No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess V100R006C20 on FusionCloud V100R006C10 Software Installation Guide 11 (Microsoft AD)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Installing AD/DNS/DHCP

Installing AD/DNS/DHCP

NOTE:

If the existing Microsoft AD is used, you do not need to run Applying for AD/DNS/DHCP ECSs~Activating the OSs of Windows VMs to install and configure the AD, DNS, DHCP and directly connect to the existing Microsoft AD. For details about how to connect to an existing Microsoft AD, see Connecting to Existing Microsoft AD.

Applying for AD/DNS/DHCP ECSs

Scenarios

This section describes how to apply for the AD/DNS/DHCP ECSs on the ServiceCenter tenant portal.

Prerequisites

You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.

Procedure
  1. On the ServiceCenter tenant portal, choose Computing > Elastic Cloud Server and click Create ECS.
  2. Set the parameters according to Table 5-6. Retain the default values for the parameters that are not involved or set the parameters according to the actual requirements. Click Apply Now.

    Table 5-6 FA-AD-01 parameter configuration

    Parameter

    Description

    ECS Name

    FA-AD-01

    CPU

    2 (or more)

    Memory

    4 GB (or more)

    Image Type

    Public image

    Image

    Configure this parameter based on resource requirements.

    Disk

    60 GB

    Data Disk

    30 GB (or more)

    VPC

    vpc-VDI

    Security Group

    sg-AD

    NIC

    Configure a static IP address for the management subnet (subnet-Manager), for example, 172.16.0.11.

    EIP

    Select Do Not Use.

    Login Mode

    Click Password and enter the password of Administrator.

    Advanced Settings > ECS Group

    Create an anti-affinity ECS group named VDI_ADDNS and add it.

  3. On the specifications confirmation page, confirm the specifications. Then, click Submit.
  4. Repeat Step 1 to Step 3 to apply for ECS FA-AD-02. Retain the default values for the parameters that are not involved or set the parameters based on the site requirements.

    Table 5-7 FA-AD-02 parameter configuration

    Parameter

    Description

    ECS Name

    FA-AD-02

    CPU

    2 (or more)

    Memory

    4 GB (or more)

    Image Type

    Public image

    Image

    Configure this parameter based on resource requirements.

    Disk

    60 GB (or more)

    Data Disk

    30 GB (or more)

    VPC

    vpc-VDI

    Security Group

    sg-AD

    NIC

    Configure a static IP address for the management subnet (subnet-Manager), for example, 172.16.0.12.

    EIP

    Select Do Not Use.

    Login Mode

    Click Password and enter the password of Administrator.

    Advanced Settings > ECS Group

    Create an anti-affinity ECS group named VDI_ADDNS and add it.

Installing the AD/DNS/DHCP Component

Scenarios

This section describes how to install the AD/DNS/DHCP component.

Prerequisites

You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.

Procedure

Remotely logging in to an ECS

  1. On the ServiceCenter tenant portal, choose Computing > Elastic Cloud Server.
  2. In the Operation column of the target ECS (for example, active AD/DNS/DHCP ECS FA-AD-01), click Remote Login.

    The Configure Keyboard Layout for Remote Login is displayed.

  3. Select the English keyboard and click Remote Login.
  4. (Optional) If the system displays "Press CTRL+ALT+DELETE to log on", click Send CtrlAltDel in the upper right corner of the remote login page to log in to the ECS.
  5. Enter the initial password of the Administrator user set in Applying for AD/DNS/DHCP ECSs to log in to the ECS.

    NOTE:

    When you log in to Windows Server 2012 for the first time, you need to set the password of the Administrator account. Plan the password by yourself.

Changing the name of the AD/DNS/DHCP server

NOTE:

If the Cloudbase-Init software is installed in the image, you do not need to manually change the server name.

  1. On the taskbar, right-click and choose Run. In the Run edit box, enter the sysdm.cpl command and press Enter.

    The System Properties window is displayed.

  2. Click Change. In Computer name, enter the planned computer name and click OK, as shown in Figure 5-1.

    Figure 5-1 System properties

  3. Complete the configuration as prompted, restart the VM, and log in to the VM using the Administrator account.

Adding the AD/DNS/DHCP role and backup function

  1. On the taskbar, click .

    The Server Manager window is displayed, as shown in Figure 5-2.

    Figure 5-2 Server Manager

  2. In the middle of the page, click Add Roles and Features.

    The Add Roles and Features Wizard dialog box is displayed.

  3. Click Next third times.
  4. In the Roles area, select Active Directory Domain Services, DHCP Server, and DNS Server. In the dialog box that is displayed, click Add Features. Then click Next, as shown in Figure 5-3.

    NOTE:

    The Add Roles and Features Wizard window may be displayed. Click Continue.

    Figure 5-3 Adding the AD/DNS/DHCP role

  5. In the Features area, select Windows Server Backup, as shown in Figure 5-4.

    Figure 5-4 Deploying the backup function

  6. Click Next for four times.
  7. Click Install.

    The installation is complete when the installation progress indicates a successful installation.

Installing the AD/DNS/DHCP service for the standby server

  1. Log in to the standby AD/DNS/DHCP server FA-AD-02 as user Administrator.
  2. Repeat Step 9 to Step 15 to install the AD/DNS/DHCP service for the standby server.

Configuring the AD Service

Scenarios

This section describes how to configure the AD service on the active and standby servers.

Prerequisites

You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.

Procedure

Configuring the active AD server

  1. Log in to active AD/DNS/DHCP ECS FA-AD-01 as user Administrator.
  2. In the upper right corner of the Server Manager page, click , and select Promote this server to a domain controller.

    The Active Directory Domain Services Configuration Wizard window is displayed, as shown in Figure 5-5.

    Figure 5-5 Active Directory Domain Services Configuration Wizard

  3. Select Add a new forest, set Domain, and click Next.
  4. Set Forest Functional Level and Domain Functional Level to Windows Server 2012 R2, set Type the Directory Services Restore Mode (DRSM) password, and click Next, as shown in Figure 5-6.

    NOTE:

    In DRSM, only the DSRM administrator account can be used to log in to the system.

    Figure 5-6 Configuring the domain controller

  5. Retain the default values, click Next for five times, and click Install.

    Install the AD/DNS/DHCP service as prompted and restart the ECS.

  6. Log in to active AD/DNS/DHCP ECS FA-AD-01 as user Administrator.

    The administrator account is in the user domain name\Administrator format, for example vdesktop\Administrator.

Configuring the standby AD server

  1. Log in to standby AD/DNS/DHCP ECS FA-AD-02 as user Administrator.
  2. On the taskbar, right-click and choose Run. In the Run edit box that is displayed, enter the ncpa.cpl command and press Enter.

    The Local Area Connection Properties window is displayed.

  3. Right-click the NIC and choose Properties from the shortcut menu. Double-click Internet Protocol Version 4.
  4. Use the following DNS server address and enter the IP address of active AD/DNS/DHCP ECS FA-AD-01.
  5. In the upper right corner of the Server Manager page, click , and select Promote this server to a domain controller.

    The Active Directory Domain Services Configuration Wizard window is displayed, as shown in Figure 5-7.

    Figure 5-7 Active Directory Domain Services Configuration Wizard

  6. Select Add a domain controller to an existing domain.
  7. Click Select of Domain.

    The Windows Security dialog box is displayed.

  8. Enter the domain username and password of the active AD, and click OK, as shown in Figure 5-8.

    Figure 5-8 Windows Security

  9. Enter the domain name entered when the active AD is created, for example, vdesktop.huawei.com.
  10. In the Active Directory Domain Services Configuration Wizard window, click Next.
  11. Set Directory Services Restore Mode Administrator Password, and click Next, as shown in Figure 5-9.

    NOTE:

    In DRSM, only the DSRM administrator account can be used to log in to the system.

    Figure 5-9 Entering the DSRM password

  12. Retain the default values, click Next for five times, and click Install.

    Install the AD/DNS/DHCP service as prompted and restart the ECS.

  13. Log in to standby AD/DNS/DHCP ECS FA-AD-02 as user Administrator.

    The administrator account is in the user domain name\Administrator format, for example vdesktop\Administrator.

Configuring the DNS Reverse Lookup Function

Scenarios

This section describes how to configure the DNS reverse lookup function on the active DNS server.

Table 5-8 describes the differences when you configure the function on the active and standby DNS servers.

Table 5-8 Differences in configuring the DNS reverse lookup function on the active and standby DNS servers

Operation

Active Server

Standby Server

Difference

Configure the DNS reverse lookup function.

×

-

√ indicates that the operation needs to be performed. × indicates that the operation does not need to be performed.

NOTE:

If the domain name cannot be pinged when the DNS is installed separately, restart the Netlogon service in the Server Manager window.

Prerequisites

You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.

Procedure
  1. Log in to active AD/DNS/DHCP ECS FA-AD-01 as user Administrator.
  2. On the taskbar, click .

    The Server Manager window is displayed.

  3. In the navigation tree, choose DNS.
  4. In the SERVERS area, right-click server name and choose DNS Manager from the shortcut menu.

    The DNS Manager dialog box is displayed, as shown in Figure 5-10.

    Figure 5-10 DNS Manager

  5. In the navigation tree, right-click Reverse Lookup Zones and choose New Zone from the shortcut menu.

    The New Zone Wizard dialog box is displayed.

  6. Click Next three times as promoted.
  7. In the Reverse Lookup Zone Name window, select IPv4 Reverse Lookup Zone and click Next.
  8. In Network ID, enter the IP address segment for reverse lookup and click Next.

    The Dynamic Update page is displayed.

    NOTE:

    The IP address segment for DNS reverse lookup is the IP address segment of the management subnet (subnet-Manager) (that is, the IP address segment where the infrastructure VM resides), for example, 172.16.0.

  9. Retain the default values and complete the DNS reverse lookup configuration as prompted.

    In the Server Manager window, the added domain is displayed in the right pane of Reverse Lookup Zones.

Configuring DNS Policies

Scenarios

This section describes how to configure DNS policies. Table 5-9 lists the differences when you configure DNS policies on active and standby DNS servers.

Table 5-9 Differences in configuring DNS policies on active and standby DNS servers

Operation

Active Server

Standby Server

Difference

1. Select the IP address for monitoring the DNS server.

None

2. Configure advanced DNS properties.

×

-

3. Enable the aging and scavenging functions for the DNS server.

×

-

4. Change the start of authority (SOA).

×

-

5. Disable IPv6 for the DNS server.

None

√ indicates that the operation needs to be performed. × indicates that the operation does not need to be performed.

Prerequisites

You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.

Procedure

Selecting the IP address for monitoring the DNS server

  1. Log in to active AD/DNS/DHCP ECS FA-AD-01 as user Administrator.
  2. On the taskbar, click .

    The Server Manager window is displayed.

  3. In the left navigation pane, click DNS.
  4. In the SERVERS area, right-click server name and choose DNS Manager from the shortcut menu.

    The DNS Manager dialog box is displayed.

  5. Expand DNS. Right-click the computer name, and choose Properties from the shortcut menu.
  6. Click the Interfaces tab. Select Only the following IP address and the IPv4 address for the NIC.
  7. Click Apply.

Configuring advanced DNS properties

  1. Click the Advanced tab and set the parameters as shown in Figure 5-11.

    NOTE:

    If user VMs need to access the external/public network, deselect Disable recursion (also disable forwarders).

    Figure 5-11 Advanced

  2. Click the Root Hints tab. In the Name servers area, click Remove to delete all *.root-servers.net., as shown in Figure 5-12.

    Figure 5-12 Root Hints

  3. Click OK and close the Properties dialog box.
  4. Delete the c:\windows\system32\dns\cache.dns file to prevent the deleted information from being restored after the DNS server is restarted.

Enabling the aging and scavenging functions for the DNS server

  1. Expand DNS. Right-click the computer name, and choose Set Aging/Scavenging for All Zones from the shortcut menu.
  2. Select Scavenging stale resource records and click OK, as shown in Figure 5-13.

    Figure 5-13 Scavenging stale resource records

  3. Select Apply these settings to the existing Active Directory-integrated zones and click OK.

Changing the SOA

  1. In the navigation tree, choose DNS > Computer name > Reverse Lookup Zones.
  2. Right-click Reverse IP address segment, for example, 0.16.172.in-addr.arpa and choose Properties from the shortcut menu.
  3. Click the Start of Authority (SOA) tab and set Expires after to 100 days, as shown in Figure 5-14.

    Figure 5-14 Start of Authority (SOA)

  4. Click OK.

Disabling IPv6 for the DNS server

  1. On the taskbar, right-click and choose Run. In the Run edit box that is displayed, enter the ncpa.cpl command and press Enter.

    The Local Area Connection Properties window is displayed.

  2. Right-click the NIC, choose Properties, and deselect Internet Protocol Version 6 (TCP/IPv6), as shown in Figure 5-15.

    Figure 5-15 Local Area Connection Properties

  3. Click OK.
  4. On the CLI, run the following commands in sequence to disable the tunnel adapter:

    netsh interface teredo set state disabled
    netsh interface 6to4 set state disabled
    netsh interface isatap set state disabled

Configuring the DNS policies for the standby DNS server

For details about the differences in configuring DNS policies on the active and standby DNS servers, see Table 5-9.

  1. Log in to standby AD/DNS/DHCP ECS FA-AD-02 as user Administrator.
  2. Repeat Step 1 to Step 7 to select the IP address for monitoring the DNS server.
  3. Repeat Step 19 to Step 22 to disable IPv6 for the DNS server.

Creating Domain Administrator Accounts

Scenarios

This section describes how to create domain administrator accounts on the AD server.

Prerequisites

You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.

Procedure

Creating an OU

  1. Log in to active AD/DNS/DHCP ECS FA-AD-01 as user Administrator.
  2. On the taskbar, click .

    The Server Manager window is displayed.

  3. In the navigation tree of the Server Manager window, click AD DS.
  4. In the SERVERS area, right-click server name, and choose Active Directory Users and Computers from the shortcut menu.

    The Active Directory Users and Computers window is displayed.

  5. In the navigation tree on the left, right-click a domain name, and choose New > Organizational Unit.

    The New Object - Organizational Unit window is displayed.

  6. Enter the name of the user domain OU to be created, for example, UserOU, and click OK.

    Figure 5-16 Creating an OU

Creating a domain account

Table 5-10 describes the data required for creating domain accounts.

Table 5-10 Domain administrator account

Account

Description

Example Value

Domain administrator account

  • Account for operating the domain. On the AD server, this account is used to create domain accounts or add domain accounts to the administrator group.
  • Add the domain administrator account to the Domain Admins group for managing the domain.

vdsadmin

NOTE:

For details about operations performed using AD domain accounts, see the online help information about the AD server.

  1. Right-click user domain OU and choose New > User from the shortcut menu.

    The New Object - User dialog box is displayed, as shown in Figure 5-17.

    Figure 5-17 Creating a domain account

  2. Enter the domain account in First name and User logon name, and click Next.

    NOTE:

    The domain account consists of digits, letters, spaces, and special characters `~!#$%^&()-_{}.

  3. Set the password for the domain account, deselect User must change password at next logon, and click Next.
  4. Click Finish.
  5. Repeat Step 7 to Step 10 to create other required domain accounts.

Configuring a domain administrator

  1. Right-click the domain account to be set as the domain administrator, for example, vdsadmin, and choose Properties from the shortcut menu.
  2. Click the Member Of tab and Add, specify Domain Admins, and click Check Names. After the verification is successful, click OK.
  3. Click OK in sequence to close the Properties dialog box.

Configuring Backup Paths and Remote Assistance

Scenarios

This section describes how to configure backup paths and remote assistance. Both the active and standby servers require backup paths.

After remote assistance is configured, the administrator can use the remote assistance function of Windows to remotely share and control the desktops of terminal users to help users solve desktop faults.

NOTE:

The current version only supports remote assistance for the user desktops using Windows 7. The administrator must use Windows Vista, Windows 7, Windows Server 2008, or Windows 8 during remote assistance.

Prerequisites
  • You have obtained and decompressed the FusionAccess_Windows_Installer_V100R006C20SPC102.iso file.
  • You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.
Procedure

Configuring backup paths

  1. Log in to active AD/DNS/DHCP ECS FA-AD-01 as user Administrator.
  2. Check whether the configuration is performed in the KVM scenario.

    • If yes:
      1. Apply for and bind a temporary EIP for the ECS. For details, see:
      2. Set Allow remote connections to this computer in the ECS. For details, see Step 11 to Step 14 in Configuring a Windows VM.
      3. Run mstsc on the local PC to remotely connect to the ECS, decompress the ISO file, and copy the FusionAccess_Windows_Installer_V100R006C20SPC102 folder and all files in the folder to the C:\ directory of the ECS.
    • If no, mount FusionAccess software package FusionAccess_Windows_Installer_V100R006C20SPC102.iso to the AD/DNS/DHCP server by using the CD-ROM drive, and double-click the CD-ROM drive to open it.
      NOTE:

      The FusionAccess Windows Installer window is displayed after the CD-ROMs of some VMs are double-clicked.

  1. Double-click the run.bat file in the FusionAccess_Windows_Installer_V100R006C20SPC102 folder.

    Figure 5-18 is displayed.

    Figure 5-18 FusionAccess Windows Installer

  2. Click Scale-out Deployment.

    The Deployment page is displayed.

  3. Select Windows BackupTools and click Install.
  4. In BackupTools, click Browse and set BackupPath to a path residing on a disk (except the system disk) with more than 15 GB available space.
  5. Click Save and Exit. The backup path configuration is complete.
  6. Check whether the configuration is performed in the KVM scenario.

    • If yes, delete all files copied to the ECS in 2.c and unbind the temporary EIP.
    • If no, uninstall the CD-ROM drive from the ECS.

Configuring remote assistance

  1. In the lower left corner, choose > Run. In the dialog box that is displayed, run the gpmc.msc command.

    The Group Policy Management window is displayed.

  2. Choose Group Policy Management > Forest: domain name > Domains > domain name. Right-click Group Policy Objects, choose New from the shortcut menu, and enter the name to create a group policy.
  3. Right-click the created group policy, and choose Edit. In the displayed window, choose Computer Configuration > Policies > Administrative Templates > System > Remote Assistance.
  4. Double-click Configure Offer Remote Assistance, select Enabled, click Show, enter the domain management account, for example, vdesktop\vdsadmin, and click OK twice, as shown in Figure 5-19.

    Figure 5-19 Enabling remote assistance

Configuring a backup path for the standby server

  1. Log in to standby AD/DNS/DHCP ECS FA-AD-02 as user Administrator.
  2. Repeat Step 2 to Step 8 to configure a backup path for the standby AD/DNS/DHCP server.
  3. Release the temporary EIP.

Activating the OSs of Windows VMs

Scenarios

The license provided for the VM that runs standard Windows Server 2012 R2 obtained in Software Packages has a trial period of 180 days only. Users should purchase and activate an official license.

This section describes how to activate the OSs of all Windows VMs.

Prerequisites
  • You have obtained the SN of Windows Server 2012 R2 from legal sources.
  • You have used the resource administrator account created in Dividing Cloud Resources to log in to the ServiceCenter tenant portal.
Procedure
  1. Log in to any VM running the Windows OS as user Administrator.
  2. On the taskbar, click .

    The Start menu is displayed.

  3. Choose Control Panel.

    The Control Panel window is displayed.

  4. Choose System and Security > System.

    The System window is displayed.

  5. Click Activate Windows in the Windows Activation area.
    • Obtain the SN of Windows Server 2012 R2 from legal sources.
    • Use the English product SN for an English OS. If a product SN of another language is used, a BSOD error will occur on the VM.

    Enter the OS SN. Click OK to activate the Windows OS.

  6. Repeat Step 1 to Step 6 to activate the OSs of other Windows VMs.
Translation
Download
Updated: 2019-07-01

Document ID: EDOC1100021785

Views: 49593

Downloads: 112

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next