![\"img\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113340-6978a29446b48.png\")
<\/p>\n\u6ce8:\u672c\u6587\u4e3a \u201cWindows Server | \u57df\u201d \u76f8\u5173\u5408\u8f91\u3002 \u82f1\u6587\u5f15\u6587,\u673a\u7ffb\u672a\u6821\u3002 \u4e2d\u6587\u5f15\u6587,\u7565\u4f5c\u91cd\u6392\u3002(\u90e8\u5206\u8d44\u6599\u6709\u70b9\u9648\u65e7) \u672a\u6574\u7406\u53bb\u91cd,\u56fe\u7247\u6e05\u6670\u5ea6\u53d7\u5f15\u6587\u539f\u56fe\u6240\u9650\u3002 \u5982\u6709\u5185\u5bb9\u5f02\u5e38,\u8bf7\u770b\u539f\u6587\u3002<\/p>\n
Domains, Trees and Forests, what now? I thought we were talking about donkeys and blueprints. \u57df\u3001\u57df\u6811\u3001\u57df\u6797,\u7a81\u7136\u8bb2\u8fd9\u4e9b\u662f\u4e3a\u4ec0\u4e48?\u6211\u8bb0\u5f97\u6211\u4eec\u4e4b\u524d\u804a\u7684\u53ef\u4e0d\u662f\u8fd9\u4e9b\u65e0\u5173\u7684\u5185\u5bb9\u3002<\/p>\n
Bear with me here, it might not fit into our last theme, but since this is the actual real terminology used by Microsoft, I\u2019d like to stick by them. \u8bf7\u8010\u5fc3\u542c\u6211\u8bb2\u89e3,\u8fd9\u4e00\u5185\u5bb9\u6216\u8bb8\u548c\u6211\u4eec\u4e0a\u4e00\u4e2a\u4e3b\u9898\u65e0\u5173,\u4f46\u8fd9\u4e9b\u662f\u5fae\u8f6f\u5b9e\u9645\u4f7f\u7528\u7684\u5b98\u65b9\u672f\u8bed,\u6211\u5e0c\u671b\u6cbf\u7528\u8fd9\u4e9b\u8868\u8ff0\u3002<\/p>\n
The Domain is basically the overall group that contains ALL the objects stored in the Active Directory database. A Domain can be hosted on 1 or multiple Domain Controllers (that thing we created previously). When using multiple Domain Controllers within 1 domain the changes to the Active Directory Database (NTDS) are replicated between all Domain Controllers. \u57df\u672c\u8d28\u4e0a\u662f\u4e00\u4e2a\u6574\u4f53\u7684\u7ec4,\u5305\u542b\u5b58\u50a8\u5728 Active Directory \u6570\u636e\u5e93\u4e2d\u7684\u6240\u6709\u5bf9\u8c61\u3002\u4e00\u4e2a\u57df\u53ef\u4ee5\u90e8\u7f72\u5728 1 \u53f0\u6216\u591a\u53f0\u57df\u63a7\u5236\u5668\u4e0a(\u5c31\u662f\u6211\u4eec\u4e4b\u524d\u521b\u5efa\u7684\u670d\u52a1\u7aef)\u3002\u5f53\u5728 1 \u4e2a\u57df\u4e2d\u90e8\u7f72\u591a\u53f0\u57df\u63a7\u5236\u5668\u65f6,\u5bf9 Active Directory \u6570\u636e\u5e93(NTDS)\u6240\u505a\u7684\u6240\u6709\u66f4\u6539\u90fd\u4f1a\u5728\u6240\u6709\u57df\u63a7\u5236\u5668\u4e4b\u95f4\u8fdb\u884c\u590d\u5236\u3002<\/p>\n
<\/p>\n
This is a singular domain \u8fd9\u662f\u4e00\u4e2a\u5355\u57df<\/p>\n
Regardless of how big your AD becomes or on how many locations in the world its located, when possible (the scalability\/limits are pretty huge.), and I can\u2019t stress this enough, you want to use a singular Domain since it simplifies AD management a ton. However this sadly isn\u2019t always possible due to support for other versions Active Directory servers (Functional Levels) or corporate shenanigans\/politics. \u65e0\u8bba\u4f60\u7684 AD \u89c4\u6a21\u53d8\u5f97\u591a\u5927,\u4e5f\u65e0\u8bba\u5176\u90e8\u7f72\u5728\u5168\u7403\u591a\u5c11\u4e2a\u5730\u70b9,\u5728\u6761\u4ef6\u5141\u8bb8\u7684\u60c5\u51b5\u4e0b(AD \u7684\u53ef\u6269\u5c55\u6027\u548c\u4e0a\u9650\u6570\u503c\u90fd\u975e\u5e38\u9ad8),\u6211\u5fc5\u987b\u53cd\u590d\u5f3a\u8c03,\u5efa\u8bae\u4f7f\u7528\u5355\u57df\u67b6\u6784,\u56e0\u4e3a\u8fd9\u80fd\u6781\u5927\u7b80\u5316 AD \u7684\u7ba1\u7406\u5de5\u4f5c\u3002\u4f46\u9057\u61be\u7684\u662f,\u7531\u4e8e\u9700\u8981\u517c\u5bb9\u5176\u4ed6\u7248\u672c\u7684 Active Directory \u670d\u52a1\u5668(\u529f\u80fd\u7ea7\u522b),\u6216\u662f\u53d7\u4f01\u4e1a\u5185\u90e8\u7684\u5404\u7c7b\u8003\u91cf\u4e0e\u7ec4\u7ec7\u67b6\u6784\u5f71\u54cd,\u5355\u57df\u67b6\u6784\u5e76\u975e\u603b\u80fd\u5b9e\u73b0\u3002<\/p>\n
There\u2019s also this concept called a Enhanced Security Administrative Environment (ESAE), also known as a Red Forest which Microsoft released after NotPetya hit the world. If implemented correctly this greatly reduces known attack vectors in AD, but its way too complicated to cover during this stage of the guide. \u8fd8\u6709\u4e00\u4e2a\u6982\u5ff5\u540d\u4e3a\u589e\u5f3a\u5b89\u5168\u7ba1\u7406\u73af\u5883(ESAE),\u4e5f\u88ab\u79f0\u4f5c\u7ea2\u6797,\u662f\u5fae\u8f6f\u5728 NotPetya \u52d2\u7d22\u75c5\u6bd2\u5e2d\u5377\u5168\u7403\u540e\u63a8\u51fa\u7684\u67b6\u6784\u3002\u82e5\u914d\u7f6e\u5f97\u5f53,\u8be5\u67b6\u6784\u80fd\u5927\u5e45\u51cf\u5c11 AD \u4e2d\u5df2\u77e5\u7684\u653b\u51fb\u5411\u91cf,\u4f46\u5176\u5b9e\u73b0\u903b\u8f91\u8fc7\u4e8e\u590d\u6742,\u672c\u6307\u5357\u73b0\u9636\u6bb5\u6682\u4e0d\u5c55\u5f00\u8bb2\u89e3\u3002<\/p>\n
Let\u2019s say that \u2018Threepwood\u2019s Fine Leather Jackets and Pirate Paraphernalia\u2019 wants all the Office monkeys to work in their own Child Domain. Why would they want that? I have no idea. Let\u2019s just settle it under \u2018Corporate Shenanigans\u2019. This would look something like this. \u5047\u8bbe\u4e00\u5bb6\u540d\u4e3a\u201c\u601d\u91cc\u666e\u4f0d\u5fb7\u4f18\u8d28\u76ae\u5939\u514b\u4e0e\u6d77\u76d7\u7528\u54c1\u5e97\u201d\u7684\u4f01\u4e1a,\u5e0c\u671b\u6240\u6709\u529e\u516c\u4eba\u5458\u90fd\u5728\u72ec\u7acb\u7684\u5b50\u57df\u4e2d\u5f00\u5c55\u5de5\u4f5c\u3002\u81f3\u4e8e\u4f01\u4e1a\u4e3a\u4f55\u4f1a\u6709\u8fd9\u6837\u7684\u9700\u6c42,\u6211\u4eec\u65e0\u4ece\u5f97\u77e5,\u59d1\u4e14\u5c06\u5176\u5f52\u4e3a\u201c\u4f01\u4e1a\u5185\u90e8\u7684\u7279\u6b8a\u8003\u91cf\u201d\u3002\u8be5\u67b6\u6784\u7684\u5448\u73b0\u5f62\u5f0f\u5982\u4e0b\u3002<\/p>\n
![\"img\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113340-6978a29474b1a.png\")
<\/p>\n
This is a Root Domain with a Child Domain \u8fd9\u662f\u4e00\u4e2a\u5305\u542b\u5b50\u57df\u7684\u6839\u57df<\/p>\n
When you have a child domain within the same Root Domain it is referred to \u2018being in the same Tree\u2019. They are however still separate domains. Each Domain needs at least 1 separate Domain Controller. This means that each Domain in a Tree has its own Active Directory Database (NTDS) with its own objects such users, groups etc. \u5f53\u540c\u4e00\u6839\u57df\u4e0b\u5b58\u5728\u5b50\u57df\u65f6,\u8fd9\u4e9b\u57df\u88ab\u79f0\u4f5c\u201c\u5904\u4e8e\u540c\u4e00\u57df\u6811\u4e2d\u201d\u3002\u4f46\u5b83\u4eec\u4f9d\u65e7\u662f\u76f8\u4e92\u72ec\u7acb\u7684\u57df,\u6bcf\u4e2a\u57df\u90fd\u81f3\u5c11\u9700\u8981 1 \u53f0\u72ec\u7acb\u7684\u57df\u63a7\u5236\u5668\u3002\u8fd9\u610f\u5473\u7740,\u57df\u6811\u4e2d\u7684\u6bcf\u4e2a\u57df\u90fd\u62e5\u6709\u72ec\u7acb\u7684 Active Directory \u6570\u636e\u5e93(NTDS),\u5e76\u5b58\u50a8\u7740\u4e13\u5c5e\u7684\u7528\u6237\u3001\u7ec4\u7b49\u5bf9\u8c61\u3002<\/p>\n
![\"img\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113340-6978a2948c1a3.png\")
<\/p>\n
This is what the Tree looks like. \u8fd9\u662f\u57df\u6811\u7684\u5448\u73b0\u5f62\u5f0f\u3002<\/p>\n
A tree can consist of multiple child domains, they can even be inherited from each other, but there can only be 1 Root Domain, this is also referred to as the Tree Root. The advantage of creating these child domains from the Tree Root is that there is a trust created between each of the domains. This means that users from monkeys child domain can access resources in the pirates child domain, if they would have the appropriate rights to that resource of course. \u4e00\u4e2a\u57df\u6811\u53ef\u4ee5\u5305\u542b\u591a\u4e2a\u5b50\u57df,\u8fd9\u4e9b\u5b50\u57df\u751a\u81f3\u53ef\u4ee5\u5c42\u5c42\u5d4c\u5957,\u4f46\u4e00\u4e2a\u57df\u6811\u4e2d\u53ea\u80fd\u6709 1 \u4e2a\u6839\u57df,\u8be5\u6839\u57df\u4e5f\u88ab\u79f0\u4f5c\u57df\u6811\u6839\u3002\u4ece\u57df\u6811\u6839\u521b\u5efa\u5b50\u57df\u7684\u4f18\u52bf\u5728\u4e8e,\u5404\u57df\u4e4b\u95f4\u4f1a\u81ea\u52a8\u5efa\u7acb\u4fe1\u4efb\u5173\u7cfb\u3002\u8fd9\u610f\u5473\u7740,monkeys\u5b50\u57df\u4e2d\u7684\u7528\u6237,\u82e5\u62e5\u6709\u76f8\u5e94\u7684\u8d44\u6e90\u8bbf\u95ee\u6743\u9650,\u5373\u53ef\u8bbf\u95eepirates\u5b50\u57df\u4e2d\u7684\u8d44\u6e90\u3002<\/p>\n
![\"img\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113340-6978a294a46a3.png\")
<\/p>\n
Domains can have multiple child domains, including child domains themselves \u57df\u53ef\u4ee5\u62e5\u6709\u591a\u4e2a\u5b50\u57df,\u5b50\u57df\u4e5f\u53ef\u518d\u5305\u542b\u4e0b\u7ea7\u5b50\u57df<\/p>\n
Now let\u2019s say that over time the TFLJPP company grows and acquires another company, \u2018Wally B. Feed Cartography and Co\u2019. The acquired company already has an AD configured with their own Tree. You could migrate over all the users\/systems from this over to your Tree, but this can be a daunting and time-consuming task. So, what we can do is add their Tree to our Forest. Doing this adds a trust between these two tree\u2019s. This means that, like with child domains, access to resources can now be shared cross company. \u5047\u8bbe\u968f\u7740\u65f6\u95f4\u63a8\u79fb,TFLJPP \u516c\u53f8\u4e0d\u65ad\u53d1\u5c55,\u5e76\u6536\u8d2d\u4e86\u53e6\u4e00\u5bb6\u540d\u4e3a\u201c\u6c83\u5229 B \u9972\u6599\u5236\u56fe\u516c\u53f8\u201d\u7684\u4f01\u4e1a\u3002\u88ab\u6536\u8d2d\u7684\u4f01\u4e1a\u5df2\u914d\u7f6e\u597d AD,\u5e76\u62e5\u6709\u72ec\u7acb\u7684\u57df\u6811\u3002\u4f60\u53ef\u4ee5\u5c06\u8be5\u4f01\u4e1a\u6240\u6709\u7684\u7528\u6237\u548c\u7cfb\u7edf\u8fc1\u79fb\u81f3\u81ea\u8eab\u7684\u57df\u6811\u4e2d,\u4f46\u8fd9\u4e00\u64cd\u4f5c\u7e41\u7410\u4e14\u8017\u65f6\u3002\u56e0\u6b64,\u53e6\u4e00\u79cd\u65b9\u6848\u662f\u5c06\u5bf9\u65b9\u7684\u57df\u6811\u52a0\u5165\u81ea\u8eab\u7684\u57df\u6797\u4e2d,\u64cd\u4f5c\u540e\u4e24\u4e2a\u57df\u6811\u4e4b\u95f4\u4f1a\u5efa\u7acb\u4fe1\u4efb\u5173\u7cfb\u3002\u8fd9\u610f\u5473\u7740,\u548c\u5b50\u57df\u95f4\u7684\u8d44\u6e90\u8bbf\u95ee\u903b\u8f91\u4e00\u81f4,\u4e24\u5bb6\u4f01\u4e1a\u4e4b\u95f4\u4e5f\u53ef\u4ee5\u5b9e\u73b0\u8d44\u6e90\u5171\u4eab\u3002<\/p>\n
![\"img\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113340-6978a294d8cf9.png\")
<\/p>\n
This is what a Forest looks like with multiple Tree\u2019s \u8fd9\u662f\u5305\u542b\u591a\u4e2a\u57df\u6811\u7684\u57df\u6797\u5448\u73b0\u5f62\u5f0f\u3002<\/p>\n
There are actually other types of trusts, such as shortcut, forest, external and realm trusts. Each with different characteristics (Transitive vs. Non-Transitive), direction types (One-way or Two-way) and authentication mechanism (Kerberos <\/p>\n V <\/p>\n 5 <\/p>\n V5 <\/p>\n <\/span><\/span>V<\/span>5<\/span><\/span><\/span><\/span><\/span> or NTLM). I will not go into details here since if I were to cover it fully it would require a lot more of preexisting knowledge of AD internals such as NTLM and Kerberos, which are even heavy topics to cover on their own. Just remember that I generally recommend against multiple domains\/tree\u2019s\/forest and trusts due the added complexity and security risks, unless you truly understand what you are doing\/are building a Red Forest. \u5b9e\u9645\u4e0a,\u4fe1\u4efb\u5173\u7cfb\u8fd8\u6709\u5176\u4ed6\u7c7b\u578b,\u4f8b\u5982\u5feb\u6377\u4fe1\u4efb\u3001\u6797\u4fe1\u4efb\u3001\u5916\u90e8\u4fe1\u4efb\u548c\u9886\u57df\u4fe1\u4efb\u3002\u4e0d\u540c\u7c7b\u578b\u7684\u4fe1\u4efb\u5173\u7cfb\u5177\u5907\u4e0d\u540c\u7684\u7279\u6027(\u53ef\u4f20\u9012\u4e0e\u4e0d\u53ef\u4f20\u9012)\u3001\u65b9\u5411\u7c7b\u578b(\u5355\u5411\u6216\u53cc\u5411)\u548c\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236(Kerberos <\/p>\n V <\/p>\n 5 <\/p>\n V5 <\/p>\n <\/span><\/span>V<\/span>5<\/span><\/span><\/span><\/span><\/span> \u6216 NTLM)\u3002\u8fd9\u91cc\u6682\u4e0d\u5c55\u5f00\u8bb2\u89e3,\u56e0\u4e3a\u8981\u5168\u9762\u4ecb\u7ecd\u8fd9\u4e9b\u5185\u5bb9,\u9700\u8981\u8bfb\u8005\u5177\u5907\u5927\u91cf AD \u5e95\u5c42\u7684\u524d\u7f6e\u77e5\u8bc6,\u800c NTLM \u548c Kerberos \u672c\u8eab\u5c31\u662f\u4e24\u4e2a\u5e9e\u5927\u7684\u77e5\u8bc6\u70b9\u3002\u53ea\u9700\u8bb0\u4f4f,\u6211\u901a\u5e38\u4e0d\u5efa\u8bae\u90e8\u7f72\u591a\u57df\u3001\u591a\u57df\u6811\u3001\u591a\u57df\u6797\u53ca\u590d\u6742\u7684\u4fe1\u4efb\u5173\u7cfb,\u56e0\u4e3a\u8fd9\u4f1a\u589e\u52a0\u67b6\u6784\u7684\u590d\u6742\u6027\u548c\u5b89\u5168\u98ce\u9669,\u9664\u975e\u4f60\u5bf9\u76f8\u5173\u64cd\u4f5c\u6709\u6e05\u6670\u7684\u8ba4\u77e5,\u6216\u662f\u6b63\u5728\u642d\u5efa\u7ea2\u6797\u67b6\u6784\u3002<\/p>\n A forest can encompass multiple domains and trees into 1 structure but doesn\u2019t have to. We already created a Forest and a tree when we setup Active Directory. These are created automatically. \u57df\u6797\u53ef\u5c06\u591a\u4e2a\u57df\u548c\u57df\u6811\u6574\u5408\u4e3a 1 \u4e2a\u67b6\u6784,\u4f46\u5e76\u975e\u5fc5\u987b\u5982\u6b64\u3002\u6211\u4eec\u5728\u642d\u5efa Active Directory \u7684\u8fc7\u7a0b\u4e2d,\u5df2\u7ecf\u81ea\u52a8\u521b\u5efa\u4e86\u4e00\u4e2a\u57df\u6797\u548c\u4e00\u4e2a\u57df\u6811\u3002<\/p>\n This what a setup with a singular domain actually looks like. \u8fd9\u662f\u5355\u57df\u67b6\u6784\u7684\u5b9e\u9645\u642d\u5efa\u5448\u73b0\u5f62\u5f0f\u3002<\/p>\n Posted on 11\/04\/2020 By Christian<\/p>\n In this article, we will discuss \u201cActive Directory Forest \u2013 Trees and Domain and Sites\u201d. Active Directory (AD) is a directory service developed by Microsoft for the Windows domain environment. AD forest is the top container in an Active Directory setup that contains domains, users, computers, and group policies. \u672c\u6587\u5c06\u8bb2\u89e3\u201cActive Directory \u57df\u6797\u2014\u2014\u57df\u6811\u3001\u57df\u4e0e\u7ad9\u70b9\u201d\u76f8\u5173\u5185\u5bb9\u3002Active Directory(AD)\u662f\u5fae\u8f6f\u4e3a Windows \u57df\u73af\u5883\u5f00\u53d1\u7684\u4e00\u6b3e\u76ee\u5f55\u670d\u52a1,\u57df\u6797\u662f Active Directory \u67b6\u6784\u4e2d\u7684\u9876\u7ea7\u5bb9\u5668,\u5176\u4e2d\u5305\u542b\u57df\u3001\u7528\u6237\u3001\u8ba1\u7b97\u673a\u548c\u7ec4\u7b56\u7565\u3002<\/p>\n The Active Directory structure is built on the domain level. The framework that holds the objects can be viewed at different levels namely forest, domain trees, and domains. An Active Directory framework can have more than one domain, and the above tiers are referred to as a forest. Active Directory \u7684\u67b6\u6784\u4ee5\u57df\u4e3a\u57fa\u7840\u5c42\u7ea7\u6784\u5efa,\u5b58\u50a8\u5bf9\u8c61\u7684\u6846\u67b6\u53ef\u5206\u4e3a\u4e0d\u540c\u5c42\u7ea7,\u5373\u57df\u6797\u3001\u57df\u6811\u548c\u57df\u3002\u4e00\u4e2a Active Directory \u67b6\u6784\u4e2d\u53ef\u5305\u542b\u591a\u4e2a\u57df,\u8fd9\u4e9b\u5c42\u7ea7\u5171\u540c\u6784\u6210\u7684\u6574\u4f53\u88ab\u79f0\u4f5c\u57df\u6797\u3002<\/p>\n Note: Under each domain, you can have as many trees as possible. Having an Active Directory environment of this nature can create autonomy and segregation of duty thereby increasing security and if not configured correctly. It can also lead to exploitation in the Active Directory environment. \u6ce8:\u6bcf\u4e2a\u57df\u4e0b\u53ef\u521b\u5efa\u591a\u4e2a\u57df\u6811\u3002\u6b64\u7c7b Active Directory \u73af\u5883\u80fd\u5b9e\u73b0\u6743\u9650\u81ea\u6cbb\u548c\u804c\u8d23\u5206\u79bb,\u8fdb\u800c\u63d0\u5347\u5b89\u5168\u6027;\u4f46\u5982\u679c\u914d\u7f6e\u4e0d\u5f53,\u4e5f\u4f1a\u6210\u4e3a Active Directory \u73af\u5883\u4e2d\u88ab\u653b\u51fb\u5229\u7528\u7684\u6f0f\u6d1e\u3002<\/p>\n Within a deployment, objects are grouped into domains as shown in the below diagram. The objects for a single domain are stored in a single database (which can be replicated). Domains are identified by their DNS name structure, (namespace). \u5728\u5b9e\u9645\u90e8\u7f72\u4e2d,\u5bf9\u8c61\u4f1a\u6309\u57df\u8fdb\u884c\u5206\u7ec4,\u5982\u4e0b\u56fe\u6240\u793a\u3002\u5355\u4e2a\u57df\u7684\u6240\u6709\u5bf9\u8c61\u5b58\u50a8\u5728\u4e00\u4e2a\u72ec\u7acb\u7684\u6570\u636e\u5e93\u4e2d(\u8be5\u6570\u636e\u5e93\u652f\u6301\u590d\u5236),\u57df\u901a\u8fc7\u81ea\u8eab\u7684 DNS \u540d\u79f0\u7ed3\u6784(\u547d\u540d\u7a7a\u95f4)\u8fdb\u884c\u6807\u8bc6\u3002<\/p>\n Active Directory Forest: A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, computers, groups, and other objects are accessible. Active Directory \u57df\u6797:\u57df\u6797\u662f\u591a\u4e2a\u57df\u6811\u7684\u96c6\u5408,\u8fd9\u4e9b\u57df\u6811\u5171\u4eab\u7edf\u4e00\u7684\u5168\u5c40\u7f16\u5f55\u3001\u76ee\u5f55\u67b6\u6784\u3001\u903b\u8f91\u7ed3\u6784\u548c\u76ee\u5f55\u914d\u7f6e\u3002\u57df\u6797\u662f\u4e00\u4e2a\u5b89\u5168\u8fb9\u754c,\u8be5\u8fb9\u754c\u5185\u7684\u7528\u6237\u3001\u8ba1\u7b97\u673a\u3001\u7ec4\u548c\u5176\u4ed6\u5bf9\u8c61\u53ef\u5b9e\u73b0\u76f8\u4e92\u8bbf\u95ee\u3002<\/p>\n A forest is a collection of one or more domains that may have one or more trees. What makes a forest unique is that it shares the same schema. The schema defines what and how Active Directory objects are stored. \u57df\u6797\u662f\u4e00\u4e2a\u6216\u591a\u4e2a\u57df\u7684\u96c6\u5408,\u5176\u4e2d\u53ef\u5305\u542b\u4e00\u4e2a\u6216\u591a\u4e2a\u57df\u6811\u3002\u57df\u6797\u7684\u72ec\u7279\u6027\u5728\u4e8e,\u6797\u5185\u6240\u6709\u57df\u5171\u4eab\u540c\u4e00\u76ee\u5f55\u67b6\u6784,\u8be5\u67b6\u6784\u5b9a\u4e49\u4e86 Active Directory \u5bf9\u8c61\u7684\u5b58\u50a8\u7c7b\u578b\u548c\u5b58\u50a8\u65b9\u5f0f\u3002<\/p>\n A forest is a group of trees that do not share a contiguous namespace. \u57df\u6797\u662f\u7531\u591a\u4e2a\u4e0d\u5171\u4eab\u8fde\u7eed\u547d\u540d\u7a7a\u95f4\u7684\u57df\u6811\u7ec4\u6210\u7684\u96c6\u5408\u3002<\/p>\n Active Directory Domain: A domain is defined as a logical group of network objects (computers, users, devices) that share the same Active Directory database. Active Directory \u57df:\u57df\u662f\u7f51\u7edc\u5bf9\u8c61(\u8ba1\u7b97\u673a\u3001\u7528\u6237\u3001\u8bbe\u5907)\u7684\u903b\u8f91\u5206\u7ec4,\u540c\u4e00\u57df\u4e2d\u7684\u6240\u6709\u5bf9\u8c61\u5171\u4eab\u540c\u4e00\u4e2a Active Directory \u6570\u636e\u5e93\u3002<\/p>\n When you add a domain to an existing tree, the new domain is a child domain of an existing parent domain. \u5f53\u5411\u73b0\u6709\u57df\u6811\u4e2d\u6dfb\u52a0\u65b0\u57df\u65f6,\u8be5\u65b0\u57df\u5c06\u6210\u4e3a\u73b0\u6709\u7236\u57df\u7684\u5b50\u57df\u3002<\/p>\n Active Directory Tree: A tree is a collection of one or more domains and domain trees in a contiguous namespace and is linked in a transitive trust hierarchy. When you have multiple domains in the same namespace (e.g., techdirect.local, zone.techdirect.local), they are considered to be in the same tree. The tree also supports multiple levels of domains. Active Directory \u57df\u6811:\u57df\u6811\u662f\u4e00\u4e2a\u6216\u591a\u4e2a\u57df\/\u5b50\u57df\u6811\u7684\u96c6\u5408,\u8fd9\u4e9b\u57df\u5171\u4eab\u8fde\u7eed\u7684\u547d\u540d\u7a7a\u95f4,\u5e76\u901a\u8fc7\u53ef\u4f20\u9012\u4fe1\u4efb\u5c42\u6b21\u7ed3\u6784\u76f8\u4e92\u5173\u8054\u3002\u5f53\u591a\u4e2a\u57df\u5904\u4e8e\u540c\u4e00\u547d\u540d\u7a7a\u95f4\u4e2d\u65f6(\u4f8b\u5982techdirect.local\u3001zone.techdirect.local),\u8fd9\u4e9b\u57df\u88ab\u89c6\u4f5c\u5904\u4e8e\u540c\u4e00\u57df\u6811\u4e2d\u3002\u57df\u6811\u540c\u65f6\u652f\u6301\u591a\u5c42\u7ea7\u7684\u57df\u5d4c\u5957\u3002<\/p>\n A tree is a hierarchical arrangement of Windows domains that share a contiguous namespace. \u57df\u6811\u662f\u5171\u4eab\u8fde\u7eed\u547d\u540d\u7a7a\u95f4\u7684 Windows \u57df\u7684\u5c42\u7ea7\u5316\u7ec4\u7ec7\u5f62\u5f0f\u3002<\/p>\n Parent and child domains are automatically linked by the trust. Users in different domains can use these trusts to access resources in another domain assuming that they have access. \u7236\u57df\u548c\u5b50\u57df\u4e4b\u95f4\u4f1a\u81ea\u52a8\u5efa\u7acb\u4fe1\u4efb\u5173\u7cfb,\u4e0d\u540c\u57df\u4e2d\u7684\u7528\u6237,\u82e5\u62e5\u6709\u76f8\u5e94\u6743\u9650,\u53ef\u901a\u8fc7\u8be5\u4fe1\u4efb\u5173\u7cfb\u8bbf\u95ee\u5176\u4ed6\u57df\u4e2d\u7684\u8d44\u6e90\u3002<\/p>\n Trees in the forest are linked together via a trust automatically. This ensures that any users in any domain in the forest can access any resource in the forest to which they have access. \u57df\u6797\u4e2d\u7684\u5404\u4e2a\u57df\u6811\u4e4b\u95f4\u4e5f\u4f1a\u81ea\u52a8\u5efa\u7acb\u4fe1\u4efb\u5173\u7cfb,\u8fd9\u786e\u4fdd\u4e86\u57df\u6797\u4e2d\u4efb\u610f\u57df\u7684\u7528\u6237,\u90fd\u80fd\u8bbf\u95ee\u6797\u5185\u6240\u6709\u62e5\u6709\u6743\u9650\u7684\u8d44\u6e90\u3002<\/p>\n Global Catalog In order for users to find resources in any domain in the forest (remember that each domain has a separate database). Domain Controllers can be made into Global Catalog Servers. A Global Catalog Server contains partial information about every object in the forest. Using this information, the user can conduct searches. \u5168\u5c40\u7f16\u5f55:\u4e3a\u4e86\u8ba9\u7528\u6237\u80fd\u67e5\u627e\u57df\u6797\u4e2d\u4efb\u610f\u57df\u7684\u8d44\u6e90(\u9700\u6ce8\u610f\u6bcf\u4e2a\u57df\u90fd\u6709\u72ec\u7acb\u7684\u6570\u636e\u5e93),\u53ef\u5c06\u57df\u63a7\u5236\u5668\u914d\u7f6e\u4e3a\u5168\u5c40\u7f16\u5f55\u670d\u52a1\u5668\u3002\u5168\u5c40\u7f16\u5f55\u670d\u52a1\u5668\u5b58\u50a8\u7740\u57df\u6797\u4e2d\u6240\u6709\u5bf9\u8c61\u7684\u90e8\u5206\u5c5e\u6027\u4fe1\u606f,\u7528\u6237\u53ef\u901a\u8fc7\u8fd9\u4e9b\u4fe1\u606f\u5b9e\u73b0\u8de8\u57df\u8d44\u6e90\u68c0\u7d22\u3002<\/p>\n<\/li>\n Trust relationship: A logical relationship established between domains that allow pass-through authentication. Providing for users in a trusted domain to access resources in a trusting domain without having a user account in the trusting domain. \u4fe1\u4efb\u5173\u7cfb:\u57df\u4e4b\u95f4\u5efa\u7acb\u7684\u4e00\u79cd\u903b\u8f91\u5173\u7cfb,\u652f\u6301\u76f4\u901a\u5f0f\u8eab\u4efd\u9a8c\u8bc1\u3002\u53d7\u4fe1\u4efb\u57df\u4e2d\u7684\u7528\u6237,\u65e0\u9700\u5728\u4fe1\u4efb\u57df\u4e2d\u521b\u5efa\u8d26\u6237,\u5373\u53ef\u8bbf\u95ee\u4fe1\u4efb\u57df\u4e2d\u7684\u8d44\u6e90\u3002<\/p>\n<\/li>\n Organizational units (OU) are containers that hold other Active Directory objects like users, computers, printers, shared folders, and even other organizational Units. The advantage of OU is that it can be used to set security policies and delegate administrative control. \u7ec4\u7ec7\u5355\u5143(OU):\u7528\u4e8e\u5b58\u50a8 Active Directory \u5bf9\u8c61\u7684\u5bb9\u5668,\u53ef\u5b58\u653e\u7528\u6237\u3001\u8ba1\u7b97\u673a\u3001\u6253\u5370\u673a\u3001\u5171\u4eab\u6587\u4ef6\u5939,\u751a\u81f3\u5176\u4ed6\u7ec4\u7ec7\u5355\u5143\u3002\u7ec4\u7ec7\u5355\u5143\u7684\u4f18\u52bf\u5728\u4e8e,\u53ef\u901a\u8fc7\u5176\u914d\u7f6e\u5b89\u5168\u7b56\u7565\u5e76\u59d4\u6d3e\u7ba1\u7406\u6743\u9650\u3002<\/p>\n<\/li>\n<\/ul>\n There will be many occasions in which you will need to create additional domains. Multiple domains are useful when you are dealing with \u5b9e\u9645\u90e8\u7f72\u4e2d,\u5b58\u5728\u591a\u79cd\u9700\u8981\u521b\u5efa\u989d\u5916\u57df\u7684\u573a\u666f,\u4ee5\u4e0b\u60c5\u51b5\u4e2d,\u591a\u57df\u67b6\u6784\u4f1a\u66f4\u5177\u5b9e\u7528\u6027:<\/p>\n Different password requirements between organizations \u4e0d\u540c\u7ec4\u7ec7\u5b58\u5728\u4e0d\u540c\u7684\u5bc6\u7801\u7b56\u7565\u8981\u6c42<\/p>\n<\/li>\n Large numbers of objects \u57df\u5185\u5bf9\u8c61\u6570\u91cf\u89c4\u6a21\u8fc7\u5927<\/p>\n<\/li>\n Different internet domain names \u62e5\u6709\u4e0d\u540c\u7684\u516c\u7f51\u57df\u540d<\/p>\n<\/li>\n Better control of replication, and \u66f4\u4fbf\u4e8e\u63a7\u5236\u590d\u5236\u6d41\u91cf<\/p>\n<\/li>\n Decentralized network administration \u5b9e\u73b0\u5206\u6563\u5f0f\u7684\u7f51\u7edc\u7ba1\u7406<\/p>\n<\/li>\n<\/ul>\n In order for you to decide whether to create multiple domains and how to use them to the best effect. You need to have a clear understanding of the relationship between trees and forests, known as a trust relationship. \u82e5\u8981\u5224\u65ad\u662f\u5426\u9700\u8981\u521b\u5efa\u591a\u57df\u67b6\u6784,\u4ee5\u53ca\u5982\u4f55\u6700\u5927\u5316\u53d1\u6325\u591a\u57df\u67b6\u6784\u7684\u4f5c\u7528,\u4f60\u9700\u8981\u6e05\u6670\u7406\u89e3\u57df\u6811\u548c\u57df\u6797\u4e4b\u95f4\u7684\u4fe1\u4efb\u5173\u7cfb\u3002<\/p>\n While forests, trees, and domains are all logical grouping of objects, the physical grouping of objects is made possible using a site. \u57df\u6797\u3001\u57df\u6811\u548c\u57df\u5747\u662f\u5bf9\u5bf9\u8c61\u7684\u903b\u8f91\u5206\u7ec4,\u800c\u7ad9\u70b9\u5219\u662f\u5bf9\u5bf9\u8c61\u7684\u7269\u7406\u5206\u7ec4\u3002<\/p>\n A site group objects based on IP addresses. Hence it cannot span across different physical locations. For example, if there are various branches of your organization located at different places, each location can be identified using a site. \u7ad9\u70b9\u57fa\u4e8e IP \u5730\u5740\u5bf9\u5bf9\u8c61\u8fdb\u884c\u5206\u7ec4,\u56e0\u6b64\u4e00\u4e2a\u7ad9\u70b9\u65e0\u6cd5\u8de8\u591a\u4e2a\u7269\u7406\u4f4d\u7f6e\u3002\u4f8b\u5982,\u82e5\u4f01\u4e1a\u5728\u4e0d\u540c\u5730\u533a\u8bbe\u6709\u5206\u652f\u673a\u6784,\u6bcf\u4e2a\u5206\u652f\u673a\u6784\u53ef\u5355\u72ec\u914d\u7f6e\u4e3a\u4e00\u4e2a\u7ad9\u70b9\u3002<\/p>\n A site is mainly used for replication and traffic control purposes. It is important to understand that sites and domains are not interrelated. A site can contain multiple domains and a single domain could span across multiple sites. \u7ad9\u70b9\u7684\u4e3b\u8981\u4f5c\u7528\u662f\u63a7\u5236\u590d\u5236\u884c\u4e3a\u548c\u7f51\u7edc\u6d41\u91cf\u3002\u9700\u8981\u660e\u786e\u7684\u662f,\u7ad9\u70b9\u548c\u57df\u4e4b\u95f4\u4e0d\u5b58\u5728\u5173\u8054\u5173\u7cfb,\u4e00\u4e2a\u7ad9\u70b9\u4e2d\u53ef\u5305\u542b\u591a\u4e2a\u57df,\u4e00\u4e2a\u57df\u4e5f\u53ef\u8de8\u591a\u4e2a\u7ad9\u70b9\u90e8\u7f72\u3002<\/p>\n I hope you found this blog post on \u201cActive Directory Forest \u2013 Trees and Domain and Sites\u201d helpful. If you have any questions, please let me know in the comment section. \u5e0c\u671b\u8fd9\u7bc7\u5173\u4e8e\u201cActive Directory \u57df\u6797\u2014\u2014\u57df\u6811\u3001\u57df\u4e0e\u7ad9\u70b9\u201d\u7684\u535a\u6587\u80fd\u4e3a\u4f60\u63d0\u4f9b\u5e2e\u52a9\u3002\u82e5\u6709\u4efb\u4f55\u95ee\u9898,\u53ef\u5728\u8bc4\u8bba\u533a\u7559\u8a00\u3002<\/p>\n Posted on 30\/11\/2021 By Imoh Etuk<\/p>\n In this write-up, I will take you through the step-by-step guide on how to install and configure Active Directory Domain Services on Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span>. Before we delve into the hands-on session of this write-up, let\u2019s take a look at some of the amazing new features that Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> brings. A quick peep into when Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> was released as it that a preview program started in March <\/p>\n 2021 <\/p>\n 2021 <\/p>\n <\/span><\/span>2021<\/span><\/span><\/span><\/span><\/span>. \u672c\u6587\u5c06\u4e3a\u4f60\u9010\u6b65\u8bb2\u89e3 Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> \u4e2d Active Directory \u57df\u670d\u52a1(AD DS)\u7684\u5b89\u88c5\u548c\u914d\u7f6e\u65b9\u6cd5\u3002\u5728\u8fdb\u5165\u5b9e\u64cd\u73af\u8282\u524d,\u6211\u4eec\u5148\u4e86\u89e3\u4e00\u4e0b Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> \u5e26\u6765\u7684\u5168\u65b0\u7279\u6027,\u540c\u65f6\u7b80\u5355\u4ecb\u7ecd\u5176\u53d1\u5e03\u65f6\u95f4:\u8be5\u7cfb\u7edf\u7684\u9884\u89c8\u7248\u4e8e <\/p>\n 2021 <\/p>\n 2021 <\/p>\n <\/span><\/span>2021<\/span><\/span><\/span><\/span><\/span>\u5e74 3 \u6708\u63a8\u51fa\u3002<\/p>\n Note: The general availability of Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> was announced on 1 September <\/p>\n 2021 <\/p>\n 2021 <\/p>\n <\/span><\/span>2021<\/span><\/span><\/span><\/span><\/span>, with a launch event as part of the Windows Server Summit on 16 September. \u6ce8:Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> \u7684\u6b63\u5f0f\u7248\u4e8e <\/p>\n 2021 <\/p>\n 2021 <\/p>\n <\/span><\/span>2021<\/span><\/span><\/span><\/span><\/span>\u5e74 9 \u6708 1 \u65e5\u5b98\u5ba3\u53d1\u5e03,\u5e76\u5728 <\/p>\n 2021 <\/p>\n 2021 <\/p>\n <\/span><\/span>2021<\/span><\/span><\/span><\/span><\/span>\u5e74 9 \u6708 16 \u65e5\u7684 Windows Server \u5cf0\u4f1a\u4e2d\u4e3e\u529e\u4e86\u53d1\u5e03\u6d3b\u52a8\u3002<\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> \u7684\u5b89\u5168\u529f\u80fd<\/h3>\n Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> is built on the strong foundation of Windows Server <\/p>\n 2019 <\/p>\n 2019 <\/p>\n <\/span><\/span>2019<\/span><\/span><\/span><\/span><\/span> and brings new security capabilities to combine with other security capabilities in Windows Server across multiple areas to provide defense-in-depth protection against advanced threats. Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> \u57fa\u4e8e Windows Server <\/p>\n 2019 <\/p>\n 2019 <\/p>\n <\/span><\/span>2019<\/span><\/span><\/span><\/span><\/span> \u7684\u6210\u719f\u67b6\u6784\u8fdb\u884c\u5f00\u53d1,\u65b0\u589e\u4e86\u591a\u9879\u5b89\u5168\u529f\u80fd,\u5e76\u4e0e Windows Server \u539f\u6709\u7684\u591a\u9886\u57df\u5b89\u5168\u529f\u80fd\u76f8\u7ed3\u5408,\u5b9e\u73b0\u5bf9\u9ad8\u7ea7\u5a01\u80c1\u7684\u7eb5\u6df1\u9632\u5fa1\u3002<\/p>\n Advanced multi-layer security in Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> provides the comprehensive protection that servers need today. Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> \u7684\u9ad8\u7ea7\u591a\u5c42\u5b89\u5168\u67b6\u6784,\u80fd\u4e3a\u670d\u52a1\u5668\u63d0\u4f9b\u5f53\u4e0b\u6240\u9700\u7684\u5168\u65b9\u4f4d\u5b89\u5168\u9632\u62a4\u3002<\/p>\n In addition, it brings many innovations on three key themes: security, Azure hybrid integration and management, and application platform. \u6b64\u5916,\u8be5\u7cfb\u7edf\u5728\u4e09\u5927\u6838\u5fc3\u65b9\u5411\u4e0a\u5b9e\u73b0\u4e86\u591a\u9879\u521b\u65b0:\u5b89\u5168\u3001Azure \u6df7\u5408\u96c6\u6210\u4e0e\u7ba1\u7406\u3001\u5e94\u7528\u5e73\u53f0\u3002<\/p>\n Also, Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> Datacenter: Azure Edition helps you use the benefits of the cloud to keep your VMs up to date while minimizing downtime. \u540c\u65f6,Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> \u6570\u636e\u4e2d\u5fc3\u7248:Azure \u7248\u53ef\u5145\u5206\u53d1\u6325\u4e91\u670d\u52a1\u7684\u4f18\u52bf,\u5728\u6700\u5927\u9650\u5ea6\u51cf\u5c11\u505c\u673a\u65f6\u95f4\u7684\u524d\u63d0\u4e0b,\u5b9e\u73b0\u865a\u62df\u673a(VM)\u7684\u6301\u7eed\u66f4\u65b0\u3002<\/p>\n Active Directory Domain Services is a technology that allows us to build and centrally manage a scalable Microsoft Enterprise network. Looking at the overview of the lab session we\u2019re going to carry out in this post, we are going to do the following: Active Directory \u57df\u670d\u52a1\u662f\u4e00\u9879\u80fd\u5e2e\u52a9\u6211\u4eec\u642d\u5efa\u5e76\u96c6\u4e2d\u7ba1\u7406\u53ef\u6269\u5c55\u5fae\u8f6f\u4f01\u4e1a\u7f51\u7edc\u7684\u6280\u672f\u3002\u672c\u6587\u7684\u5b9e\u64cd\u5b9e\u9a8c\u5c06\u5305\u542b\u4ee5\u4e0b\u5185\u5bb9:<\/p>\n Installing a new instance of Active Directory \u5b89\u88c5\u5168\u65b0\u7684 Active Directory \u5b9e\u4f8b<\/p>\n<\/li>\n Adding and configuring a new forest which is the overall container for Active Directory Domain Services and all its subjects \u6dfb\u52a0\u5e76\u914d\u7f6e\u65b0\u7684\u57df\u6797,\u57df\u6797\u662f Active Directory \u57df\u670d\u52a1\u53ca\u5176\u6240\u6709\u76f8\u5173\u5bf9\u8c61\u7684\u9876\u7ea7\u5bb9\u5668<\/p>\n<\/li>\n We will create the first Domain in the Forest which is known as the Forest Root Domain. We will give a fully qualified domain name (FQDN). Here, I am going to use blog.techdirectarchive.com as domain.<\/p>\n \u521b\u5efa\u57df\u6797\u4e2d\u7684\u7b2c\u4e00\u4e2a\u57df,\u5373 \u6797\u6839\u57df,\u5e76\u4e3a\u5176\u914d\u7f6e\u5b8c\u5168\u9650\u5b9a\u57df\u540d(FQDN),\u672c\u6587\u4e2d\u5c06\u4f7f\u7528 blog.techdirectarchive.com \u4f5c\u4e3a\u6797\u6839\u57df\u7684\u57df\u540d<\/p>\n<\/li>\n We will install DNS because we must have the Microsoft Active Directory Integrate with the DNS Server. \u5b89\u88c5 DNS \u670d\u52a1,\u56e0\u4e3a Microsoft Active Directory \u5fc5\u987b\u4e0e DNS \u670d\u52a1\u5668\u96c6\u6210\u4f7f\u7528<\/p>\n<\/li>\n After we have successfully installed and configured the Active Directory Domain Name Services, the Server will become a Domain Controller which is popularly codenamed DC. \u6210\u529f\u5b89\u88c5\u5e76\u914d\u7f6e Active Directory \u57df\u670d\u52a1\u540e,\u8be5\u670d\u52a1\u5668\u5c06\u6210\u4e3a\u57df\u63a7\u5236\u5668(\u5e38\u7b80\u79f0\u4e3a DC)\u3002<\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span><\/h5>\n All you need to get started with me in the demo session is a copy of Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> installed on your PC. To download the ISO file under the evaluation copy click here. Don\u2019t forget you can also try a copy of it directly on Azure (see screenshot below). \u8981\u8ddf\u968f\u672c\u6587\u5b8c\u6210\u5b9e\u64cd\u6f14\u793a,\u4f60\u9700\u8981\u5728\u7535\u8111\u4e0a\u5b89\u88c5 Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span>,\u53ef\u70b9\u51fb\u6b64\u5904\u4e0b\u8f7d\u8bc4\u4f30\u7248\u7684 ISO \u955c\u50cf\u6587\u4ef6\u3002\u6b64\u5916,\u4f60\u4e5f\u53ef\u4ee5\u76f4\u63a5\u5728 Azure \u4e91\u5e73\u53f0\u4e2d\u4f53\u9a8c\u8be5\u7cfb\u7edf(\u89c1\u4e0b\u65b9\u622a\u56fe)\u3002<\/p>\n You can also install a copy of the Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> via Oracle VirtualBox or VMWare. \u4f60\u4e5f\u53ef\u4ee5\u901a\u8fc7 Oracle VirtualBox \u6216 VMWare \u865a\u62df\u673a\u5b89\u88c5 Windows Server <\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span>\u3002<\/p>\n In case you run into the failed to open session error while trying to launch your VM Image on VirtualBox, \u82e5\u4f60\u5728 VirtualBox \u4e2d\u542f\u52a8\u865a\u62df\u673a\u955c\u50cf\u65f6\u9047\u5230\u201c\u6253\u5f00\u4f1a\u8bdd\u5931\u8d25\u201d\u7684\u9519\u8bef,\u53ef\u53c2\u8003\u76f8\u5173\u89e3\u51b3\u65b9\u6848\u3002<\/p>\n 2022 <\/p>\n 2022 <\/p>\n <\/span><\/span>2022<\/span><\/span><\/span><\/span><\/span> \u4e2d Active Directory \u57df\u670d\u52a1\u7684\u5b89\u88c5\u4e0e\u914d\u7f6e\u6b65\u9aa4<\/h4>\n As confirmed by the screenshot below, we have our Windows Server What we currently build<\/h4>\n
\u6211\u4eec\u5f53\u524d\u7684\u642d\u5efa\u5185\u5bb9<\/h4>\n
![\"img\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113341-6978a2951e349.png\")
<\/p>\n
\nActive Directory Forest \u2013 Trees and Domain and Sites<\/h2>\n
Active Directory \u57df\u6797\u2014\u2014\u57df\u6811\u3001\u57df\u4e0e\u7ad9\u70b9<\/h2>\n
![\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113341-6978a29543afa.png\")
<\/p>\nActive Directory Structure<\/h3>\n
Active Directory \u7684\u67b6\u6784<\/h3>\n
![\"img\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113341-6978a2956ec6d.png\")
<\/p>\nSome other information on AD Forest \u2013 Trees and Domain and Sites<\/h3>\n
AD \u57df\u6797\u3001\u57df\u6811\u3001\u57df\u4e0e\u7ad9\u70b9\u7684\u5176\u4ed6\u76f8\u5173\u4fe1\u606f<\/h3>\n
\n
Reasons to Create Additional Domain<\/h4>\n
\u521b\u5efa\u989d\u5916\u57df\u7684\u539f\u56e0<\/h4>\n
\n
\nInstall and configure Active Directory Domain Services on Windows Server<\/h2>\n
Windows Server \u4e2d Active Directory \u57df\u670d\u52a1\u7684\u5b89\u88c5\u4e0e\u914d\u7f6e<\/h2>\n
![\"ADDS-in-Windows-Server-2022\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113342-6978a296c9335.png\")
<\/p>\nWindows Server 2022 Security capabilities<\/h3>\n
Windows Server <\/p>\n
What is Active Directory Domain Services (ADDS)?<\/h4>\n
\u4ec0\u4e48\u662f Active Directory \u57df\u670d\u52a1(AD DS)?<\/h4>\n
Download Windows 2022<\/h5>\n
\u4e0b\u8f7d Windows Server <\/p>\n
![\"Evaluation-copy-of-Windows-Server-2022\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/01\/20260127113343-6978a2971d287.png\")
Windows Server 2022 Evaluation Copy<\/p>\nHow to install and configure Active Directory Domain Services on Windows Server 2022<\/h4>\n
Windows Server <\/p>\n