Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AD structure and DNS hierarchy

0 views
Skip to first unread message

April

unread,
Nov 7, 2006, 8:32:06 PM11/7/06
to

Is there any guideline or best-practice on designing AD and the
matching DNS, such that, just an example, may not be right though, AD
Domains or OUs matching DNS top level domains and 2nd level domains,
etc

Thanks.

Danny Sanders

unread,
Nov 8, 2006, 12:17:14 PM11/8/06
to
See:
http://support.microsoft.com/kb/814591/en-us
http://support.microsoft.com/kb/291382/en-us
http://support.microsoft.com/kb/825036/en-us
http://support.microsoft.com/kb/323380/en-us

hth
DDS

"April" <xiaoxi...@yahoo.com> wrote in message
news:1162949526.7...@m73g2000cwd.googlegroups.com...

April

unread,
Nov 8, 2006, 11:57:15 PM11/8/06
to

Thanks but none of them addresses DNS architecture design issues to
support AD?

Danny Sanders

unread,
Nov 9, 2006, 12:09:31 PM11/9/06
to
> Thanks but none of them addresses DNS architecture design issues to
> support AD?

That is exactly what they are? Articles that address the design of DNS to
support AD.

These are articles on setting up DNS to work in and AD domain.
One details MS suggested DNS set up for Clients of an AD domain.
One details how one would install DNS on a domain controller to support an
AD domain
One details how to configure DNS so clients of the AD domain can access the
Internet.
One answers various questions about the setup of DNS on an AD domain.

Using these four articles you can set up DNS on an AD Forest.

Using articles 814591, 825036, and 323380 you can set up DNS to support an
AD domain.

There is a section in article 291382 about how to create a child domain and
delegate the DNS name space to the child domain.

Using that article you can set up multiple domains in an AD forest.

>> > Is there any guideline or best-practice on designing AD and the
>> > matching DNS, such that, just an example, may not be right though, AD
>> > Domains or OUs matching DNS top level domains and 2nd level domains,
>> > etc

These four articles walk you through setting up DNS to support AD domains
and second level domains (child domains) for AD.

OU's *really* don't have anything to do with DNS.

If those articles don't answer your question I'm not sure what you are
*really* asking.

hth
DDS


"April" <xiaoxi...@yahoo.com> wrote in message

news:1163048234.9...@h54g2000cwb.googlegroups.com...

April

unread,
Nov 9, 2006, 9:29:46 PM11/9/06
to

thanks for the reply ...

what I'm looking for is the correlation between the DNS tree structure
and the AD domain hierarchy, if there any, as the "best practice"..

Herb Martin

unread,
Nov 9, 2006, 10:45:24 PM11/9/06
to
"April" <xiaoxi...@yahoo.com> wrote in message
news:1163125786.9...@m73g2000cwd.googlegroups.com...

>
> thanks for the reply ...
>
> what I'm looking for is the correlation between the DNS tree structure
> and the AD domain hierarchy, if there any, as the "best practice"..

Says but it isn't normally stated as a "Best Practice" since
it is effectively mandatory:

You must ensure that every internal computer (in any domain
of the forest) can find every DCs or other resource it might
ever need within that Forest.*)

*Technically "Forest" here should read as "Trusting Domain"
whether in the forest or not but let's keep it simple.

That is really it.

But effectively this means that every DNS server in the domain
must EITHER be holding every name needed (Primary or
Secondary for the zones) OR be able to find those it does not
actually hold (through Conditional Forwarding, Stub zones,
or Delegation.)

Delegation can be direct (to child zones) or indirect from
any other DNS zone the DNS server can find directly.

That is really the extent of the Necessary and Best
Practices.

Generally you should try to use AD Integrated DNS as
much as practical which is another Best Practice but isn't
always possible/practical.

There are a few more guidelines you will find in the
articles already suggested but they will neither change
the rules nor give you automatic answers to any design
choices UNTIL you have an actual deployment context
to guide those decisions.

For instance, Conditional Forwarding and Stub Zones
may seem almost indistinguishable in effect but in SOME
situations (usually large deployments) there are subtle
differences that can become critical distinctions.

Or, most of the time, an AD Integrated DNS using Forest
Wide Replication can be a great choice but you cannot
do this (seamlessly) as long as you use Win2000 DNS-DCs
anywhere in that forest.

Rooted hierarchies would be an obvious choice even in
Win2000 but most companies need to resolve the Internet
which has it's own root and DNS servers cannot directly
use more than one ROOT zone.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

0 new messages