Module 2: Configuring Domain Name Service for Active Directory - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Module 2: Configuring Domain Name Service for Active Directory

Description:

Title: Module 4: Managing Security Author: jessieg Last modified by: margaret horak Created Date: 12/13/2006 11:57:27 PM Document presentation format – PowerPoint PPT presentation

Number of Views:94
Avg rating:3.0/5.0
Slides: 26
Provided by: jessi315
Category:

less

Transcript and Presenter's Notes

Title: Module 2: Configuring Domain Name Service for Active Directory


1
  • Module 2 Configuring Domain Name Service for
    Active Directory Domain Services

2
Module Overview
  • Overview of Active Directory Domain Services and
    DNS Integration
  • Configuring Active Directory Integrated Zones
  • Configuring Read-Only DNS

3
Lesson 1 Overview of Active Directory Domain
Services and DNS Integration
  • Active Directory Domain Services and DNS
    Namespace Integration
  • What Are Service Resource Locator Records?
  • Demonstration SRV Locator Records Registered by
    AD DS Domain Controllers
  • How Service Resource Locator Records Are Used
  • Integration of Service Resource Locator Records
    and Active Directory Sites

4
Active Directory Domain Services and DNS
Namespace Integration
Active Directory domain names must use DNS names
You can integrate an Active Directory domain name with the external name space by using The same name space A sub domain of the external name space A different name space where the domain and local are different names
5
What Are Service Locator Records?
  • SRV resource records allow DNS clients to locate
    TCP/IP-based Services. SRV resource records are
    used when
  • A domain controller needs to replicate changes
  • A client computer logs on to Active Directory
  • A user attempts to change his or her password
  • An Exchange 2003 server performs a directory
    lookup
  • An administrator modifies Active Directory

SRV record syntax
protocol.service.name TTL class type
priority weight port target
Example of an SRV record
_ldap._tcp.contoso.msft 600 IN SRV 0
100 389 den-dc1.contoso.msft
6
Demonstration SRV Resource Records Registered by
AD DS Domain Controllers
  • In this demonstration, you will see how to view
    and manage the SRV resource records registered by
    domain controllers

7
How Service Resource Locator Records Are Used
Locator initiates a call to Net Logon service
1
Locator collects information about the client
2
Net Logon uses the information and queries DNS
for SRV resource records
3
Net Logon tests connectivity to target servers
4
Domain controllers respond, indicating that
they are operational
5
Net Logon returns the information to clients
6
8
Integration of Service Locator Records and Active
Directory Sites
1. Queries DNS for DC
2. Responds with multiple records
5. Queries DNS for DC in NYC site
Local DNS Server
6. Responds with DC in NYC site
3. Contacts MIA-DC1 by using LDAP
4. MIA-DC1 returns site info NYC
MIA-DC1
NYC-DC1
Miami Site
NYC Site
9
Lesson 2 Configuring Active Directory
Integrated Zones
  • What Are Active Directory Integrated Zones?
  • What Are Application Partitions in AD DS?
  • Options for Configuring Application Partitions
    for DNS
  • How Dynamic Updates Work
  • How Secure Dynamic DNS Updates Work
  • Demonstration Configuring AD DS Integrated Zones
  • How Background Zone Loading Works

10
What Are Active Directory Integrated Zones?
Active Directory integrated zones store DNS zone
data in the Active Directory database
  • Benefits of using Active Directory integrated
    zones
  • Replicates DNS zone information using Active
    Directory replication
  • Supports multiple master DNS servers
  • Enhances security
  • Supports record aging and scavenging

11
What Are Application Partitions in AD DS?
The Active Directory database is divided into
directory partitions, with each directory
partition replicated to specific domain
controllers
  • A DNS zone can be stored in the domain partition
    or in an application partition
  • Administrators can define the replication scope
    of customapplication partitions
  • DomainDNSzones and forestDNSzones are default
    application partitions that store DNS-specific
    data

Domain
Domain
Config
Domain
Config
Schema
Config
Schema
App1
Schema
App1
App2
12
Options for Configuring Application Partitions
for DNS
DNS information can be stored in a variety of
application partitions
To all domain controllers in the Active Directory
domain
To all domain controllers that are DNS servers in
the Active Directory domain
To all domain controllers that are DNS servers in
the Active Directory forest
To all domain controllers in the replication
scope for the application partition
13
How Dynamic Updates Work
Client sends SOA query
1
DNS server sends zone name and server IP address
Resource Records
DNS Server
2
Client verifies existing registration
3
1
2
3
4
5
DNS server responds by stating that registration
does not exist
4
Client sends dynamic update to DNS server
5
Windows Server 2008
Windows Vista
Windows XP
14
How Secure Dynamic DNS Updates Work
A secure dynamic update is accepted only if the
client has the proper credentials to make the
update
Local DNS Server
Windows Vista DNS Client
Result
Find authoritative server
Result
Attempt nonsecure update
Refused
Domain Controller with Active Directory
Integrated DNS Zone
Secure update negotiation
Accepted
15
Demonstration Configuring AD DS Integrated Zones
  • In this demonstration, you will see how to
    configure
  • A DNS zone as AD DS integrated
  • Dynamic updates on DNS zones
  • Dynamic update settings on a network connection
  • Secure dynamic updates

16
How Background Zone Loading Works
  • When a domain controller with Active Directory
    integrated DNS zones starts, it
  • Enumerates all zones to be loaded
  • Loads root hints from files or AD DS servers
  • Loads all zones that are stored in files rather
    than in AD DS
  • Begins responding to queries and RPCs
  • Starts one or more threads to load the zones that
    are stored in AD DS

17
Lesson 3 Configuring Read-Only DNS
  • What Is Read-Only DNS?
  • How Read-Only DNS Works
  • Discussion Comparing DNS Options for Branch
    Offices

18
What Is Read-Only DNS?
  • A feature supported on Read-Only Domain
    Controllers
  • All application partitions containing DNS
    information are replicated to the RODC
  • Benefits
  • DNS information required for Active Directory
    name resolution is available for clients in
    the same site as the RODC
  • Changes are not allowed on the read-only DNS
    zone, which increases security

19
How Read-Only DNS Works
Read-only DNS is installed on an RODC when AD DS
is installed and the DNS option is selected
  • Read-only DNS zone data can be viewed, but
    cannot be updated
  • Dynamic DNS updated clients using the RODC are
    referred to a DNS server with a writeable copy
    of the zones
  • Records cannot be manually added to the read-only
    zone

1
2
3
20
Discussion Comparing DNS Options for Branch
Offices
  • What options other than read-only DNS are
    available for implementing DNS in the branch
    office?
  • What are the advantages and disadvantages of
    each option?

21
Lab Configuring AD DS and DNS Integration
  • Exercise 1 Configuring Active Directory
    Integrated Zones
  • Exercise 2 Configuring Read-Only DNS Zones

Logon information
Virtual machine NYC-DC1, MIA-RODC
User name Administrator
Password Paw0rd
Estimated time 45 minutes
22
Lab Review
  • What would be the advantage to storing the Active
    Directory integrated DNS zones in a custom
    application partition instead of the default
    partitions?
  • What steps could you take to recover the SRV
    resource records if they were deleted or
    corrupted?
  • Who can create Active Directory integrated zones?

23
Module Review and Takeaways
  • Review questions
  • Module key points

24
Beta Feedback Tool
  • Beta feedback tool helps
  • Collect student roster information, module
    feedback, and course evaluations.
  • Identify and sort the changes that students
    request, thereby facilitating a quick team
    triage.
  • Save data to a database in SQL Server that you
    can later query.
  • Walkthrough of the tool

25
Beta Feedback
  • Overall flow of module
  • Which topics did you think flowed smoothly from
    topic to topic?
  • Was something taught out of order?
  • Pacing
  • Were you able to keep up? Are there any places
    where the pace felt too slow?
  • Were you able to process what the instructor said
    before moving on to next topic?
  • Did you have ample time to reflect on what you
    learned? Did you have time to formulate and ask
    questions?
  • Learner activities
  • Which demos helped you learn the most? Why do you
    think that is?
  • Did the lab help you synthesize the content in
    the module? Did it help you to understand how you
    can use this knowledge in your work environment?
  • Were there any discussion questions or reflection
    questions that really made you think? Were there
    questions you thought werent helpful?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Module 2: Configuring Domain Name Service for Active Directory" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!