(các tòa nhà trong khuôn viên của một tổ chức hoặc các phần khác biệt của một tòa nhà). Một khi bạn đã xác định chiến lược đặt tên, chắc chắn rằng tất cả những người quản trị có khả năng tạo ra các trang web tìm hiểu về chiến lược và làm theo nó. Bạn cần phải tạo một tài liệu chi tiết các trang web sẽ được sử dụng trong | deployment methods 129 Figure Sysvol folder location At this point DNS is checked to make sure that the zone information is valid and dynamic registrations are allowed. If the test completes successfully you will receive a message similar to Figure . FIGURE DNS validation If you have any applications running on your servers that were not written for Windows 2000 or Windows Server 2003 and the application needs to view group membership or have access to resources with elevated privileges that Windows 2000 or Windows Server 2003 do not provide you may have to select the first option in Figure . If your applications are certified for either of these operating systems you can select the second option. 130 chapter 8 deployment Figure Downgrading your security level When the directory service needs to be restored the domain controller will need to be rebooted into Directory Services Restore Mode DSRM . The directory service is not accessible once you start up in this mode so a local administrator account is used to safeguard the local directory service database from becoming attacked. You provide the password for this account in the screen found in Figure . FIGURE Directory Services Restore Mode password Finally the summary screen is displayed as seen in Figure . Review the options you chose and if everything appears correct click Next to install Active Directory. Once the first domain controller is in place the domain is available and awaiting replica domain controllers as well as a client to connect to it. In the next section we will discuss how to create the replica domain controllers. deployment methods 131 Figure Summary screen for Dcpromo Replica Domain Controllers You should never have a domain that contains only a single domain controller. To do so would be a suicide move if your domain controller failed and you were unable to restore from backup media. Always have at least two domain controllers with a preference of having .