In this series for SQL Server Always On availability groups, we are covering end to end configurations for SQL Server 2019 on Windows Server 2016. In the article, A comprehensive guide to SQL Server Always On Availability Groups on Windows Server 2016, we configured three virtual machines with their networking configurations.
在本系列SQL Server Always On可用性组系列中,我们将介绍Windows Server 2016上SQL Server 2019的端到端配置。在本文“ Windows Server 2016的SQL Server Always On可用性组综合指南”中 ,我们配置了三个虚拟机器及其网络配置。
In this article, we will explore the following topics.
在本文中,我们将探讨以下主题。
- Domain controller, active directory and join servers in the configured domain 配置域中的域控制器,活动目录和联接服务器
- Assign static IP’s for all virtual machines 为所有虚拟机分配静态IP
- Disable firewall settings 禁用防火墙设置
- Validate and create a cluster 验证并创建集群
先决条件 (Prerequisites)
在虚拟机中为SQL Server Always On可用性组启用域控制器和Active Directory (Enable Domain Controller and Active Directory in a virtual machine for SQL Server Always On Availability Groups)
Before we enable these features and roles, let’s go over their brief description:
在启用这些功能和角色之前,让我们看一下它们的简要说明:
-
Domain Controller: A domain controller servers all security authentications requests for a Windows Server domain. In an organization, each server is a member of the domain controller. We use an FQDN [ServerName].[Domain] to connect with the server 域控制器 :域控制器为Windows Server域服务于所有安全身份验证请求。 在组织中,每个服务器都是域控制器的成员。 我们使用FQDN [ServerName]。[Domain]与服务器连接
-
DNS: You cannot remember the IP addresses of all servers. For example, we can easily connect to SQLShack.com, but if you have its IP address, it is difficult to remember all URL’s IP address. It is a standard method to associate names instead of the IP address DNS :您不能记住所有服务器的IP地址。 例如,我们可以轻松连接到SQLShack.com,但是如果您拥有其IP地址,则很难记住所有URL的IP地址。 这是一种关联名称而不是IP地址的标准方法
-
Active Directory: It is a container that consists of organization units for all users, their credentials, groups. All users must authenticate themselves to use an organization resource Active Directory:这是一个容器,由所有用户的单位部门,其凭据,组组成。 所有用户都必须对其进行身份验证才能使用组织资源
We will use the VM named VDITest3 for the configuration of active directory (AD) and domain. Usually, in an organization, you maintain different servers for both AD and domain.
我们将使用名为VDITest3的VM来配置活动目录(AD)和域。 通常,在组织中,您为AD和域维护不同的服务器。
Connect to the Virtual machine for the domain controller and Active Directory configuration. Launch the server manager -> dashboard.
连接到用于域控制器和Active Directory配置的虚拟机。 启动服务器管理器->仪表板。
Click on the Add Roles and Features. It opens the wizard with brief information. We can skip this step.
单击添加角色和功能。 它会打开向导并提供简要信息。 我们可以跳过此步骤。
In the next step, Select option Role-based or feature-based installation and click Next.
在下一步中,选择选项基于角色或基于功能的安装,然后单击下一步 。
It shows the VM name, IP address and operating system in the destination server. You can verify the server name before continuing with the installation.
它显示目标服务器中的VM名称,IP地址和操作系统。 您可以在继续安装之前验证服务器名称。
In the server roles, enable the Active Directory Domain Services. It opens a pop-up window with its dependency features or services. Click on Add features to install all dependencies.
在服务器角色中,启用Active Directory域服务 。 它会打开一个弹出窗口,其中包含相关功能或服务。 单击添加功能以安装所有依赖项。
Similarly, enable the DNS server as well.
同样,也启用DNS服务器。
Click Next, and you get an introduction page for the active directory. You can go through the information provided to gain a basic understanding.
单击“下一步”,您将获得活动目录的简介页。 您可以阅读所提供的信息以获得基本了解。
Similarly, you get an introduction to the DNS services as well.
同样,您也可以了解DNS服务。
In the next step, review all features and roles installations. You should not install unnecessary services, features, roles on a server as a best practice.
在下一步中,查看所有功能和角色安装。 不应作为最佳实践在服务器上安装不必要的服务,功能和角色。
Some roles and features require a reboot of the server. Therefore I put a check on the Restart the destination server automatically if required.
某些角色和功能需要重新启动服务器。 因此, 如果需要,我会选中“ 自动重新启动目标服务器”。
In case, you add a role or feature to an existing server, and I would recommend you reboot manually.
万一您将角色或功能添加到现有服务器中,建议您手动重新启动。
It starts the installation of the specified roles and features.
它开始安装指定的角色和功能。
We can see features installation is completed.
我们可以看到功能安装完成。
In the server roles, we get a warning message, and it asks us to promote the server as a domain controller because we installed a Domain controller feature on this server. Click on the message- Promote this server as a domain controller.
在服务器角色中,我们收到警告消息,并要求我们将服务器升级为域控制器,因为我们已在该服务器上安装了域控制器功能。 单击消息- 将该服务器升级为域控制器。
It opens an active directory services configuration wizard, as shown below. In this deployment configuration, select Add a new forest and specify the root domain name. I specify the root domain as MyDemoSQL.com
它将打开一个活动目录服务配置向导,如下所示。 在此部署配置中,选择“ 添加新林”并指定根域名。 我将根域指定为MyDemoSQL.com
Click Next. We can go with the default options for the forest functional level and functional domain level. Specify the domain admin password. You should store this password in a safe and secure place.
点击下一步。 我们可以使用林功能级别和功能域级别的默认选项。 指定域管理员密码。 您应该将此密码存储在安全的地方。
In the DNS option, skip the configuration and move towards the next page.
在DNS选项中,跳过配置并转到下一页。
It shows the NetBIOS domain name. It is the domain name without .com suffix.
它显示了NetBIOS域名。 它是没有.com后缀的域名。
By default, it installs the AD database, log file in the Windows directory of the root drive. We can go-ahead for the C drive for the demo purpose.
默认情况下,它将AD数据库日志文件安装在根驱动器的Windows目录中。 为了演示的目的,我们可以继续使用C盘。
Review your configurations and Click Next to begin active directory configuration.
查看您的配置,然后单击“下一步”开始活动目录配置。
First, it does the prerequisite check. We can ignore the warning messages here.
首先,它执行先决条件检查。 我们可以在这里忽略警告消息。
It performs the reboot of the VM.
它执行VM的重新引导。
After reboot, you can verify that the computer is part of the MyDemoSQL.com domain. At this point, we have only one VM configured with the domain.
重新启动后,您可以验证计算机是否属于MyDemoSQL.com域。 此时,我们只有一个配置了域的VM。
静态IP和DNS服务器的网络配置 (Network configuration for the Static IP and DNS Server)
We require a static IP for the domain controller VM along with the SQL Server Always On Availability Groups. Type ipconfig and it returns the following output.
我们为域控制器VM以及SQL Server Always On可用性组需要一个静态IP。 键入ipconfig ,它将返回以下输出。
In the output, we can note the IPv4 address, subnet mask and default gateway.
在输出中,我们可以记下IPv4地址,子网掩码和默认网关。
To set a static IP address, navigate to the Control Panel->Network and Internet->Network Connections. Click on the Change adapter settings.
要设置静态IP地址,请导航至控制面板->网络和Internet->网络连接。 单击更改适配器设置。
It opens networking options. Here, click on the Internet Protocol Version 4(TCP/IPv4) and Properties.
它打开网络选项。 在这里,单击“ Internet协议版本4(TCP / IPv4)”和“属性”。
By default, it is configured to obtain the IP address automatically. In this case, if you reboot the server, it might get a new IP address.
默认情况下,将其配置为自动获取IP地址。 在这种情况下,如果重新启动服务器,则它可能会获得一个新的IP地址。
Click on the Use the following IP addresses and specify the IP address as follows.
单击“ 使用以下IP地址”,然后指定IP地址,如下所示。
- IP address: 10.0.2.15 IP地址:10.0.2.15
- Subnet mask: 255.255.255.0 子网掩码:255.255.255.0
- Preferred gateway – blank 首选网关–空白
- Preferred DNS server: 127.0.0.1 ( because this server itself is a DNS server) 首选DNS服务器:127.0.0.1(因为此服务器本身是DNS服务器)
Click OK to save the changes. You can again type ipconfig in the command prompt to validate these settings.
单击确定以保存更改。 您可以再次在命令提示符下键入ipconfig来验证这些设置。
在DNS中为SQL Server Always On可用性组配置反向查找区域 (Configure Reverse lookup zones in DNS for SQL Server Always On Availability Groups)
We need to configure a reverse lookup zone in the DNS. It resolves the IP address to the server name. In the server manager dashboard, navigate to tools -> DNS.
我们需要在DNS中配置反向查找区域。 它将IP地址解析为服务器名称。 在服务器管理器仪表板中,导航到工具-> DNS。
It opens the following DNS manager with different folders.
它将打开以下具有不同文件夹的DNS管理器。
Open the Reverse Lookup Zones folder and right-click on it to launch a new zone wizard.
打开“反向查找区域”文件夹,然后右键单击它以启动新的区域向导 。
In the next zone wizard, go with the default option – Primary zone.
在下一个区域向导中,使用默认选项– 主区域。
In the next step, select the zone replication scope- To all DNS servers running on domain controllers in the domain: MyDemoSQL.com
在下一步中,选择区域复制范围- 到域中域控制器上运行的所有DNS服务器:MyDemoSQL.com
Select the type of lookup zone as a Reverse lookup zone.
选择查找区域的类型作为反向查找区域。
We are using an IPv4 address range, so select the IPv4 reverse lookup zone. In case you use an IPv6 IP range, select the other option.
我们正在使用IPv4地址范围,因此请选择IPv4反向查找区域。 如果您使用IPv6 IP范围,请选择其他选项。
In the reverse lookup zone name, we need to enter the network ID portion of the IP address. It is the digits before the last dot. In my case, I have an IP address in the range 10.0.2.15. Therefore, the network SID is 10.0.2
在反向查找区域名称中,我们需要输入IP地址的网络ID部分。 它是最后一个点之前的数字。 就我而言,我的IP地址范围为10.0.2.15。 因此,网络SID为10.0.2
Accept the recommended method of the dynamic update as Allow only secure dynamic updates and click Next.
接受建议的动态更新方法为“ 仅允许安全动态更新” ,然后单击“下一步”。
Review the configuration and click Finish to create a reverse lookup zone.
查看配置,然后单击完成以创建反向查找区域。
It shows the following reverse lookup zone as per our configurations.
它根据我们的配置显示以下反向查找区域。
创建一个活动目录用户并为SQL Server Always On可用性组分配域管理员权限 (Create an active directory user and assign domain admin permissions for SQL Server Always On availability groups)
Type DSA.msc in the run, and it launches the AD containers with all users, computer service accounts.
在运行中键入DSA.msc ,它将使用所有用户和计算机服务帐户启动AD容器。
To create a new AD user, right-click on the container (in this case, Users) and create a new user.
要创建新的AD用户,请右键单击容器(在本例中为Users),然后创建一个新用户。
Specify the first name, last name, user login name. It should be a unique login name in an OU.
指定名字,姓氏,用户登录名。 它应该是OU中的唯一登录名。
On the next page, specify the password of this AD user along with configuration options. You can specify options such as :
在下一页上,指定此AD用户的密码以及配置选项。 您可以指定以下选项:
- User must change password at next logon 用户必须在下次登录时更改密码
- User cannot change password 用户无法更改密码
- Password never expires 密码永不过期
- An account is disabled 帐户被禁用
For my demo purpose, I have unchecked all user password configuration.
出于演示目的,我未选中所有用户密码配置。
Review and confirm the user details to create in the Users group.
查看并确认要在“用户”组中创建的用户详细信息。
In the active directory users, double click on the Domain Admins.
在活动目录用户中,双击“ 域管理员” 。
It opens the domain admins properties. Click on Add, search for the AD user we created and add it here.
它将打开域管理员属性。 单击添加,搜索我们创建的AD用户并将其添加到此处。
Add this user as an administrator in all three VM’s as well. Add this user to the local administrator of all three VM’s. Open the computer management from the server manager -> Tools-> Computer management.
还要将该用户添加为所有三个VM的管理员。 将此用户添加到所有三个VM的本地管理员中。 从服务器管理器->工具->计算机管理中打开计算机管理。
在域中为SQL Server Always On可用性组添加SQLNode1和SQLNode2 (Add SQLNode1 and SQLNode2 in the domain for SQL Server Always On availability groups)
In the next step, open the network properties of the SQLNode1 and SQLNode2. Enter the following values for the IP address.
在下一步中,打开SQLNode1和SQLNode2的网络属性。 输入以下IP地址值。
SQLNode1网络配置 (SQLNode1 network configuration)
- IP address: 10.0.2.21 IP地址:10.0.2.21
- Subnet mask: 255.255.255.0 子网掩码:255.255.255.0
- Preferred gateway – blank 首选网关–空白
- Preferred DNS server: 10.0.2.15 ( it is the IP address of our DNS server) 首选的DNS服务器:10.0.2.15(这是我们的DNS服务器的IP地址)
验证IP配置 (Validate IP configurations)
SQLNode2网络配置 (SQLNode2 network configuration)
- IP address: 10.0.2.22 IP地址:10.0.2.22
- Subnet mask: 255.255.255.0 子网掩码:255.255.255.0
- Preferred gateway – blank 首选网关–空白
- Preferred DNS server: 10.0.2.15 ( it is the IP address of our DNS server) 首选的DNS服务器:10.0.2.15(这是我们的DNS服务器的IP地址)
验证IP配置 (Validate IP configurations)
在MyDemoSQL.com域中为SQL Server Always On可用性组添加SQLNode1 (Add SQLNode1 in the MyDemoSQL.com domain for SQL Server Always On availability groups)
In this step, we need to join the VM to the existing domain MyDemoSQL.com. To add a server into the domain, click on the server name in the server dashboard.
在此步骤中,我们需要将VM加入现有的域MyDemoSQL.com。 要将服务器添加到域中,请在服务器仪表板中单击服务器名称。
It opens the system properties. Click on the change, and you can specify the computer name and its domain.
它打开系统属性。 单击更改,然后可以指定计算机名称及其域。
Click on OK, and it joins the VM into the specified domain. You need to specify the domain admin user name and password to allow it as a member in the MyDemoSQL.com domain.
单击“确定”,它将虚拟机加入指定的域。 您需要指定域管理员用户名和密码,以使其成为MyDemoSQL.com域的成员。
You get a welcome message, as shown below, once it adds the server successfully.
成功添加服务器后,您将收到一条欢迎消息,如下所示。
It reboots the VM. You should
重启虚拟机。 你应该
在MyDemoSQL.com域中添加SQLNode2 (Add SQLNode2 in the MyDemoSQL.com domain)
Similarly, add the SQLNode2 VM as well in the MyDemoSQL.com domain and validate it.
同样,在MyDemoSQL.com域中也添加SQLNode2 VM,并对其进行验证。
结论 (Conclusion)
In this article, we configured Domain Controller, Active Directory and DNS in a virtual machine. Later, we configured Reverse lookup zones, domain admin account, local admin account and added the servers in the domain for SQL Server Always On availability group.
在本文中,我们在虚拟机中配置了域控制器,Active Directory和DNS。 后来,我们配置了反向查找区域,域管理员帐户,本地管理员帐户,并为SQL Server Always On可用性组在域中添加了服务器。
In my next article, I will walk you through the configuration of failover clusters, quorum configuration and storage drives allocation for the SQL nodes.
在我的下一篇文章中,我将引导您完成故障转移群集的配置,仲裁配置以及SQL节点的存储驱动器分配。
目录 (Table of contents)
翻译自: https://www.sqlshack.com/configure-domain-controller-and-active-directory-for-sql-server-always-on-availability-groups/
