DNS and Active Directory
HTML-код
- Опубликовано: 26 сен 2024
- Active Directory requires DNS in order to operate. This videos looks at how Active Directory uses DNS and thus improves your understanding of how to support Active Directory and ensures your DNS infrastructure will support the requirements for Active Directory.
PDF itfreetraining....
Demonstration
To access DNS Manager, open Server Manager and select DNS from the tools menu.
The DNS records required for Active Directory are located under Forward Lookup zones under the DNS name of your domain. There are a number of different containers in here. The DNS records in each container have different uses to clients on the network.
_tcp container
This container contains services that are available via TCP or reliable transport. The container contains 4 different types of records. These are _gc, _kerberos, _kpasswd and _ldap. These allow clients to find services on the network by searching for these records. For example, if a client wants to find a global catalog server, it will look for the DNS records _gc. Under _tcp, this will contain all the global catalog servers that are available in the domain. A client needs to query this container using DNS and this will give the client a service record for a global catalog server in the domain. The default DNS server setting will attempt to return a global catalog server in the same network as the client. The _kerberos records are used by the client to locate servers on the network that can perform Kerberos authentication. The _kpasswd records tell the client where a server is that can perform Kerberos password changes. The _ldap tells the client where servers are located on the network that can perform Ldap lookups.
_udp container contains the same kind of records as _tcp, however these services are contactable with the UDP protocol.
Service records properties
Priority: When two or more records exist with the same name than the DNS record will be used with the lowest priority.
Weight: When two or more records exist that have the same lowest priority, the weight value is used to determine which record is used. For example, if one record had a value of 20 and the other 80, the first record would use 2 out of 10 requests and the second, 8 out of 10 records.
Port: The port number is the port the service can be contacted on.
Dynamic update and DNS
When services like Active Directory Domain Services starts up, it will automatically attempt to register service records in DNS. If you do not have dynamic updates enabled and you have scavenging enabled, the Active Directory DNS records will eventually be removed. Since the services records have been removed, clients will not be able to find Active Directory resources on the network. If you want to check if dynamic updates are enabled, open the properties of the zone file and make sure that dynamic updates is not disabled on the general tab.
DomainDNSZones and ForestDNSZones
These two containers contains DNS records that are relevant for the domain and forest.
_msdcs zone
This is a Microsoft specific zone that contains resource service records for the domain or forest. This zone contains DNS service records that are registered by Microsoft based services. Since there are other non-Microsoft Directory Services that use service records, in order for a client to be sure that it is obtaining service records for a Microsoft solution, a Microsoft only zone is required. This zone is available at the forest level and thus Domain Controllers can obtain service records for all Domain Controllers in the forest. Using this information, they can create replication that works at the domain and forest level.
Description to long for youtube. For the rest of the description please see.
itfreetraining....
References
"MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 480
"Active Directory SRV Records" www.petri.co.il...
"How DNS Support for Active Directory Works" technet.microso...
"I've deleted all service records - I do not recommend that you do this on a production network" Thank you for legit making me laugh while listening to this passively in the background at 1am in my home when everyone's asleep
Best channel for IT videos ever...
Thx
Been studying for the Microsoft AD certification exam for a while now, so far this is the most intuitive video that I've found that covers most of the essentials of DNS. Great job!
+turtleban Thank you. We're glad you enjoy our videos
You have the best videos on AD..
Thanks so much!
Very Very Helpful and Valuable information
+Sachin Bidwai We're happy you found the information to be valuable. Thanks for watching!
Thank you for this great Video from Germany.
Thank you very much
Great in how you delivered the content.
Thanks very much.
At 1:13 you say "On this network there are currently two domain controlers, so this means that there are 4 DNS records for each domain controler"
Can you explain please? Thanks for the video.
No problem at all, thanks for watching.
Thanks very much
how to install windows server 2019 active directory on vps and how to join local computer on that active directory server ?
Thank You very much!. This video is missing in playlist 70-640 Active Directory Course
Wow this is veeeeery important
We agree. :)
Thank you for this great Video once again
+Gadgetproblem Noproblem Thanks! You're welcome.
Hi
Can you please tell me what all the pre-existing folders are for when you first open Active Directory Users & Computers option?
There are several pre-existing folders: Builtin, Computers, Domain Controllers, Foreign Security Principles etc
Great video as always, but pick it up a notch.
Amazing . Good pictorial explanation .
Thanks!
Thanks very much and thanks for watching.
Have a look at the replication settings for the zone that forestdnszone is located in. This will determine if it is replicate to the domain or forest level.
a great learning source..!!!
+mehak virmani Thank you! We're glad you think so! Thanks for watching.
Thank you very much.
Thanks for good job(As always)
Thank you very much Sir for valuable knowledge just love your videos they are so good hear, I just love your accent any TDH can comprehend for sure. kudos\m/, if possible is there any way wherein I can connect you
What do you mean by replication? Thank you for your videos!
Replication is the action of copying or reproducing something. In the case of DNS, this is the process of making the DNS secondary zone match the primary zone. That is, replication process will add, change or delete records in the secondary zone to match the primary.
In the case of Active Directory, when a record is changed it is replicated using Active Directory so all the other copies have the same copy. If to changes occur on different servers, Active Directory uses a last write win, that is, the newest change will be used.
@@itfreetraining Thank you for your response, it is very helpful!
Verry good!
Thanks!
Can AD Dns hold Records of multiple AD forest domains?
Replication is limited to the forest. See this page for more details.
www.serverbrain.org/active-directory-planning-008/replication-boundary.html
Given that active directory integrated zones are stored in an application partition, there is a lot of control how they are replicated. However, different forests have potentially difference schemas and thus replication is not possible.
You could create a secondary zone in the other forest which would create a copy of the active directory integrated zones as a workaround.
Parabéns!
Tiago Toledo Faria Thank you
thanks !!
No problem at all, thanks for watching.
Thanks very much and thanks for watching.
how about forestdnszone will it replicate to all domain....i am unable to see ForestDnsZone in child domain....only domaindns zone is available sir..
Hi
Can you please tell me what all the pre-existing folders are for when you first open Active Directory Users & Computers option?
There are several pre-existing folders: Builtin, Computers, Domain Controllers, Foreign Security Principles etc
Grt, Thanks for video. It is spoon feeding for beginers.
Thanks for the video.
You're most welcome!