Active directory

pparks1 said:

ajishb03 said:

Thank you for your reply too. Ok if internet is not required for active directory to work, then that means DNS server works for intranet as well??? Because I learned active directory cannot work without DNS server and I thought DNS server works only for internet. If DNS works for intranet (locally) then why we use www.x.com for domain.. could www be used locally for an intranet???

It is true that Active Directory relies on DNS to work. And when you install a server and run dcpromo, it will allow you to install a DNS server as well. Even on a network without internet access, you will have an internal DNS namespace. For example, EXAMPLE.LOCAL. Therefore, if you named your server Pablo, you would have a host called pablo.example.local. And you might have a workstation named tiger and a workstation named lion, thus you would have tiger.example.local and lion.example.local. All DNS is is a way to resolve hostnames on a network, it doesn't matter whether that network is a small private network, a larger corporate network, or on the Internet.

fabulous......cleared..thanks...

Lemur said:

ajishb03 said:

2xg said:

Hi ajishb03,

If you are up for a big challenge, you may configure your Windows 2008 Server as a Domain Controller, AD will be created automatically. It is always a good practice to configure DHCP and don't forget the DNS from the Server, then you may create/add all 10 Users in AD Users & Computers - see Lemur's Post on how to join a computer in your Domain Controller.

If you decide not to configure DHCP in your Server, you may enable DHCP from your Router (it will create conflict if your have both enabled). Make sure that all your 10 PC's have DHCP or Auto IP Enabled, they will have to receive the IP Addresses from your Router or Server. You will get the IPIPA Addressing if the IP is not configured properly from your network.

If this is the first time that you are setting up a Domain Network, you will need to do a lot of reading and training. A few others will go through some professional In-Person training, I was one of those.

A good Tutorial here on how to configure a Windows 2008 Server as your first DC.

You don't have to have a Domain Network, Workgroup will also do.

Hope this helps.

Thank you so much... so do you mean we could set an active directory on a work group as well. ??

With a workgroup, all administration would be done at the local pc. Not appropriate for AD. The domain provides a single point of administration (e.g., login script, policies, accts, etc). Stay with the domain for active directory.

thank you

cluberti said:

ajishb03 said:

Thank you for your reply too. Ok if internet is not required for active directory to work, then that means DNS server works for intranet as well??? Because I learned active directory cannot work without DNS server and I thought DNS server works only for internet. If DNS works for intranet (locally) then why we use www.x.com for domain.. could www be used locally for an intranet???

Woah, hold on there .

So, what you had heard is partially correct - Active Directory (any server version, any domain or forest level) absolutely requires DNS to work. Everything in active directory itself relies on DNS in some way, shape, or form, and without it AD doesn't work, computers can't authenticate, join the domain, etc. So, yes, DNS is required for Active Directory to work, and that is why you really want to install the DNS server role on your server before you install and enable the Active Directory role (the AD installation wizard will configure DNS properly for you after asking you a few questions about your domain).

However, having a DNS domain does not have anything to do with the internet - in fact, almost every AD domain out there in existence doesn't have any integration with internet-facing DNS servers short of forwarding or discovery. Also, using a root-level DNS domain for an internal domain structure, unless you are using it specifically for that purpose, is neither recommended nor a good/best practice. For example, if you owned the domain "mydomain.com", and you wanted to use that for Active Directory, that would break things like www.mydomain.com, unless you added an A record into DNS manually (or actually had a host called www in your domain - also not a good idea, in either case ).

What you should be doing, is using the name of a new subdomain of "mydomain.com", perhaps called "ad.mydomain.com", when you set up your AD infrastructure. That will create an Active Directory Forest root called "ad.mydomain.com", and the netbios domain name (unless you changed it) would be "AD". You could then easily create child domains in this forest later (for example, "sales.ad.mydomain.com" or "marketing.ad.mydomain.com") as necessary. Again, NONE of this has anything to do with the public "mydomain.com" other than you are now using it as part of your DNS naming structure for AD.

Hopefully that makes some sense - if it doesn't, I strongly suggest doing a little more reading/research into AD itself, as these are pretty basic questions about the foundations of Active Directory.
How DNS Support for Active Directory Works: Active Directory

yup i am researching thanks...

why some domains have 2 domain controllers ? Is this for load balancing?

I actually wanted to work out how active directory work in corporate world as I dont have any experience in working with active directory.
DNS has all the records for the domain which is distributed in different zones like primary and secondary. Now in the domain we have users. Now my question is what sort of records or resources are the user updating in the DNS for eg. the concept of dynamic update and non dynamic update. And why the updates should sometimes be secure?

If the user logins to the given credentials to him or her and if he uses internet to browse how this could be related to the DNS dynamic update??