Common Questions

[John Barwell]

Dear All,

Please can someone assist me in helping to answer the following questions:

1. What is (in your opinion) the current hardware requirements for Win2k
Advanced Server?

2. What are the common mistakes made when setting up Win2k Advance Server?

3. There are issues when naming a domain with a public domain name. If the
website for that domain is not hosted on that machine I understand it can
cause problems. What are these issues and how can you resolve them?

4. If a server does have a public domain name and does not host the website
for it. How can you resolve it without doing a full reinstall?

5. What are the issues surrounding improper DNS configuration? How can these
be resolved?

6. What are the benefits of OUs with respect to managing users and computers
in Active Directory?

7. How useful is it to configure WINS if the network is running on TCP/IP?

Any feedback is appreciated.

Thanks,


John Barwell

 

[SaltPeter]

Dear All,

Please can someone assist me in helping to answer the following questions:

1. What is (in your opinion) the current hardware requirements for Win2k
Advanced Server?

Depends entirely on what the system is used for. Performance monitor can
help diagnose bottlenecks. One might be running a member server or a PDC
with several FSMO roles or a DNS server + SQL.

2. What are the common mistakes made when setting up Win2k Advance Server?

Lack of planning /testing. Software / hardware compatibility issues. DNS
naming convention for parent and child domains. Improper security policies.
The list is infinite.

3. There are issues when naming a domain with a public domain name. If the
website for that domain is not hosted on that machine I understand it can
cause problems. What are these issues and how can you resolve them?

This is not neccessarily an issue. The question is "who" is
authoritative for a domain or one of it's zones. If you let an ISP manage
the dns entry for a child domain like www.domain.com it still isn't the SOA
(start of Authority) for "domain.com". If you have a public domain and a
fixed ip address named domain.com you still are authoritative for that zone.
The question is: are you authoritative for that name in the world-wide
internet namespace or privately only?

4. If a server does have a public domain name and does not host the website
for it. How can you resolve it without doing a full reinstall?

The question should be: how do you resolve the dns domain name from
inside and outside the firewall. The answer is obvious. Being able to
resolve a domain from outside presents a serious security risk. That's why
VPNs exist, why routers route or block and firewalls do what they do.

5. What are the issues surrounding improper DNS configuration? How can these
be resolved?

Planning and understanding dns name resolution. There is no other way.
That's not an option in W2K, DNS is a fundamental requirement. Correcting
improper DNS configs needs to happen before the namespace is created. There
is no excuse, the DNS concept is a simple one.

6. What are the benefits of OUs with respect to managing users and computers
in Active Directory?

An OU is the equivalent of an NT4 domain with the added benefit of a
third dimension + inheritence( objects, objects, objects). While the NT4
network structure is 2 dimensional, flat and relies on trust relationships,
OUs are containers which define a security boundary in which all contents
inherit the security settings within. A W2K domain admin can selectively
delegate specific administrative rights to a targetted OU admin but also
impose security simply by moving or creating an object within the OU (using
GPO links). A domain is a container of containers, and an OU is one of these
containers.

7. How useful is it to configure WINS if the network is running on TCP/IP?

Wins is for older netbios operating systems (like NT4, Win9x). Configuring a
WINS server in these older operating systems does 2 things: it will prevent
broadcasting where all packets MUST be analyzed by all systems on a given
subnet and provides efficient name resolution for those systems which are
configured to support a uni-dimensional netbios namespace. WINS is useless
in a pure W2K environment because the sequence that W2K uses to resolve a
name in a W2K domain environment should never rely on a WINS server.

Unlike NT4 and Win9x, W2K checks for a valid DNS server first, specially
nice since a DNS server query can cross a router, implies a governing
authority, supports seconday zones + forwarders and therefore implies a
network hierarchy. Hierarchy is a word that netbios knows nothing about.

 

[Peter Marshall]

7. How useful is it to configure WINS if the network is running on
TCP/IP?

Wins is for older netbios operating systems (like NT4, Win9x). Configuring a
WINS server in these older operating systems does 2 things: it will prevent
broadcasting where all packets MUST be analyzed by all systems on a given
subnet and provides efficient name resolution for those systems which are
configured to support a uni-dimensional netbios namespace. WINS is useless
in a pure W2K environment because the sequence that W2K uses to resolve a
name in a W2K domain environment should never rely on a WINS server.

Unlike NT4 and Win9x, W2K checks for a valid DNS server first, specially
nice since a DNS server query can cross a router, implies a governing
authority, supports seconday zones + forwarders and therefore implies a
network hierarchy. Hierarchy is a word that netbios knows nothing about.

I run a pure W2K environment, but still run WINS because I find that this is
the only way to allow the users to see all the machines under Entire Network
on Win Explorer - unless anyone can tell me what I can do to get DNS to do
this.

Ta

 

[SaltPeter]

Configuring

I run a pure W2K environment, but still run WINS because I find that this is
the only way to allow the users to see all the machines under Entire Network
on Win Explorer - unless anyone can tell me what I can do to get DNS to do
this.

Ta

DNS will do nothing to populate Network Neighbourhood other than quickly
resolve the master browser for a network (which is what your Wins is doing
right now). Net Neighbourhood relies on netbios connectivity to domain
master browsers, subnet master browsers and subnet backup browsers.

Most of the time, loosing computers in a Net Neighbourhood list is caused by
name resolution failure, routers blocking udp 138, unreachable domain master
browser, frequent browser elections with loss of tcp/ip connectivity or Add
Routes pointing to inexistent networks.

Point being, net neighbourhood is populated by browsers, not WINS.