Active Directory and DNS
Three primary Functions
Active Directory uses DNS for three primary functions:
- Name resolution. DNS provides name resolution by translating host names into IP addresses.
- Namespace definition. Active Directory uses DNS naming conventions to name domains. Windows 2000 domain names are DNS domain names. For example, contoso.com is a valid DNS domain name and could also be the name of a Windows 2000 domain.
- Locating the physical components of Active Directory. To log on to the network and perform queries in Active Directory, a computer running Windows 2000 first must locate a domain controller or global catalog server to process the logon authentication or the query.
The DNS database stores the information about which computers perform these roles and provides that information so that the request can be directed appropriately.
DNS's role in Windows
Question: How did DNS function in Windows NT?
DNS played a secondary role in Windows NT.
Windows NT relied on NetBIOS name resolution, and the Windows
Internet Name Services (WINS) as its primary means of identifying computers on the network.
DNS was used primarily by web browsers for translating web URLs to IP addresses. In Windows 2000, DNS takes over as the leading name resolution method.
Windows Group Policy
One of the big advantages of Active Directory over its predecessor, Windows NT, is its reliance on the Domain Name System (DNS) as opposed to the Windows Internet Naming Service (WINS) for name resolution. DNS is the ubiquitous, standards-based naming service used on the Internet. WINS, on the other hand, never garnered industry support and has become a candidate for elimination on many enterprise networks.
The good news is that with Active Directory, the dependencies on WINS have been eliminated, but the potentially bad news is that Active Directory has many dependencies on the DNS infrastructure. This is only potentially because it depends on the flexibility of your DNS environment.
Often, the groups that manage DNS and Active Directory within an organization are different, and getting the two teams to agree on implementation can be difficult due to political turf battles or technology clashes.
Although Active Directory does not need WINS, or more accurately NetBIOS name resolution, other systems and technologies may require it. Many administrators are quick to try to remove WINS from their environment, but generally speaking, the administrative cost of maintaining a WINS infrastructure is substantially smaller than the cost involved in executing a project to remove WINS.
The intent of this module is to provide you with a good understanding of how Active Directory uses DNS and to review some of the options for setting it up within your organization. We will briefly touch on some DNS basics, but we will not go into much depth on how to configure and administer the Windows DNS server.
Network-based name Resolution
This is network-based name resolution in which computer identifiers (typically hardware or IP addresses) are resolved to some form of name that is meaningful (computer name). Names on a computer network are really the following:
- NetBIOS Name (for instance, TCI1)
- TCP/IP Address (188.8.131.52)
- Host Name (Abbey)
- Media Access Control (MAC): this is the network adapter hardware address
Note that these are four generally accepted naming conventions used on a Windows 2000 Server network, the NetBIOS and Host name resolution process.