In
Tony.. said:
Hello all:
My friends and I are trying to grasp the concepts of active directory
and we have saved up money to get 4 test computers to develop our
practical skills.
Our environment is all 2000 sp4 servers with win2k and XP clients..
we have the goal to setup 2 DC and 2 clients. I have read about
preparing DNS before installing active directory. I have read that
some people discouraged implementing active directory integrated DNS
i.e. the one active directory wizard helps you with.
So my question is what steps should I take (before installing active
directory) to prepare DNS for active directory.
One domain: goku316.edu a primary and secondary DNS servers:
The forward zones. "." (root.DNS) & goku316.edu (set allow dynamic
updates). The reverse zones . 6.168.192
Of course the servers all have a static ip address and I intend to
install 2 domain controllers.
Any suggestions. on the steps I should take.
All help is welcomed..
Why discourage using AD Integratred zones? What is the reasoning you've seen
to not use AD Integrated zones? Do you have a link or is it just conjecture?
It's actually *highly* recommended to use AD Integrated zones for Forward
and Reverse Lookup Zones (instead of Standard Primary and Seconday zones)
because of increased security of the zone (since it;s actually stored in the
AD database), it replicates to all DCs in a domain and therefore available
on those DCs, secure updates feature, and taking advantage of it's
multi-master features. Windows 2003 actually has additional features to
replicate the zone to all DCs in a forest.
227844 - Primary and Active Directory Integrated Zones Differences:
http://support.microsoft.com/default.aspx?scid=kb;en-us;227844
Tell you what, if you just install DNS on the first DC you are installing
first, and make sure it is ONLY using itself for DNS in IP properties, don't
bother creating the zone. When you run through the dcpromo process, it will
create the zone automatically for you, make it AD Integrated, and allow
secure updates only. If the DC is not connected to the Internet during the
promotion process (Win2000 only), it will create a "." (Root) zone. That
will however eliminate outside resolution and not allow the creation of a
forwarder or use of the Root Hints. You can simply delete it. If connected
to the Internet, it will not create the Root zone.This is not to be confused
with the Root Hints.
When you promote the second DC that has a Secondary zone on it, and it is
pointing to either itself (using the Secondary zone), or pointing to the
first DC, (whether DNS is installed on it or not), dcpromo will
automatically make the zone AD Integrated, as long as the first DCs zone is
AD Integrated. This is default.
However, if you try to delete an AD Integrated zone off a DNS server, it
will delete it in AD, and therefore no longer available to any DC. Be
careful on that one.
Some links that may help you out:
AD Deployment Planning Guide Docs - Chapters 1 to 25 including Appendixes:
http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp
Active Directory - All about it [For Design see section on Planning &
Deployment Guides]:
http://www.microsoft.com/windows2000/technologies/directory/ad/default.asp
Active Directory Operations Guide:
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/default.mspx
Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth,
Branch Offices, Exchange, ADC, Import-Export, etc]:
http://www.microsoft.com/technet/pr...hnologies/activedirectory/deploy/default.mspx
Q298448 - Windows 2000 DNS and Active Directory Information and Technical
Resources [Also Talks about how to use DCDIAG and NetDIAG Infrastructure
Implementation]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q298448
300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000
(how to configure a forwarder is one of the steps) :
http://support.microsoft.com/?id=300202
Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;555040
Domain Controller's Domain Name System Suffix Does Not Match Domain Name:
http://support.microsoft.com/?id=257623
Clients cannot dynamically register DNS records in a single-label forward
lookup zone:
http://support.microsoft.com/?id=826743
291382 - Frequently asked questions about Windows 2000 DNS and Windows
Server 2003 DNS
http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/?id=825036
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
