Scribd
Upload
24 views2 pages

AD Domain Name Integration Best Practices

When integrating Active Directory Domain Services (AD DS) with an existing DNS namespace, install the DNS Server service on all domain controllers to provide fault tolerance. Configure the forest root domain controller to host the DNS zone for the AD forest. Configure domain controllers to host DNS zones corresponding to their domains. Existing client computers may have a previous DNS name registered, and will get a new fully qualified domain name when joined to a domain upgraded to Windows Server 2008 AD DS, but can still be located by either name. To use Kerberos authentication when connecting to older Windows servers, clients must use the primary name.

Uploaded by

JoshO'Neill
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views2 pages

AD Domain Name Integration Best Practices

When integrating Active Directory Domain Services (AD DS) with an existing DNS namespace, install the DNS Server service on all domain controllers to provide fault tolerance. Configure the forest root domain controller to host the DNS zone for the AD forest. Configure domain controllers to host DNS zones corresponding to their domains. Existing client computers may have a previous DNS name registered, and will get a new fully qualified domain name when joined to a domain upgraded to Windows Server 2008 AD DS, but can still be located by either name. To use Kerberos authentication when connecting to older Windows servers, clients must use the primary name.

Uploaded by

JoshO'Neill
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Joshua ONeill

NT1330
Client-Sever Networking II
10/1/14
When integrating AD DS with an existing DNS namespace, we recommend that
you do the following: Install the DNS Server service on every domain controller in the
forest. This provides fault tolerance if one of the DNS servers is unavailable. In this way,
domain controllers do not need to rely on other DNS servers for name resolution. This
also simplifies the management environment because all domain controllers have a
uniform configuration. Configure the Active Directory forest root domain controller to
host the DNS zone for the Active Directory forest.
Configure the domain controllers for each regional domain to host the DNS
zones that correspond to their Active Directory domains. Configure the zone containing
the Active Directory forest-wide locator records to replicate to every DNS server in the
forest by using the forest-wide DNS application directory partition.
A computer might have a different existing DNS name if the organization
previously, statically registered the computer in DNS or if the organization previously
deployed an integrated Dynamic Host Configuration Protocol (DHCP) solution. If your
client computers already have a registered DNS name, when the domain to which they
are joined is upgraded to Windows Server 2008 AD DS, they will have two different
names: The existing DNS name. The new fully qualified domain name (FQDN) Clients
can still be located by either name. Any existing DNS, DHCP, or integrated DNS/DHCP
solution is left intact. The new primary names are created automatically and updated by
means of dynamic update. They are cleaned up automatically by means of scavenging.
If you want to take advantage of Kerberos authentication when connecting to a server

Joshua ONeill
NT1330
Client-Sever Networking II
10/1/14
running Windows 2000, Windows Server 2003, or Windows Server 2008; you must
make sure that the client connects to the server by using the primary name.

You might also like