Server 2016、Windows 10、Windows Server 2012 和 Windows 8 以外的作業系統資訊。The following sections contain additional configuration information for computers that are running operating systems other than Windows Server 2016, Windows 10, Windows Server 2012 , and Windows 8. 此外,可以協助您處理您的部署提供的網路準備試算表。In addition, a network preparation worksheet is provided to assist you with your deployment.

  1. 附錄 A-重新命名電腦Appendix A - Renaming computers

  2. 附錄 B-設定靜態 IP 位址Appendix B - Configuring static IP addresses

  3. 附錄 C-加入網域的電腦Appendix C - Joining computers to the domain

  4. 附錄 D-登入網域Appendix D - Log on to the domain

  5. 附錄 E-核心網路規劃準備工作表Appendix E - Core Network Planning Preparation Sheet

附錄 A-重新命名電腦Appendix A - Renaming computers

您可以使用在本區段中程序,以提供使用不同的電腦名稱執行 Windows Server 2008 R2、Windows 7、Windows Server 2008 和 Windows Vista 的電腦。You can use the procedures in this section to provide computers running Windows Server 2008 R2, Windows 7, Windows Server 2008 , and Windows Vista with a different computer name.

Windows Server 2008 R2 和 Windows 7Windows Server 2008 R2 and Windows 7

資格在系統管理員,或相當於,才能執行這些程序最小值。Membership in Administrators, or equivalent, is the minimum required to perform these procedures.

若要重新命名執行 Windows Server 2008 R2 和 Windows 7 的電腦To rename computers running Windows Server 2008 R2 and Windows 7
  1. 按一下[開始],以滑鼠右鍵按一下電腦,然後按一下 [屬性Click Start, right-click Computer, and then click Properties. 系統對話方塊。The System dialog box opens.

  2. 電腦名稱、網域及工作群組設定,按一下 [變更設定In Computer name, domain, and workgroup settings, click Change settings. 系統屬性對話方塊。The System Properties dialog box opens.

    注意

    在電腦上執行 Windows 7 之前系統屬性對話方塊,使用者 Account 控制項對話方塊,要求權限才能繼續。On computers running Windows 7, before the System Properties dialog box opens, the User Account Control dialog box opens, requesting permission to continue. 按一下繼續以繼續。Click Continue to proceed.

  3. 按一下變更Click Change. 電腦名稱日網域變更對話方塊。The Computer Name/Domain Changes dialog box opens.

  4. 電腦名稱,輸入您的電腦的名稱。In Computer Name, type the name for your computer. 例如,如果您想要為電腦 DC1,輸入DC1For example, if you want to name the computer DC1, type DC1.

  5. 按一下[確定]兩次,按一下 [關閉,然後按一下 [立即重新開機重新開機。Click OK twice, click Close, and then click Restart Now to restart the computer.

Windows Server 2008 和 Windows VistaWindows Server 2008 and Windows Vista

資格在系統管理員,或相當於,才能執行這些程序最小值。Membership in Administrators, or equivalent, is the minimum required to perform these procedures.

若要重新命名電腦執行的 Windows Server 2008 和 Windows VistaTo rename computers running Windows Server 2008 and Windows Vista
  1. 按一下[開始],以滑鼠右鍵按一下電腦,然後按一下 [屬性Click Start, right-click Computer, and then click Properties. 系統對話方塊。The System dialog box opens.

  2. 電腦名稱、網域及工作群組設定,按一下 [變更設定In Computer name, domain, and workgroup settings, click Change settings. 系統屬性對話方塊。The System Properties dialog box opens.

    注意

    在電腦上執行 Windows Vista、前系統屬性對話方塊,使用者 Account 控制項對話方塊,要求權限才能繼續。On computers running Windows Vista, before the System Properties dialog box opens, the User Account Control dialog box opens, requesting permission to continue. 按一下繼續以繼續。Click Continue to proceed.

  3. 按一下變更Click Change. 電腦名稱日網域變更對話方塊。The Computer Name/Domain Changes dialog box opens.

  4. 電腦名稱,輸入您的電腦的名稱。In Computer Name, type the name for your computer. 例如,如果您想要為電腦 DC1,輸入DC1For example, if you want to name the computer DC1, type DC1.

  5. 按一下[確定]兩次,按一下 [關閉,然後按一下 [立即重新開機重新開機。Click OK twice, click Close, and then click Restart Now to restart the computer.

附錄 B-設定靜態 IP 位址Appendix B - Configuring static IP addresses

本主題提供程序如何設定執行下列作業系統的電腦上的靜態 IP 位址:This topic provides procedures for configuring static IP addresses on computers running the following operating systems:

Windows Server 2008 R2Windows Server 2008 R2

資格在系統管理員,或相當於,才能執行此程序最小值。Membership in Administrators, or equivalent, is the minimum required to perform this procedure.

若要設定的電腦執行的 Windows Server 2008 R2 上的靜態 IP 位址To configure a static IP address on a computer running Windows Server 2008 R2
  1. 按一下[開始],然後按[控制台]Click Start, and then click Control Panel.

  2. [控制台],按一下 [網路和網際網路In Control Panel, click Network and Internet. 網路和網際網路開啟。Network and Internet opens.

    網路和網際網路,按一下 [網路和共用中心]In Network and Internet, click Network and Sharing Center. 網路和共用中心]開啟。Network and Sharing Center opens.

  3. 網路和共用中心],按一下 [變更介面卡設定In Network and Sharing Center, click Change adapter settings. 網路連接開啟。Network Connections opens.

  4. 裝置管理員,以滑鼠右鍵按一下您想要設定,然後按一下 [網路屬性In Network Connections, right-click the network connection that you want to configure, and then click Properties.

  5. 本機區域連接屬性,請在此連接使用下列項目、選取網際網路通訊協定第 4 版本 (TCP 日 IPv4),,然後按一下屬性In Local Area Connection Properties, in This connection uses the following items, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 網際網路通訊協定第 4 版本 (TCP 日 IPv4) 屬性對話方塊。The Internet Protocol Version 4 (TCP/IPv4) Properties dialog box opens.

  6. 網際網路通訊協定第 4 版本 (TCP 日 IPv4) 屬性,在一般索引標籤上,按一下 [使用下列的 IP 位址In Internet Protocol Version 4 (TCP/IPv4) Properties, on the General tab, click Use the following IP address. 的 IP 位址,輸入您想要使用 IP 位址。In IP address, type the IP address that you want to use.

  7. 按] 索引標籤,將游標在子網路遮罩Press tab to place the cursor in Subnet mask. 會自動輸入子網路遮罩的預設值。A default value for subnet mask is entered automatically. 接受預設子網路遮罩,或輸入您想要使用的子網路遮罩。Either accept the default subnet mask, or type the subnet mask that you want to use.

  8. 預設閘道,輸入您的預設閘道 IP 位址。In Default gateway, type the IP address of your default gateway.

  9. 慣用 DNS 伺服器],輸入您的 DNS 伺服器的 IP 位址。In Preferred DNS server, type the IP address of your DNS server. 如果您打算使用為慣用 DNS 伺服器的本機電腦,請輸入本機電腦的 IP 位址。If you plan to use the local computer as the preferred DNS server, type the IP address of the local computer.

  10. 其他 DNS 伺服器,如果有的話,輸入您替代的 DNS 伺服器的 IP 位址。In Alternate DNS Server, type the IP address of your alternate DNS server, if any. 如果您想要使用做為備用 DNS 伺服器的本機電腦,請輸入本機電腦的 IP 位址。If you plan to use the local computer as an alternate DNS server, type the IP address of the local computer.

  11. 按一下[確定],然後按關閉Click OK, and then click Close.

Windows Server 2008Windows Server 2008

資格在系統管理員,或相當於,才能執行這些程序最小值。Membership in Administrators, or equivalent, is the minimum required to perform these procedures.

若要設定執行 Windows Server 2008 的電腦上的靜態 IP 位址To configure a static IP address on a computer running Windows Server 2008
  1. 按一下[開始],然後按[控制台]Click Start, and then click Control Panel.

  2. [控制台],確認傳統檢視已選取,然後按兩下 [網路和共用中心]In Control Panel, verify that Classic View is selected, and then double-click Network and Sharing Center.

  3. 網路和共用中心],請在工作,按一下 [管理網路連接In Network and Sharing Center, in Tasks, click Manage Network Connections.

  4. 裝置管理員,以滑鼠右鍵按一下您想要設定,然後按一下 [網路屬性In Network Connections, right-click the network connection that you want to configure, and then click Properties.

  5. 本機區域連接屬性,請在此連接使用下列項目、選取網際網路通訊協定第 4 版本 (TCP 日 IPv4),,然後按一下屬性In Local Area Connection Properties, in This connection uses the following items, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 網際網路通訊協定第 4 版本 (TCP 日 IPv4) 屬性對話方塊。The Internet Protocol Version 4 (TCP/IPv4) Properties dialog box opens.

  6. 網際網路通訊協定第 4 版本 (TCP 日 IPv4) 屬性,在一般索引標籤上,按一下 [使用下列的 IP 位址In Internet Protocol Version 4 (TCP/IPv4) Properties, on the General tab, click Use the following IP address. 的 IP 位址,輸入您想要使用 IP 位址。In IP address, type the IP address that you want to use.

  7. 按] 索引標籤,將游標在子網路遮罩Press tab to place the cursor in Subnet mask. 會自動輸入子網路遮罩的預設值。A default value for subnet mask is entered automatically. 接受預設子網路遮罩,或輸入您想要使用的子網路遮罩。Either accept the default subnet mask, or type the subnet mask that you want to use.

  8. 預設閘道,輸入您的預設閘道 IP 位址。In Default gateway, type the IP address of your default gateway.

  9. 慣用 DNS 伺服器],輸入您的 DNS 伺服器的 IP 位址。In Preferred DNS server, type the IP address of your DNS server. 如果您打算使用為慣用 DNS 伺服器的本機電腦,請輸入本機電腦的 IP 位址。If you plan to use the local computer as the preferred DNS server, type the IP address of the local computer.

  10. 其他 DNS 伺服器,如果有的話,輸入您替代的 DNS 伺服器的 IP 位址。In Alternate DNS Server, type the IP address of your alternate DNS server, if any. 如果您想要使用做為備用 DNS 伺服器的本機電腦,請輸入本機電腦的 IP 位址。If you plan to use the local computer as an alternate DNS server, type the IP address of the local computer.

  11. 按一下[確定],然後按關閉Click OK, and then click Close.

附錄 C-加入網域的電腦Appendix C - Joining computers to the domain

若要加入的網域執行 Windows Server 2008 R2、Windows 7、Windows Server 2008 和 Windows Vista 的電腦,您可以使用下列程序。You can use these procedures to join computers running Windows Server 2008 R2, Windows 7, Windows Server 2008 , and Windows Vista to the domain.

重要

若要加入網域的電腦,您必須登入本機電腦,或者,如果您登入的電腦,而不需要本機電腦的系統管理員認證帳號,您必須提供認證本機電腦加入網域的程序期間。To join a computer to a domain, you must be logged on to the computer with the local Administrator account or, if you are logged on to the computer with a user account that does not have local computer administrative credentials, you must provide the credentials for the local Administrator account during the process of joining the computer to the domain. 此外,您必須使用者帳號您要將電腦加入網域中。In addition, you must have a user account in the domain to which you want to join the computer. 在的電腦加入網域過程中,將會提示您輸入您的網域 account 認證(的使用者名稱和密碼)。During the process of joining the computer to the domain, you will be prompted for your domain account credentials (user name and password).

Windows Server 2008 R2 和 Windows 7Windows Server 2008 R2 and Windows 7

資格在網域使用者,或相當於,才能執行此程序最小值。Membership in Domain Users, or equivalent, is the minimum required to perform this procedure.

若要加入的網域執行 Windows Server 2008 R2 和 Windows 7 的電腦To join computers running Windows Server 2008 R2 and Windows 7 to the domain
  1. 登入本機電腦。Log on to the computer with the local Administrator account.

  2. 按一下[開始],以滑鼠右鍵按一下電腦,然後按一下 [屬性Click Start, right-click Computer, and then click Properties. 系統對話方塊。The System dialog box opens.

  3. 電腦名稱、網域及工作群組設定,按一下 [變更設定In Computer name, domain, and workgroup settings, click Change settings. 系統屬性對話方塊。The System Properties dialog box opens.

    注意

    在電腦上執行 Windows 7 之前系統屬性對話方塊,使用者 Account 控制項對話方塊,要求權限才能繼續。On computers running Windows 7, before the System Properties dialog box opens, the User Account Control dialog box opens, requesting permission to continue. 按一下繼續以繼續。Click Continue to proceed.

  4. 按一下變更Click Change. 電腦名稱日網域變更對話方塊。The Computer Name/Domain Changes dialog box opens.

  5. 電腦名稱,請在的成員、選取網域,然後輸入您想要加入的網域名稱。In Computer Name, in Member of, select Domain, and then type the name of the domain you want to join. 如果 corp.contoso.com 的網域名稱,例如,輸入corp.contoso.comFor example, if the domain name is corp.contoso.com, type corp.contoso.com.

  6. 按一下[確定]Click OK. Windows 安全性對話方塊。The Windows Security dialog box opens.

  7. 電腦名稱日網域變更,請在使用者名稱,輸入使用者名稱,並在密碼,請輸入密碼,然後按一下[確定]In Computer Name/Domain Changes, in User name, type the user name, and in Password, type the password, and then click OK. 電腦名稱日網域變更對話方塊,一則歡迎您的網域。The Computer Name/Domain Changes dialog box opens, welcoming you to the domain. 按一下[確定]Click OK.

  8. 電腦名稱日網域變更對話方塊中,會顯示訊息表示,您必須重新開機,適用於所做的變更。The Computer Name/Domain Changes dialog box displays a message indicating that you must restart the computer to apply the changes. 按一下[確定]Click OK.

  9. 系統屬性對話方塊中,於電腦名稱索引標籤上,按一下 [關閉On the System Properties dialog box, on the Computer Name tab, click Close. Microsoft Windows對話方塊中開啟,且會顯示訊息,再試一次表示,您必須重新開機,適用於所做的變更。The Microsoft Windows dialog box opens, and displays a message, again indicating that you must restart the computer to apply the changes. 按一下現在重新Click Restart Now.

Windows Server 2008 和 Windows VistaWindows Server 2008 and Windows Vista

資格在網域使用者,或相當於,才能執行此程序最小值。Membership in Domain Users, or equivalent, is the minimum required to perform this procedure.

若要加入的網域執行 Windows Server 2008 和 Windows Vista 的電腦To join computers running Windows Server 2008 and Windows Vista to the domain
  1. 登入本機電腦。Log on to the computer with the local Administrator account.

  2. 按一下[開始],以滑鼠右鍵按一下電腦,然後按一下 [屬性Click Start, right-click Computer, and then click Properties. 系統對話方塊。The System dialog box opens.

  3. 電腦名稱、網域及工作群組設定,按一下 [變更設定In Computer name, domain, and workgroup settings, click Change settings. 系統屬性對話方塊。The System Properties dialog box opens.

  4. 按一下變更Click Change. 電腦名稱日網域變更對話方塊。The Computer Name/Domain Changes dialog box opens.

  5. 電腦名稱,請在的成員、選取網域,然後輸入您想要加入的網域名稱。In Computer Name, in Member of, select Domain, and then type the name of the domain you want to join. 如果 corp.contoso.com 的網域名稱,例如,輸入corp.contoso.comFor example, if the domain name is corp.contoso.com, type corp.contoso.com.

  6. 按一下[確定]Click OK. Windows 安全性對話方塊。The Windows Security dialog box opens.

  7. 電腦名稱日網域變更,請在使用者名稱,輸入使用者名稱,並在密碼,請輸入密碼,然後按一下[確定]In Computer Name/Domain Changes, in User name, type the user name, and in Password, type the password, and then click OK. 電腦名稱日網域變更對話方塊,一則歡迎您的網域。The Computer Name/Domain Changes dialog box opens, welcoming you to the domain. 按一下[確定]Click OK.

  8. 電腦名稱日網域變更對話方塊中,會顯示訊息表示,您必須重新開機,適用於所做的變更。The Computer Name/Domain Changes dialog box displays a message indicating that you must restart the computer to apply the changes. 按一下[確定]Click OK.

  9. 系統屬性對話方塊中,於電腦名稱索引標籤上,按一下 [關閉On the System Properties dialog box, on the Computer Name tab, click Close. Microsoft Windows對話方塊中開啟,且會顯示訊息,再試一次表示,您必須重新開機,適用於所做的變更。The Microsoft Windows dialog box opens, and displays a message, again indicating that you must restart the computer to apply the changes. 按一下現在重新Click Restart Now.

附錄 D-登入網域Appendix D - Log on to the domain

您可以使用下列程序網域使用執行 Windows Server 2008 R2、Windows 7、Windows Server 2008 和 Windows Vista 的電腦登入。You can use these procedures to log on to the domain using computers running Windows Server 2008 R2, Windows 7, Windows Server 2008 , and Windows Vista.

Windows Server 2008 R2 和 Windows 7Windows Server 2008 R2 and Windows 7

資格在網域使用者,或相當於,才能執行此程序最小值。Membership in Domain Users, or equivalent, is the minimum required to perform this procedure.

登入以使用執行 Windows Server 2008 R2 或 Windows 7 的網域Log on to the domain using computers running Windows Server 2008 R2 and Windows 7
  1. 登入電腦,或重新開機。Log off the computer, or restart the computer.

  2. 按下 CTRL + ALT + DELETE。Press CTRL + ALT + DELETE. 登入畫面顯示。The logon screen appears.

  3. 按一下切換使用者,然後按其他使用者Click Switch User, and then click Other User.

  4. 的使用者名稱,輸入您的網域和使用者名稱的格式網域使用者In User name, type your domain and user name in the format domain\user. 來登入網域 corp.contoso.com 名帳號,例如使用者-01,輸入CORP\User-01For example, to log on to the domain corp.contoso.com with an account named User-01, type CORP\User-01.

  5. 密碼、輸入您的網域密碼,然後按一下箭頭,或按下 ENTER。In Password, type your domain password, and then click the arrow, or press ENTER.

Windows Server 2008 和 Windows VistaWindows Server 2008 and Windows Vista

資格在網域使用者,或相當於,才能執行此程序最小值。Membership in Domain Users, or equivalent, is the minimum required to perform this procedure.

登入以使用電腦執行的 Windows Server 2008 和 Windows Vista 的網域Log on to the domain using computers running Windows Server 2008 and Windows Vista
  1. 登入電腦,或重新開機。Log off the computer, or restart the computer.

  2. 按下 CTRL + ALT + DELETE。Press CTRL + ALT + DELETE. 登入畫面顯示。The logon screen appears.

  3. 按一下切換使用者,然後按其他使用者Click Switch User, and then click Other User.

  4. 的使用者名稱,輸入您的網域和使用者名稱的格式網域使用者In User name, type your domain and user name in the format domain\user. 來登入網域 corp.contoso.com 名帳號,例如使用者-01,輸入CORP\User-01For example, to log on to the domain corp.contoso.com with an account named User-01, type CORP\User-01.

  5. 密碼、輸入您的網域密碼,然後按一下箭頭,或按下 ENTER。In Password, type your domain password, and then click the arrow, or press ENTER.

附錄 E-核心網路規劃準備工作表Appendix E - Core Network Planning Preparation Sheet

您可以使用此網路規劃準備表收集安裝核心網路所需的資訊。You can use this Network Planning Preparation Sheet to gather the information required to install a core network. 本主題提供包含個人設定項目,您必須提供的資訊或特定值安裝或設定程序期間各伺服器電腦的資料表。This topic provides tables that contain the individual configuration items for each server computer for which you must supply information or specific values during the installation or configuration process. 每個設定的項目提供範例值。Example values are provided for each configuration item.

規劃和追蹤用途,空格是您輸入用來部署的值為每個表格中所提供。For planning and tracking purposes, spaces are provided in each table for you to enter the values used for your deployment. 如果您登入時這些表格與安全性相關的值,您應該將資訊儲存在安全的位置。If you log security-related values in these tables, you should store the information in a secure location.

下列連結,會導致本主題中的區段,可提供範例值這個節目表中顯示的部署程序相關聯的設定項目。The following links lead to the sections in this topic that provide configuration items and example values that are associated with the deployment procedures presented in this guide.

  1. Active Directory Domain Services 和 DNS 安裝Installing Active Directory Domain Services and DNS

  2. 安裝 DHCPInstalling DHCP

  3. 安裝網路原則伺服器(選擇性)Installing Network Policy Server (optional)

Active Directory Domain Services 和 DNS 安裝Installing Active Directory Domain Services and DNS

在本區段中表格列出設定項目預先安裝並安裝 Active Directory Domain Services (AD DS) 和 DNS。The tables in this section list configuration items for pre-installation and installation of Active Directory Domain Services (AD DS) and DNS.

AD DS 和 DNS 預先安裝設定項目Pre-installation configuration items for AD DS and DNS

下列表格清單預先安裝的設定項目中所述設定所有伺服器]:The following tables list pre-installation configuration items as described in Configuring All Servers:

設定項目Configuration items 範例值Example values Values
IP 位址IP address 10.0.0.210.0.0.2
子網路遮罩Subnet mask 255.255.255.0255.255.255.0
預設閘道Default gateway 10.0.0.110.0.0.1
慣用的 DNS 伺服器Preferred DNS server 127.0.0.1127.0.0.1
其他 DNS 伺服器Alternate DNS server 10.0.0.1510.0.0.15
設定項目Configuration item 範例值。Example value 值。Value
電腦名稱Computer name DC1DC1
AD DS 和 DNS 安裝設定項目AD DS and DNS installation configuration items

設定項目適用於 Windows Server Core 網路部署程序安裝 AD DS 和 DNS 新的樹系的:Configuration items for the Windows Server Core Network deployment procedure Install AD DS and DNS for a New Forest:

設定項目Configuration items 範例值Example values Values
完整的 DNS 名稱Full DNS name corp.contoso.comcorp.contoso.com
森林功能層級Forest functional level Windows Server 2003Windows Server 2003
Active Directory Domain Services 資料庫資料夾位置Active Directory Domain Services database folder location E:\Configuration\E:\Configuration\

或接受預設的位置。Or accept the default location.
Active Directory Domain Services 登入檔案的資料夾位置Active Directory Domain Services log files folder location E:\Configuration\E:\Configuration\

或接受預設的位置。Or accept the default location.
Active Directory Domain Services SYSVOL 資料夾位置Active Directory Domain Services SYSVOL folder location E:\Configuration\E:\Configuration\

或接受預設的位置Or accept the default location
Directory 還原模式系統管理員密碼Directory Restore Mode Administrator password J * p2leO4$ FJ*p2leO4$F
回應檔案名稱(選擇性)Answer file name (optional) 廣告 DS_AnswerFileAD DS_AnswerFile

設定 DNS 反向對應區域Configuring a DNS Reverse Lookup Zone

設定項目Configuration items 範例值Example values Values
時區類型:Zone type: -主要區域- Primary zone
-次要區域- Secondary zone
-Stub 區域- Stub zone
輸入區Zone type

在 Active Directory 中存放區Store the zone in Active Directory
選取- Selected
-未選取- Not selected
Active Directory 區域複寫領域Active Directory zone replication scope -到此森林中的所有 DNS 伺服器- To all DNS servers in this forest
在這個網域中的所有 DNS 伺服器地- To all DNS servers in this domain
對所有網域控制站在這個網域中- To all domain controllers in this domain
所有網域控制站在這個 directory 磁碟分割的範圍中指定地- To all domain controllers specified in the scope of this directory partition
反向尋找區域名稱Reverse lookup zone name

(IP 鍵入)(IP type)
-IPv4 反向對應區域- IPv4 Reverse Lookup Zone
-IPv6 反向對應區域- IPv6 Reverse Lookup Zone
反向尋找區域名稱Reverse lookup zone name

(網路 ID)(network ID)
10.0.010.0.0

安裝 DHCPInstalling DHCP

在本區段中表格列出預先安裝並安裝 DHCP 設定項目。The tables in this section list configuration items for pre-installation and installation of DHCP.

預先安裝的組態 DHCP 的項目Pre-installation configuration items for DHCP

下列表格清單預先安裝的設定項目中所述設定所有伺服器]:The following tables list pre-installation configuration items as described in Configuring All Servers:

設定項目Configuration items 範例值Example values Values
IP 位址IP address 10.0.0.310.0.0.3
子網路遮罩Subnet mask 255.255.255.0255.255.255.0
預設閘道Default gateway 10.0.0.110.0.0.1
慣用的 DNS 伺服器Preferred DNS server 10.0.0.210.0.0.2
其他 DNS 伺服器Alternate DNS server 10.0.0.1510.0.0.15
設定項目Configuration item 範例值。Example value 值。Value
電腦名稱Computer name DHCP1DHCP1
DHCP 安裝設定項目DHCP installation configuration items

設定項目適用於 Windows Server Core 網路部署程序安裝動態主機設定通訊協定 (DHCP):Configuration items for the Windows Server Core Network deployment procedure Install Dynamic Host Configuration Protocol (DHCP):

設定項目Configuration items 範例值Example values Values
網路連接繫結Network connect bindings 乙太網路Ethernet
DNS 伺服器設定DNS server settings DC1DC1
慣用的 DNS 伺服器的 IP 位址Preferred DNS server IP address 10.0.0.210.0.0.2
其他 DNS 伺服器的 IP 位址Alternate DNS server IP address 10.0.0.1510.0.0.15
範圍名稱Scope name Corp1Corp1
開始 IP 位址Starting IP address 10.0.0.110.0.0.1
結束 IP 位址Ending IP address 10.0.0.25410.0.0.254
子網路遮罩Subnet mask 255.255.255.0255.255.255.0
預設閘道(選擇性)Default gateway (optional) 10.0.0.110.0.0.1
租用期間Lease duration 8 天8 days
IPv6 DHCP 伺服器操作模式IPv6 DHCP server operation mode 不支援Not enabled

建立排除範圍 dhcpCreating an exclusion range in DHCP

設定項目時,建立範圍 dhcp 建立排除範圍。Configuration items to create an exclusion range while creating a scope in DHCP.

設定項目Configuration items 範例值Example values Values
範圍名稱Scope name Corp1Corp1
範圍描述Scope description 主要辦公室子網路 1Main office subnet 1
排除項目範圍 [開始] 畫面的 IP 位址Exclusion range start IP address 10.0.0.110.0.0.1
排除項目範圍結束 IP 位址Exclusion range end IP address 10.0.0.1510.0.0.15

建立新的 DHCP 領域Creating a new DHCP scope

設定項目適用於 Windows Server Core 網路部署程序建立及啟動 DHCP 新的領域:Configuration items for the Windows Server Core Network deployment procedure Create and Activate a New DHCP Scope:

設定項目Configuration items 範例值Example values Values
新的領域名稱New scope name Corp2Corp2
範圍描述Scope description 主要辦公室子網路 2Main office subnet 2
(Ip)(IP address range)

[開始] 畫面的 IP 位址Start IP address
10.0.1.110.0.1.1
(Ip)(IP address range)

結束 IP 位址End IP address
10.0.1.25410.0.1.254
長度Length 88
子網路遮罩Subnet mask 255.255.255.0255.255.255.0
(排除項目範圍)[開始] 畫面的 IP 位址(Exclusion range) Start IP address 10.0.1.110.0.1.1
排除項目範圍結束 IP 位址Exclusion range end IP address 10.0.1.1510.0.1.15
租用期間Lease duration

Days

小時Hours

分鐘Minutes
- 8- 8
- 0- 0
- 0- 0
路由器(預設閘道)Router (default gateway)

IP 位址IP address
10.0.1.110.0.1.1
家長的 DNS 網域DNS parent domain corp.contoso.comcorp.contoso.com
DNS 伺服器DNS server

IP 位址IP address
10.0.0.210.0.0.2

安裝網路原則伺服器(選擇性)Installing Network Policy Server (optional)

在本區段中表格列出預先安裝並安裝 NPS 設定項目。The tables in this section list configuration items for pre-installation and installation of NPS.

預先安裝的設定項目Pre-installation configuration items

下列三種表格列出預先安裝的設定項目中所述設定所有伺服器]:The following three tables list pre-installation configuration items as described in Configuring All Servers:

設定項目Configuration items 範例值Example values Values
IP 位址IP address 10.0.0.410.0.0.4
子網路遮罩Subnet mask 255.255.255.0255.255.255.0
預設閘道Default gateway 10.0.0.110.0.0.1
慣用的 DNS 伺服器Preferred DNS server 10.0.0.210.0.0.2
其他 DNS 伺服器Alternate DNS server 10.0.0.1510.0.0.15
設定項目Configuration item 範例值。Example value 值。Value
電腦名稱Computer name NPS1NPS1
網路原則伺服器安裝設定項目Network Policy Server installation configuration items

設定項目適用於 Windows Server Core 網路 NPS 部署程序安裝網路原則 Server (NPS)登記 NPS 伺服器預設網域中Configuration items for the Windows Server Core Network NPS deployment procedures Install Network Policy Server (NPS) and Register the NPS Server in the Default Domain.

  • 安裝和登記 NPS 需要額外的設定項目。No additional configuration items are required to install and register NPS.