Windows 2003 Active Directory Application article

Source: Internet
Author: User
Tags ldap protocol rfc dns names

The first few we talked about the basics of Active Directory and installation configuration, highlighting the advantages of some Active Directory, but it is not a stand-alone service, it is in conjunction with some of the previous protocols and services before the successful implementation, such as DNS, LDAP protocol and the perfect combination of Active Directory, Site concept of the application, etc. are very prominent evidence. Below we will introduce each of these several technology.

The application of DNS in Active Directory

Win2K as a brand new operating system, its biggest feature is the introduction of Active Directory, and the Active Directory is one of the biggest feature of the DNS and Active Directory tightly together. The Active Directory uses the domain Name service DNS as its location service and extends the standard DNS. Because DNS is the most widely used location service, DNS is used not only on the Internet, but also in many enterprise internal networks as a location service. In the network system built by using WINNT4.0, the unique identification information of each host is its NetBIOS name, which resolves the NetBIOS name to the corresponding IP address by means of the WINS service, the information broadcast way and the Lmhost file, thus realizes the information communication. In the Internal network system (which is commonly referred to as the LAN), the use of NetBIOS name to achieve information communication is very convenient and fast. But the only identifying information on the Internet for a host is the domain name in its FQDN format (such as www.163.com), which uses DNS standards to resolve domain names to their corresponding IP addresses. If the network system built by WINNT4.0 is connected with the Internet, every host in the NT network also has the corresponding domain name, and its domain name is resolved through the DNS service supported by WINNT4.0. In the WINNT4.0 configuration and implementation of DNS is entirely manual to plan, design and implementation, by the above visible, in WINNT4.0 network system, each host has both NetBIOS name and domain name, but the actual meaning is basically the same, this to a certain extent, increased the management burden of network administrators, At the same time, the entire network management seems more confusing.

In the Active Directory of Win2K, the most basic unit is domain, which organizes the domain to form a tree through the schema of the parent and child domains, and a completely two-way trust between the parent domain and the subdomain, and the trust relationship is passed, and its organizational structure is similar to that of the DNS system. Naming policies in the Active Directory are basically implemented according to Internet standards, and in accordance with DNS and LDAP3.0 two standards, domains in the Active Directory and domains in the DNS system use the exact same naming method, that is, the domain name in the Active Directory is the DNS domain name. Then, in the Active Directory, DNS is relied on as the location service, and the implementation resolves the name to an IP address. So when we build the Active Directory using Win2K, we must install the appropriate DNS at the same time, regardless of whether the user implements IP address resolution or logon authentication, it uses DNS to locate the server in the Active Directory. This tight integration of the Active Directory with the DNS system means that the Active Directory is ideal for both the Internet and Intranet environments, which is a reflection of Microsoft's idea of creating a network operating system for the Internet. Organizations can connect active directories directly to the Internet to simplify information communication with customers and partners. In addition, the DNS service in Win2K allows customers to dynamically update resource records using the DNS dynamic update protocol (RFC 2136) to improve DNS management performance by shortening the time to manually manage these same records. Computers running Win2K can dynamically register their DNS names and IP addresses.

Because the Active Directory is already integrated with DNS, the NetBIOS name in Win2K is gradually becoming meaningless, and the corresponding WINS service is also in the process of being phased out. In order to effectively play the dynamic characteristics of wins in Winnt, we usually integrate DNS with WINS, so that we can get more accurate parsing results. However, WINS is not an Internet standard protocol, and the DNS solution for dynamically maintaining machine names and IP address tables is dynamic DNS. Dynamic DNS does not require WINS because it allows clients that dynamically assign IP addresses to register directly with the DNS server and update the DNS tables immediately.

Win2K supports dynamic DNS, and machines running the Active Directory service can dynamically update DNS tables. The WINS service can no longer be required in the Win2K network, but Win2K still supports wins because of backward compatibility. So if the network system no longer uses wins, how does the client locate the domain controller when the user logs on to the network? This is because Win2K extends the standard DNS when implementing DNS, adding a new record type SRV record in the DNS table that points to the domain controller of the Active Directory. So if your network system is fully upgraded to Win2K, then you can no longer use the WINS service. In Win2K, this integration also becomes unnecessary because of the support for the Dynamic update protocol (RFC 2136). DNS, an open protocol widely used on the internet, consisting of a series of interpretation requests (RFCS) standards, has become a unified and standardized specification in network technology. Win2K's goal is to be widely used in the Internet and intranet environments, its name resolution model should be fully compliant with a single DNS standard.

The above is mainly about the application of DNS in the Active Directory, but perhaps someone to ask the original in WINNT4.0 did not use the Active Directory, only DNS to resolve the domain name, in the End Active Directory and DNS what is the difference between them and how to combine it? Here's a concrete story.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.