Boot in domain environment
Introduction to Windows domain
Windows domain is a network management mode that allows network administrators to control and manage a large number of computers and users from one place. Computers and users in the domain are verified and authorized by one or more servers (called domain controllers). Computers and users in the domain have their own accounts and passwords, and can log on to any computer in the domain. The domain can also set and apply various security and configuration options through group policy, as well as achieve resource sharing and access. Domains are usually used for large-scale enterprise, school or government networks, which can improve the security, scalability, redundancy and management efficiency of the network.
To implement Windows domain, the following requirements need to be met:
- You need one or more servers with Windows Server operating system installed, as domain controllers, responsible for managing objects (such as users, computers, organizational units, etc.) and services (such as DNS, DHCP, AD FS, etc.) in the domain.
- You need to install and configure Active Directory Domain Services (AD DS) role on the server, create and maintain the directory database in the domain.
- You need to specify a unique name for the domain, such as example.com, and register the name on the DNS server, so that computers inside and outside the domain can resolve the domain name.
- You need to choose a suitable functional level for the domain, to determine the functions and compatibility that can be used in the domain. The higher the functional level, the more functions can be used, but it also requires all domain controllers to use the same or higher version of Windows Server operating system.
- You need to join the client computers to the domain, so that they can accept the unified management of the domain and use the resources in the domain. Before joining the domain, you need to specify the DNS server address, and enter the domain name and administrator credentials on the client computer.
Installation requirements
The domain controller server is windows server 2008 R2 or above operating system (computer name: "domainserver", domain name: "test.com") Please note: Do not install DHCP service on the domain controller, workstations use fixed IP.
The cloud desktop server is windows server 2008 R2 or above operating system (computer name: "clouddesktopserver"), joined to the domain "test.com".
The cloud desktop client is windows 7 or above operating system (computer name: "test1"), joined to the domain "test.com".
Installation steps
- Please create a domain "test.com" on the server "domainserver", and join the workstation "test1" and server "clouddesktopserver" to the domain. Please log in with a domain administrator on "test1" and "clouddesktopserver".
- Install cloud desktop client on "test1", install cloud desktop server on "clouddesktopserver".
- Upload image to cloud desktop server "clouddesktopserver", and make sure "test1" can boot disklessly.
- Delete computer "test1" from Active Directory on domain server "domainserver".
- Use command "Join Domain" on server "clouddesktopserver" to add "test1" and other computers to domain server "domainserver".
Disable computer password change on domain server "domainserver".
- Open "Group Policy Management"
- Edit default domain policy "Default Domain Policy"
- In Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->Security Options, enable "Domain controller: Refuse machine account password changes".
- In Computer Configuration->Policies->Windows Settings->Security Settings->Local Policies->Security Options, enable "Domain member: Disable machine account password changes".
Installation problem solutions
- Login error after client startup: "The security database on the server does not have a computer account for this workstation trust relationship".
Solution: Add computer to domain server on cloud desktop server.
- Login error after client startup: "The security database on the server does not have a computer account for this workstation trust relationship".
- Login error after client startup: "The trust relationship between this workstation and the primary domain failed"
Solution: Delete the computer on the server, add computer to domain server on cloud desktop server.