Friday, March 27, 2009

What Does Active Directory integrated DNS mean to you

This is the question asked to one of my fried during the interview and after talking to my body I decided to write this up and provide some very basic information which will be very helpful for those who needs to brush up or learn the basic DNS and active directory integration.

The DNS is the back bone of ADDS (directory services). When Domain controller (authentication server) reboots it registers several dynamic records into DNS database so that the Authentication server can provide services to its clients. Simply when user gets in front of workstation presses CTRL ALT DELETE and supply user name and password to gain access to domain (Boundary of DNS name space, Boundary of authentication) the Domain controller who is taking to client at that time does several basic task

1. User supplied user name and password, requesting to log on to domain.

2. Domain controller received the information , logon request to domain and its resources

3. Domain controller compared given information , checked existing database (.DIT database)

4. Domain controller verified , Prepared a token for the user

5. Token has , things like membership of the user and all other good stuff you can imagine

6. Token is being passed to use, and user star seeing a desktop

Great now we saw basic service provided by Domain controller and a typical client serviced by the domain controller. Same as going to bank and getting money from your account, imagine they check your ID, back account and so on to give access to you to your own account.

DNS is very important if DNS was not there, Where Domain controller would register records and how he would claim to be a domain controller? Where client would go to locate a domain controller in absence of DNS

The similar questions and scenarios easy can be populated and the importance of DNS becomes life critical. You will hear this a lot if you don’t have health DNS, your active directory wont function and your exchange server will go ***Bananas***smile_regular

Where does DNS information within the active directory? DNS information is being kept in the domain partition of active directory. In MultiMate replication model the domain partition of active directory is being replicated to any other available domain controllers. So if you have one DC/DNS (Active directory integrated DNS) you are replication domain partition, as well as DNS information regardless other DC’s are DNS servers or not.

So why not to make DNS part of standard DC implementation and have redundant DNS server within our organization will be great question to ask ourselves.

If you remember Active directory 2003 and above Microsoft added fourth partition called “”application” partition to keep application specific data.

AD integrated DNS mean the DNS data in part of .DIT database and it is getting replicated to all other available domain controllers within your domain. Of course this makes clients happier, in multi-master replication model client can register or located resources to any available DNS servers and gain access to resources, thus making DC’s integrated DNS makes the more sense and secures the critical DNS data for your organization.

Oz Casey Dedeal

MVP (Exchange)

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Blog: http://www.smtp25.blogspot.com

4 comments:

Anonymous said...

Good article for folks who are planning to implement Ad integrated dns.

Unknown said...

Thanks for the info. If you can describe the same by using diagram that will be wonderful.

Anonymous said...

Why were you talking to you body?

Anonymous said...

"DNS is very important if DNS was not there, Where client would go to locate a domain controller in absence of DNS"

that's not a reason, you could have a secondary dns copy on another server which would tell the clients where the dc is