Win2K Active Directory
#1
Ok first off I'm a Network person (as in routers) so be gentle.
I think I understand how the "old" (NT etc) windows networking used to work. Domains, WINS and separate DNS etc.
Now we have a project where a client is attempting to VPN between two Win2K servers. They are having trouble getting the domain aithentication working.
The question is:- With a Win2K domain, does it HAVE to be active directory. If it is Active directory does that mean there HAS to be a common DNS between the servers. Does that have to be automated (zone transfers) or could the DNS be manually configured on the 2 servers. This is a small closed (2/3 servers) domain (though geographically spread). Users are not connecting.
Anyone got simple answers to the above or some good concise "Active Directories for Dummies" style sites ?
Thanks
Deano
I think I understand how the "old" (NT etc) windows networking used to work. Domains, WINS and separate DNS etc.
Now we have a project where a client is attempting to VPN between two Win2K servers. They are having trouble getting the domain aithentication working.
The question is:- With a Win2K domain, does it HAVE to be active directory. If it is Active directory does that mean there HAS to be a common DNS between the servers. Does that have to be automated (zone transfers) or could the DNS be manually configured on the 2 servers. This is a small closed (2/3 servers) domain (though geographically spread). Users are not connecting.
Anyone got simple answers to the above or some good concise "Active Directories for Dummies" style sites ?
Thanks
Deano
#2
I'm no expert so take this with a pinch of salt.
1)A Win2k domain does not have to be AD. You can still base it on the old NT4 type domain.
2)If AD then has to have common DNS name. As in *.*.*.mycorp.com etc...
3)DNS has to be automated zone transfers as the AD DNS has extra record type in. Don't think there is an option for manually configuring it. But then that defeats AD if there was ?!?!?
H
-Disclaimer, the above may be total b0ll0cks. I haven't implemented it at this site yet. But its on the cards so I better brush up on AD
1)A Win2k domain does not have to be AD. You can still base it on the old NT4 type domain.
2)If AD then has to have common DNS name. As in *.*.*.mycorp.com etc...
3)DNS has to be automated zone transfers as the AD DNS has extra record type in. Don't think there is an option for manually configuring it. But then that defeats AD if there was ?!?!?
H
-Disclaimer, the above may be total b0ll0cks. I haven't implemented it at this site yet. But its on the cards so I better brush up on AD
#4
Its point 3 I'm interested in. If there are only 2 servers and no users - whats going to change ? Surely in that situation manual DNS could be used ?
In affect we would like to run AD between servers where NAT (the VPN would not be Natted cos it goes a different route) is used so each end should have a different view of the IP Addresses. Is this possible, the more I read and think the more I'm thinking no......
Deano
p.s. Wifey working late. I have to do some work installing custom maps on the LAN server but that shouldn't take too long Then its off for some fraging
[Edited by dsmith - 1/15/2002 5:25:33 PM]
[Edited by dsmith - 1/15/2002 5:27:50 PM]
In affect we would like to run AD between servers where NAT (the VPN would not be Natted cos it goes a different route) is used so each end should have a different view of the IP Addresses. Is this possible, the more I read and think the more I'm thinking no......
Deano
p.s. Wifey working late. I have to do some work installing custom maps on the LAN server but that shouldn't take too long Then its off for some fraging
[Edited by dsmith - 1/15/2002 5:25:33 PM]
[Edited by dsmith - 1/15/2002 5:27:50 PM]
#6
Ok Deano, I'm kinda awake now
DNS with AD. You can configure the DNS manually if you want. AD can cope with that. But you have to add the SRV(RFC 2052) records to the DNS. The SRV records after an AD installation in located in WINNT\System32\Config\Netlogon.dns.
If recommend leaving the DNS servers to automatically update themselves as they support Incremental zone transfers which keeps data to a minimum. It only does new or modified resource records anyway.
Some notes :
SRV(RFC 2052)
Incremental zone tranfers(RFC 1995)
Dynamic update protocol(RFC 2136)
Get these here
H
-slightly more awake but confusing myself with all this techno jargon
DNS with AD. You can configure the DNS manually if you want. AD can cope with that. But you have to add the SRV(RFC 2052) records to the DNS. The SRV records after an AD installation in located in WINNT\System32\Config\Netlogon.dns.
If recommend leaving the DNS servers to automatically update themselves as they support Incremental zone transfers which keeps data to a minimum. It only does new or modified resource records anyway.
Some notes :
SRV(RFC 2052)
Incremental zone tranfers(RFC 1995)
Dynamic update protocol(RFC 2136)
Get these here
H
-slightly more awake but confusing myself with all this techno jargon
Thread
Thread Starter
Forum
Replies
Last Post
domu
ScoobyNet General
7
03 October 2015 03:46 AM