Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 5

Chia sẻ: Nothing Nothing | Ngày: | Loại File: PPT | Số trang:23

lượt xem

Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 5

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Module 5: Integrating domain name system and active directory. This module provides you with the ability to manage integration between Active Directory directory service and Domain Name System (DNS).

Chủ đề:

Nội dung Text: Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 5

  1. Module 5: Integrating  Domain Name System  and Active Directory 
  2. Overview • Configuring Active Directory Integrated Zones • Configuring DNS Dynamic Updates • Understanding How Active Directory Uses DNS
  3. Lesson: Configuring Active Directory  Integrated Zones • Active Directory Integrated Zones • Why Use Active Directory Integrated Zones? • Replicating Active Directory Integrated Zones  • DNS and Active Directory Partitions • Configuring DNS to Use Active Directory Partitions • Practice: Configuring Active Directory Integrated  Zones
  4. Active Directory Integrated Zones Active Directory integrated zones store DNS zone data in the Active Directory database Requirements: Active Directory must be installed DNS service must be installed to service client requests Domain Contoso.m Controller sft DNS Server
  5. Why Use Active Directory Integrated Zones? Standard Zones Change s Primar Second Second Active y ary ary Directory Integrated Change s Zones Primary Change Change s s Primar Primary y
  6. Replicating Active Directory Integrated  Zones  Active Directory integrated zones are replicated by Active Directory Active Directory replication is:  Secure and encrypted  Multimaster Montreal Site Intrasite replication occurs frequently and is uncompressed Intersite replication traffic is compressed Denver and scheduled Site
  7. DNS and Active Directory Partitions A DNS zone can be stored in the domain partition or in an application partition Administrators can define the replication scope of application partitions DomainDNSzones and forestDNSzones are default application partitions that store DNS-specific data Domai Domai n Config n Domai Sche Config Sche n ma Config App1 ma Sche App1 App2 ma
  8. Configuring DNS to Use Active Directory  Partitions Windows Server 2003 domain controllers can store Active Directory integrated zones in application partitions To all domain controllers in the Active Directory domain Domain To all domain controllers that Config are DNS servers in the Active Schema Directory domain DomainDNSZ To all domain controllers that one ForestDNSZo are DNS servers in the Active nes Directory forest CustomApp To all domain controllers in the replication scope for the application partition
  9. Practice: Configuring Active Directory  Integrated Zones In this practice, you will: – Create an Active Directory integrated  zone – Change the replication scope of an  Active Directory integrated zone – Create an application directory partition
  10. Lesson: Configuring DNS Dynamic Updates • Multimedia: Overview of DNS Dynamic Updates • What Are Dynamic Updates? • How DNS Clients Register Resource Records • How DHCP Servers Register Resource Records • How Active Directory Integrated DNS Zones Use  Secure Dynamic Updates • Practice: Configuring DNS Dynamic Updates
  11. Multimedia: Overview of DNS Dynamic  Updates • This multimedia presentation will  provide a high­level overview of  DNS dynamic updates • At the end of this presentation, you  will be able to: – Explain why DNS dynamic  updates  are important – Explain the difference between  manual and dynamic updates – Explain how DHCP performs  dynamic updates on the behalf of  its clients – Define secure dynamic updates
  12. What Are Dynamic Updates? A dynamic update is the process of a DNS client automatically updating records in DNS Dynamic updates: Reduce administrative overhead Streamline management of resource records A manual update is the process of an administrator manually updating records in DNS Manual updates:  • Provide greater control over resource records • Increase administrative overhead • Should be used for Internet DNS servers
  13. How DNS Clients Register Resource Records Client sends SOA 1 query DNS server sends DNS Resour 2 zone name and Server ce server IP address Record s Client verifies 3 existing registration 1 2 3 4 5 DNS server responds by stating that 4 registration does not exist Client sends 5 dynamic update to DNS server Windows Windo Windo Server ws XP ws 2003 2000
  14. How DHCP Servers Register Resource  Records DHCP client requests 1 an IP lease DHCP server grants DNS Resour 2 an IP lease Server ce DHCP server Record 3 generates client’s s FQDN DHCP server 3 4 updates the client’s 4 forward and reverse records in DNS 1 2 Windows Server IP Address Downlev 2003 Running Lease el DHCP DHCP Client
  15. How Active Directory Integrated DNS Zones  Use Secure Dynamic Updates A secure dynamic update is accepted only if the client has the proper credentials to make the update Local Find authoritative DNS se er rvsu Serv Re lt er Find au thoritat sReerver ive Attemp sult t nonse cure up date Refus Secure Windows XP updaetde negotia DNS Client tion Accepte d Domain Controller with Active Directory Integrated DNS Zone
  16. Practice: Configuring DNS Dynamic Updates In this practice, you will: – Verify secure dynamic updates – Verify dynamic update settings in  DHCP 
  17. Lesson: Understanding How Active Directory  Uses DNS • What Are Service Locator Records? • How SRV Records Are Registered • How Domain Controllers Are Located • Locating Domain Controllers in the Closest Site • Practice: Understanding How Active Directory Uses  DNS
  18. What Are Service Locator Records? SRV records allow DNS clients to locate A domain controller TCP/IP-based Services. needs to replicate SRV records are used when: A client searches Active Directory A user attempts to change his or her password An Exchange 2003 server performs a directory lookup An administrator modifies Active Directory SRV record syntax: TTL class type priority weight port target Example of a SRV record _ldap._tcp.contoso.msft 600 IN SRV 0 100 389 den-dc1.contoso.msft
  19. How SRV Records Are Registered To register SRV records, consider the following: The Net Logon service is responsible for updating SRV records in DNS DNS dynamic updates should be enabled %systemroot %\system32\config\netlogon.dns contains the SRV records that are registered
  20. How Domain Controllers Are Located Locator initiates a call to Net Logon service 1 Locator collects information about the client 2 Net Logon uses the information and queries DNS 3 for SRV records Net Logon tests connectivity to target 4 servers 5 Domain controllers respond, indicating that they 6 are operational 7 Net Logon returns the information to clients Net Logon caches the information and uses it to connect to the domain controllers



Đồng bộ tài khoản