为SQL Server Always On可用性组配置域控制器和Active Directory
In this series for SQL Server Always On availability groups, we are covering end to end configurations for SQL Server 2019 on Windows Server 2016. In the article, , we configured three virtual machines with their networking configurations.

在本系列SQL Server Always On可用性组系列中,我们将介绍Windows Server 2016上SQL Server 2019的端到端配置。在本文“ Windows Server 2016的 ,我们配置了三个虚拟机器及其网络配置。

In this article, we will explore the following topics.


  • Domain controller, active directory and join servers in the configured domain

  • Assign static IP’s for all virtual machines

  • Disable firewall settings

  • Validate and create a cluster


先决条件 (Prerequisites)

  • , and be ready with the Powered on virtual machines. ,并准备好使用已启动的虚拟机。
  • You should get a basic knowledge of domain controller, active directory, IP configurations


在虚拟机中为SQL Server Always On可用性组启用域控制器和Active Directory (Enable Domain Controller and Active Directory in a virtual machine for SQL Server Always On Availability Groups)

Before we enable these features and roles, let’s go over their brief description:


  • Domain Controller: A domain controller servers all security authentications requests for a Windows Server domain. In an organization, each server is a member of the domain controller. We use an FQDN [ServerName].[Domain] to connect with the server 域控制器 :域控制器为Windows Server域服务于所有安全身份验证请求。 在组织中,每个服务器都是域控制器的成员。 我们使用FQDN [ServerName]。[Domain]与服务器连接
  • DNS: You cannot remember the IP addresses of all servers. For example, we can easily connect to SQLShack.com, but if you have its IP address, it is difficult to remember all URL’s IP address. It is a standard method to associate names instead of the IP address DNS :您不能记住所有服务器的IP地址。 例如,我们可以轻松连接到SQLShack.com,但是如果您拥有其IP地址,则很难记住所有URL的IP地址。 这是一种关联名称而不是IP地址的标准方法
  • Active Directory: It is a container that consists of organization units for all users, their credentials, groups. All users must authenticate themselves to use an organization resource Active Directory:这是一个容器,由所有用户的单位部门,其凭据,组组成。 所有用户都必须对其进行身份验证才能使用组织资源

We will use the VM named VDITest3 for the configuration of active directory (AD) and domain. Usually, in an organization, you maintain different servers for both AD and domain.

我们将使用名为VDITest3的VM来配置活动目录(AD)和域。 通常,在组织中,您为AD和域维护不同的服务器。

Connect to the Virtual machine for the domain controller and Active Directory configuration. Launch the server manager -> dashboard.

连接到用于域控制器和Active Directory配置的虚拟机。 启动服务器管理器->仪表板。

Server Manager configuration for SQL Server Always-On Availability Groups

Click on the Add Roles and Features. It opens the wizard with brief information. We can skip this step.

单击添加角色和功能。 它会打开向导并提供简要信息。 我们可以跳过此步骤。

Add roles and features

In the next step, Select option Role-based or feature-based installation and click Next.


Role-based or feature-based installation

It shows the VM name, IP address and operating system in the destination server. You can verify the server name before continuing with the installation.

它显示目标服务器中的VM名称,IP地址和操作系统。 您可以在继续安装之前验证服务器名称。

Select destination server

In the server roles, enable the Active Directory Domain Services. It opens a pop-up window with its dependency features or services. Click on Add features to install all dependencies.

在服务器角色中,启用Active Directory域服务 。 它会打开一个弹出窗口,其中包含相关功能或服务。 单击添加功能以安装所有依赖项。

Similarly, enable the DNS server as well.


Enable the DNS server

Click Next, and you get an introduction page for the active directory. You can go through the information provided to gain a basic understanding.

单击“下一步”,您将获得活动目录的简介页。 您可以阅读所提供的信息以获得基本了解。

Active directory domain service

Similarly, you get an introduction to the DNS services as well.


DNS Server introduction

In the next step, review all features and roles installations. You should not install unnecessary services, features, roles on a server as a best practice.

在下一步中,查看所有功能和角色安装。 不应作为最佳实践在服务器上安装不必要的服务,功能和角色。

Some roles and features require a reboot of the server. Therefore I put a check on the Restart the destination server automatically if required.

某些角色和功能需要重新启动服务器。 因此, 如果需要,我会选中“ 自动重新启动目标服务器”。

In case, you add a role or feature to an existing server, and I would recommend you reboot manually.


Restart the destination server automatically

It starts the installation of the specified roles and features.


Installation progress

We can see features installation is completed.


Features installation progress

In the server roles, we get a warning message, and it asks us to promote the server as a domain controller because we installed a Domain controller feature on this server. Click on the message- Promote this server as a domain controller.

在服务器角色中,我们收到警告消息,并要求我们将服务器升级为域控制器,因为我们已在该服务器上安装了域控制器功能。 单击消息- 将该服务器升级为域控制器。

It opens an active directory services configuration wizard, as shown below. In this deployment configuration, select Add a new forest and specify the root domain name. I specify the root domain as MyDemoSQL.com

它将打开一个活动目录服务配置向导,如下所示。 在此部署配置中,选择“ 添加新林”并指定根域名。 我将根域指定为MyDemoSQL.com

Promote this server as a domain controller

Click Next. We can go with the default options for the forest functional level and functional domain level. Specify the domain admin password. You should store this password in a safe and secure place.

点击下一步。 我们可以使用林功能级别和功能域级别的默认选项。 指定域管理员密码。 您应该将此密码存储在安全的地方。

Domain Controller options

In the DNS option, skip the configuration and move towards the next page.


DNS options

It shows the NetBIOS domain name. It is the domain name without .com suffix.

它显示了NetBIOS域名。 它是没有.com后缀的域名。

NetBIOS domain name

By default, it installs the AD database, log file in the Windows directory of the root drive. We can go-ahead for the C drive for the demo purpose.

默认情况下,它将AD数据库日志文件安装在根驱动器的Windows目录中。 为了演示的目的,我们可以继续使用C盘。

AD database

Review your configurations and Click Next to begin active directory configuration.


Review options

First, it does the prerequisite check. We can ignore the warning messages here.

首先,它执行先决条件检查。 我们可以在这里忽略警告消息。

Warnings and status

It performs the reboot of the VM.



After reboot, you can verify that the computer is part of the MyDemoSQL.com domain. At this point, we have only one VM configured with the domain.

重新启动后,您可以验证计算机是否属于MyDemoSQL.com域。 此时,我们只有一个配置了域的VM。

静态IP和DNS服务器的网络配置 (Network configuration for the Static IP and DNS Server)

We require a static IP for the domain controller VM along with the SQL Server Always On Availability Groups. Type ipconfig and it returns the following output.

我们为域控制器VM以及SQL Server Always On可用性组需要一个静态IP。 键入ipconfig ,它将返回以下输出。

In the output, we can note the IPv4 address, subnet mask and default gateway.


Static IP and DNS Server

To set a static IP address, navigate to the Control Panel->Network and Internet->Network Connections. Click on the Change adapter settings.

要设置静态IP地址,请导航至控制面板->网络和Internet->网络连接。 单击更改适配器设置。

Change adapter settings

It opens networking options. Here, click on the Internet Protocol Version 4(TCP/IPv4) and Properties.

它打开网络选项。 在这里,单击“ Internet协议版本4(TCP / IPv4)”和“属性”。

networking options

By default, it is configured to obtain the IP address automatically. In this case, if you reboot the server, it might get a new IP address.

默认情况下,将其配置为自动获取IP地址。 在这种情况下,如果重新启动服务器,则它可能会获得一个新的IP地址。

Click on the Use the following IP addresses and specify the IP address as follows.

单击“ 使用以下IP地址”,然后指定IP地址,如下所示。

  • IP address:

  • Subnet mask:

  • Preferred gateway – blank

  • Preferred DNS server: ( because this server itself is a DNS server)


Assign Static IP

Click OK to save the changes. You can again type ipconfig in the command prompt to validate these settings.

单击确定以保存更改。 您可以再次在命令提示符下键入ipconfig来验证这些设置。

Verify changes

在DNS中为SQL Server Always On可用性组配置反向查找区域 (Configure Reverse lookup zones in DNS for SQL Server Always On Availability Groups)

We need to configure a reverse lookup zone in the DNS. It resolves the IP address to the server name. In the server manager dashboard, navigate to tools -> DNS.

我们需要在DNS中配置反向查找区域。 它将IP地址解析为服务器名称。 在服务器管理器仪表板中,导航到工具-> DNS。

Reverse lookup zones in DNS

It opens the following DNS manager with different folders.


DNS manager

Open the Reverse Lookup Zones folder and right-click on it to launch a new zone wizard.


new zone wizard

In the next zone wizard, go with the default option – Primary zone.

在下一个区域向导中,使用默认选项– 主区域。

Zone type for SQL Server Always-On Availability Groups

In the next step, select the zone replication scope- To all DNS servers running on domain controllers in the domain: MyDemoSQL.com

在下一步中,选择区域复制范围- 到域中域控制器上运行的所有DNS服务器:MyDemoSQL.com

To all DNS servers running on domain controllers

Select the type of lookup zone as a Reverse lookup zone.


reverse lookup zone

We are using an IPv4 address range, so select the IPv4 reverse lookup zone. In case you use an IPv6 IP range, select the other option.

我们正在使用IPv4地址范围,因此请选择IPv4反向查找区域。 如果您使用IPv6 IP范围,请选择其他选项。

IPv address range

In the reverse lookup zone name, we need to enter the network ID portion of the IP address. It is the digits before the last dot. In my case, I have an IP address in the range Therefore, the network SID is 10.0.2

在反向查找区域名称中,我们需要输入IP地址的网络ID部分。 它是最后一个点之前的数字。 就我而言,我的IP地址范围为10.0.2.15。 因此,网络SID为10.0.2

New Zone wizard

Accept the recommended method of the dynamic update as Allow only secure dynamic updates and click Next.

接受建议的动态更新方法为“ 仅允许安全动态更新” ,然后单击“下一步”。

Dynamic update

Review the configuration and click Finish to create a reverse lookup zone.


create a reverse lookup zone

It shows the following reverse lookup zone as per our configurations.


Verify zone

创建一个活动目录用户并为SQL Server Always On可用性组分配域管理员权限 (Create an active directory user and assign domain admin permissions for SQL Server Always On availability groups)

Type DSA.msc in the run, and it launches the AD containers with all users, computer service accounts.

在运行中键入DSA.msc ,它将使用所有用户和计算机服务帐户启动AD容器。

Create an active directory user for SQL Server always on availability groups

To create a new AD user, right-click on the container (in this case, Users) and create a new user.


Specify the first name, last name, user login name. It should be a unique login name in an OU.

指定名字,姓氏,用户登录名。 它应该是OU中的唯一登录名。

New object

On the next page, specify the password of this AD user along with configuration options. You can specify options such as :

在下一页上,指定此AD用户的密码以及配置选项。 您可以指定以下选项:

  • User must change password at next logon

  • User cannot change password

  • Password never expires

  • An account is disabled


For my demo purpose, I have unchecked all user password configuration.


User password and configuration

Review and confirm the user details to create in the Users group.


Verify user details

In the active directory users, double click on the Domain Admins.

在活动目录用户中,双击“ 域管理员”

It opens the domain admins properties. Click on Add, search for the AD user we created and add it here.

它将打开域管理员属性。 单击添加,搜索我们创建的AD用户并将其添加到此处。

Edit Domain Admins properties

Add this user as an administrator in all three VM’s as well. Add this user to the local administrator of all three VM’s. Open the computer management from the server manager -> Tools-> Computer management.

还要将该用户添加为所有三个VM的管理员。 将此用户添加到所有三个VM的本地管理员中。 从服务器管理器->工具->计算机管理中打开计算机管理。

Add user in the administrator group

在域中为SQL Server Always On可用性组添加SQLNode1和SQLNode2 (Add SQLNode1 and SQLNode2 in the domain for SQL Server Always On availability groups)

In the next step, open the network properties of the SQLNode1 and SQLNode2. Enter the following values for the IP address.

在下一步中,打开SQLNode1和SQLNode2的网络属性。 输入以下IP地址值。

SQLNode1网络配置 (SQLNode1 network configuration)

  • IP address:

  • Subnet mask:

  • Preferred gateway – blank

  • Preferred DNS server: ( it is the IP address of our DNS server)


SQLNode1 network configuration for SQL Server Always-On Availability Groups

验证IP配置 (Validate IP configurations)

Validate IP configurations

SQLNode2网络配置 (SQLNode2 network configuration)

  • IP address:

  • Subnet mask:

  • Preferred gateway – blank

  • Preferred DNS server: ( it is the IP address of our DNS server)


SQLNode2 network configuration

验证IP配置 (Validate IP configurations)

Validate IP configurations

在MyDemoSQL.com域中为SQL Server Always On可用性组添加SQLNode1 (Add SQLNode1 in the MyDemoSQL.com domain for SQL Server Always On availability groups)

In this step, we need to join the VM to the existing domain MyDemoSQL.com. To add a server into the domain, click on the server name in the server dashboard.

在此步骤中,我们需要将VM加入现有的域MyDemoSQL.com。 要将服务器添加到域中,请在服务器仪表板中单击服务器名称。

Add SQLNode1 in the MyDemoSQL.com domain

It opens the system properties. Click on the change, and you can specify the computer name and its domain.

它打开系统属性。 单击更改,然后可以指定计算机名称及其域。

Join nodes in the domain for SQL Server Always-On Availability Groups

Click on OK, and it joins the VM into the specified domain. You need to specify the domain admin user name and password to allow it as a member in the MyDemoSQL.com domain.

单击“确定”,它将虚拟机加入指定的域。 您需要指定域管理员用户名和密码,以使其成为MyDemoSQL.com域的成员。

AD authentication

You get a welcome message, as shown below, once it adds the server successfully.


Welcome to domain

It reboots the VM. You should

重启虚拟机。 你应该

Verify domain

在MyDemoSQL.com域中添加SQLNode2 (Add SQLNode2 in the MyDemoSQL.com domain)

Similarly, add the SQLNode2 VM as well in the MyDemoSQL.com domain and validate it.

同样,在MyDemoSQL.com域中也添加SQLNode2 VM,并对其进行验证。

Add SQLNode2 in the MyDemoSQL.com domain

结论 (Conclusion)

In this article, we configured Domain Controller, Active Directory and DNS in a virtual machine. Later, we configured Reverse lookup zones, domain admin account, local admin account and added the servers in the domain for SQL Server Always On availability group.

在本文中,我们在虚拟机中配置了域控制器,Active Directory和DNS。 后来,我们配置了反向查找区域,域管理员帐户,本地管理员帐户,并为SQL Server Always On可用性组在域中添加了服务器。

In my next article, I will walk you through the configuration of failover clusters, quorum configuration and storage drives allocation for the SQL nodes.


目录 (Table of contents)

Configure Domain Controller and Active Directory for SQL Server Always On Availability Groups
为SQL Server Always On可用性组配置域控制器和Active Directory



