Read an Excerpt
Chapter 1: Active Directory
Windows 2000 is a major advancement in Microsoft's stable of operating systems. Its ambitious feature set is built around a new, integrated management architecture called Active Directory. One of Active Directory's requirements is a Domain Name System (DNS) environment because of Active Directory's use of IP-based networking. Without DNS servers, a Windows 2000 Active Directory changes from a tightly integrated environment to a collection of isolated servers. For this reason, a robust DNS environment will be needed on any Windows 2000 Active Directory network. Network administrators charged with installing or upgrading to Windows 2000 must take a close look at Active Directory and the DNS environment. If a DNS environment already exists on the network, consideration must be given to requirements placed on the DNS servers by the Windows 2000 Active Directory support, such as the need to support SRV resource records in DNS zones.
DNS and Active Directory planning are interrelated because of their dependency on each other. Administrators will need to address DNS and Active Directory together or face the consequences of improper design. Incorporating DNS and Active Directory over and existing Windows NT network will often require additional DNS servers, consolidation of domains, and creation of management hierarchies to accommodate a very new environment.
This book presents the basics of Active Directory so that those unfamiliar with this aspect of Windows 2000 will be able to understand its complexities and impact. Those tasked with design and management of Active Directory will definitely want to check out a book dedicated to ActiveDirectory.
The majority of this book addresses the installation and configuration and migration details associated with Active Directory as it relates to Windows 2000 DNS. This includes examination of thirdparty DNS tools and BIND, a major DNS server implementation. Heterogeneous networks that include UNIX or Linux servers will most likely incorporate BIND in one fashion or another.
DNS and related services run remarkably well with minimal management, but changes are always needed with actions such as the addition of new servers. This book looks at managing Windows 2000 DNS and other services using the Microsoft Management Console (MMC) support as well as command-line management tools and remote management options.
The Windows 2000 DNS service can operate on a standalone Windows 2000 server, but this is an unlikely configuration for all but the smallest networks. The typical Windows 2000 network will incorporate Active Directory throughout the network. Active Directory is a major change from Windows NT. Active Directory supports a hierarchical domain system that mirrors a DNS domain hierarchy. In addition, each domain will normally sport an additional hierarchy that includes all types of network objects that can be grouped in organizational units (OU). Organizational units can contain other organizational units, which leads to this internal hierarchy.
Active Directory is also central to Windows 2000 security. Hierarchical security-related inheritance makes management easier to handle and understand. The security system also incorporates Kerberos, an advanced authentication system that originated at MIT. Kerberos is so important to the inner workings of Windows 2000 that these services are advertised in Windows 2000 DNS zones. Windows 2000 can operate in native mode that requires a homogeneous collection of Windows 2000 workstations and servers. In this case, IP-based communication is required, as is DNS support.
Many Windows 2000 networks will operate in mixed mode. Windows 2000 workstations and servers can still operate with the latest security support, but non-Windows 2000 computers will use the less secure Windows NT protocols and security. Active Directory is not just a management hierarchy. It incorporates a multimaster database that spans a domain as well as a global catalog database, which in turn spans an entire network. This scope was not lost on the Windows 2000 designers, and Windows 2000 DNS allows you to take advantage of this database when Active Directoryintegrated DNS zones are used...
