Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 5
lượt xem 4
download
Module 5: Integrating domain name system and active directory. This module provides you with the ability to manage integration between Active Directory directory service and Domain Name System (DNS).
Bình luận(0) Đăng nhập để gửi bình luận!
Nội dung Text: Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 5
- Module 5: Integrating Domain Name System and Active Directory
- Overview • Configuring Active Directory Integrated Zones • Configuring DNS Dynamic Updates • Understanding How Active Directory Uses DNS
- Lesson: Configuring Active Directory Integrated Zones • Active Directory Integrated Zones • Why Use Active Directory Integrated Zones? • Replicating Active Directory Integrated Zones • DNS and Active Directory Partitions • Configuring DNS to Use Active Directory Partitions • Practice: Configuring Active Directory Integrated Zones
- Active Directory Integrated Zones Active Directory integrated zones store DNS zone data in the Active Directory database Requirements: Active Directory must be installed DNS service must be installed to service client requests Domain Contoso.m Controller sft DNS Server
- Why Use Active Directory Integrated Zones? Standard Zones Change s Primar Second Second Active y ary ary Directory Integrated Change s Zones Primary Change Change s s Primar Primary y
- Replicating Active Directory Integrated Zones Active Directory integrated zones are replicated by Active Directory Active Directory replication is: Secure and encrypted Multimaster Montreal Site Intrasite replication occurs frequently and is uncompressed Intersite replication traffic is compressed Denver and scheduled Site
- DNS and Active Directory Partitions A DNS zone can be stored in the domain partition or in an application partition Administrators can define the replication scope of application partitions DomainDNSzones and forestDNSzones are default application partitions that store DNS-specific data Domai Domai n Config n Domai Sche Config Sche n ma Config App1 ma Sche App1 App2 ma
- Configuring DNS to Use Active Directory Partitions Windows Server 2003 domain controllers can store Active Directory integrated zones in application partitions To all domain controllers in the Active Directory domain Domain To all domain controllers that Config are DNS servers in the Active Schema Directory domain DomainDNSZ To all domain controllers that one ForestDNSZo are DNS servers in the Active nes Directory forest CustomApp To all domain controllers in the replication scope for the application partition
- Practice: Configuring Active Directory Integrated Zones In this practice, you will: – Create an Active Directory integrated zone – Change the replication scope of an Active Directory integrated zone – Create an application directory partition
- Lesson: Configuring DNS Dynamic Updates • Multimedia: Overview of DNS Dynamic Updates • What Are Dynamic Updates? • How DNS Clients Register Resource Records • How DHCP Servers Register Resource Records • How Active Directory Integrated DNS Zones Use Secure Dynamic Updates • Practice: Configuring DNS Dynamic Updates
- Multimedia: Overview of DNS Dynamic Updates • This multimedia presentation will provide a highlevel overview of DNS dynamic updates • At the end of this presentation, you will be able to: – Explain why DNS dynamic updates are important – Explain the difference between manual and dynamic updates – Explain how DHCP performs dynamic updates on the behalf of its clients – Define secure dynamic updates
- What Are Dynamic Updates? A dynamic update is the process of a DNS client automatically updating records in DNS Dynamic updates: Reduce administrative overhead Streamline management of resource records A manual update is the process of an administrator manually updating records in DNS Manual updates: • Provide greater control over resource records • Increase administrative overhead • Should be used for Internet DNS servers
- How DNS Clients Register Resource Records Client sends SOA 1 query DNS server sends DNS Resour 2 zone name and Server ce server IP address Record s Client verifies 3 existing registration 1 2 3 4 5 DNS server responds by stating that 4 registration does not exist Client sends 5 dynamic update to DNS server Windows Windo Windo Server ws XP ws 2003 2000
- How DHCP Servers Register Resource Records DHCP client requests 1 an IP lease DHCP server grants DNS Resour 2 an IP lease Server ce DHCP server Record 3 generates client’s s FQDN DHCP server 3 4 updates the client’s 4 forward and reverse records in DNS 1 2 Windows Server IP Address Downlev 2003 Running Lease el DHCP DHCP Client
- How Active Directory Integrated DNS Zones Use Secure Dynamic Updates A secure dynamic update is accepted only if the client has the proper credentials to make the update Local Find authoritative DNS se er rvsu Serv Re lt er Find au thoritat sReerver ive Attemp sult t nonse cure up date Refus Secure Windows XP updaetde negotia DNS Client tion Accepte d Domain Controller with Active Directory Integrated DNS Zone
- Practice: Configuring DNS Dynamic Updates In this practice, you will: – Verify secure dynamic updates – Verify dynamic update settings in DHCP
- Lesson: Understanding How Active Directory Uses DNS • What Are Service Locator Records? • How SRV Records Are Registered • How Domain Controllers Are Located • Locating Domain Controllers in the Closest Site • Practice: Understanding How Active Directory Uses DNS
- What Are Service Locator Records? SRV records allow DNS clients to locate A domain controller TCP/IP-based Services. needs to replicate SRV records are used when: A client searches Active Directory A user attempts to change his or her password An Exchange 2003 server performs a directory lookup An administrator modifies Active Directory SRV record syntax: protocol.service.name TTL class type priority weight port target Example of a SRV record _ldap._tcp.contoso.msft 600 IN SRV 0 100 389 den-dc1.contoso.msft
- How SRV Records Are Registered To register SRV records, consider the following: The Net Logon service is responsible for updating SRV records in DNS DNS dynamic updates should be enabled %systemroot %\system32\config\netlogon.dns contains the SRV records that are registered
- How Domain Controllers Are Located Locator initiates a call to Net Logon service 1 Locator collects information about the client 2 Net Logon uses the information and queries DNS 3 for SRV records Net Logon tests connectivity to target 4 servers 5 Domain controllers respond, indicating that they 6 are operational 7 Net Logon returns the information to clients Net Logon caches the information and uses it to connect to the domain controllers
CÓ THỂ BẠN MUỐN DOWNLOAD
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 1
31 p | 51 | 5
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 10
46 p | 71 | 5
-
Course 2277C: Implementing, managing, and maintaining a Microsoft® Windows Server™ 2003 network infrastructure: Network services
13 p | 55 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 7
30 p | 50 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 11
16 p | 35 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 4
43 p | 42 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 2
24 p | 48 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 3
20 p | 63 | 3
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 8
15 p | 36 | 3
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 9
24 p | 51 | 3
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 6
20 p | 41 | 3
Chịu trách nhiệm nội dung:
Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA
LIÊN HỆ
Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM
Hotline: 093 303 0098
Email: support@tailieu.vn