Preparing for Active Directory

Do you have your domain name and DNS services ready?

Windows 2000 (Win2K) is—or soon will be—in your hands. You should have dealt with two Active Directory (AD) concerns: your domain name and your DNS servers. After all, if you plan to implement Win2K in your organization, AD is an essential part of that implementation because so much of Win2K's new functionality relates to AD.

The first AD concern is external: registering your domain name. Many longtime Internet users have registered their private and business domain names, but Internet novices haven't. One such newcomer, Andrew Giddings, who is Webmaster and keyboard player for the band Jethro Tull, told me that he watched different permutations of the band's name disappear as he tried to find a suitable domain name to register for the band's new Web site. DomainBanc owns many permutations of the jethrotull domain. So, Giddings ended up registering as the official Web site for a band that has been established for more than 30 years.

Domain name pirates sit on domain names and hope to extort a few dollars from businesses that have vested interests in those domains. The US government is contemplating getting involved in this hijacking business. This action is in response to the reaction of Senator Orrin Hatch, who discovered that someone was holding a ransom on his choice for a domain name for his presidential campaign Web site, hatch2000.

An easy-to-remember domain name is an essential part of a business identity, so a business needs to use a name that reinforces its identity. In Win2K, a company will use that domain name as an identifier for every object in its directory, so AD users need to be comfortable with the domain name that they use.

The second, more serious AD concern is an infrastructure problem: Who hosts your DNS servers. Any mixed Windows NT and UNIX environment or any environment in which an ISP provides DNS services has about a 90 percent chance that UNIX-based systems (not NT) host the DNS servers.

When Microsoft started to talk about AD and AD's DNS integration, the company said AD would operate with any DNS implementation that is compatible with the standards for dynamic DNS. DDNS is a key piece of the AD model. As the development of AD progressed, Microsoft downplayed the support for non-Win2K DNS servers. At press time, Microsoft claimed that Win2K will be compatible with UNIX's Berkeley Internet Name Domain (BIND) 8.2, but to fully utilize AD's features, you will need to use Win2K's DNS.

Many NT and UNIX systems administrators maintain an uneasy truce. Each group takes responsibility for its respective area of control, and when those areas overlap (such as in providing DHCP services), the administrators hammer out agreements. But the responsibility of providing DNS services cuts to the heart of this cease-fire agreement. UNIX advocates believe that NT isn't stable enough to provide the 24 X 7 service that DNS services require and that the Microsoft DNS implementations aren't sufficiently compatible with the open-source UNIX standards. Win2K and NT advocates believe that Win2K is reliable enough for the 24 X 7 service that DNS servers need (in multiple-server installations) and that Win2K's DNS implementation is easier to manage and maintain than a UNIX-based DNS.

Win2K's position is straightforward: If you want to fully utilize every AD function (e.g., deployment, installation automation), you have to use Win2K's DNS services. The trick will be to find a way to let Win2K's DNS provide services to Win2K and let the UNIX-based DNS retain control over the non-Win2K network components.

Win2K businesses that don't host their DNS services are in more of a bind (no pun intended). DNS server maintenance isn't a trivial matter, and businesses that don't have the expertise inhouse will need to develop or hire knowledgeable personnel—neither option is cheap. Businesses will also need to add at least two DNS servers (i.e., primary and secondary) to the Win2K network. The hardware for these DNS servers is an additional expense, and the Win2K hardware requirements are significant. However, implementing Win2K without AD is fairly pointless.

A business needs to resolve the domain name and DNS services concerns before it can truly begin to implement Win2K. Given the traditional IT approach to an OS rollout, in which the focus is on the OS, you might not have discussed these core concerns. Now might be the time to take a step back from your test configurations and deployment planning to make sure that you're also addressing the business and infrastructure concerns of a Win2K rollout.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.