RE: DNS and Active Directory

From: Thomas Fortner (thomas.fortner_at_sbcglobal.net)
Date: 03/18/04

  • Next message: Rodolfo J. Paiz: "Re: Evolution problem" 
    To: Red Hat Support List <redhat-list@redhat.com>
Date: Thu, 18 Mar 2004 10:47:54 -0600

    Okay, please don't rip my head off here for asking a MS question, but I
    figured I would get a slightly less biased answer here. That being
    said....
    We are upgrading our Exchange 5.5 server to Exchange 2003. We are a
    mixed shop with Linux and Windows. (There are numerous other systems,
    mostly of the *nix variety) While I tried to edge them to use
    Communitgate Pro, Contact, or OpenExchange, they decided there would be
    less impact on users if we stayed with Exchange.
    Now comes my issues, I feel like Alice falling down the rabbit hole
    here. In reading the docs for Exchange 2003, it says it needs Active
    Directory. Great, so now I have to learn Active Directory and futz with
    that. Now I am setting up Active Directory, flying by the seat of my
    pants, and it says that it wants its own DNS server in order to work
    properly. All my DNS servers are Linux based.
    Can Active Directory work with Linux based DNS? I thought I recalled a
    few of you saying you had Exchange 2000/2003 running, just wanted to
    know how you did it.
    Any help would be appreciated. 

    --
Edward M. Croft
Sr. Systems Engineer
Open Ratings, Inc.
200 West Street
Waltham, MA 02451-1121
Hi Edward,
Actually the answer is both yes and no. Yes, you can make Bind 9 work
with Active Directory, but it will not resolve NetBIOS names, which
Active Directory requires for file/print sharing. When you set up an
Active Directory domain controller, it requires an Active Directory
enabled DNS server, something Bind cannot do. Active Directory has
hidden objects in the DNS records that don't appear in the zone files
because they are embedded in the registry. Also, to find a domain
controller to authenticate Windows clients, you must have SRV resource
records in the zone, something Bind 9 supports but I've never tried it
so I can't say how well it works.
Another issue you will face is the matter of broadcast storms from
browse master elections. Domain controllers win those elections when
they exist, but every new client starting up forces a new browse master
election. You can limit this by using Samba and set the "OS level" value
to 65 or greater and the Samba server will win all the elections, and
then you can use Samba's WINS server to handle your workstation browse
requests.
I would try to make the Exchange Server a domain controller and a DNS
server. This would reduce the amount of traffic created by the Exchange
server and its clients since they use DNS and not WINS. For file and
Print sharing I would use Samba, and make the Samba server use the
Active Directory server to authenticate the Windows clients. You didn't
say whether you have Win9x or NT4 or < clients, but these require mixed
mode for Active Directory to work with them as they don't support Active
Directory in native mode.
Microsoft's approach to open standards is called "embrace and extend,"
which is another way to make an open standard a Microsoft proprietary
architecture. This makes cross platform networking a series of stubborn
obstacles and causes network engineers to loose their hair. I've been
doing this stuff for 13 years, so if you have any other questions,
please feel free to email me directly and we can continue this without
filling the group with Microsoft protocol issues.
Tom
Thomas S. Fortner 
Burleson, Texas 
thomas.fortner@sbcglobal.net 
"but we preach Christ crucified..."  1 Corinthians 1:23 



    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Rodolfo J. Paiz: "Re: Evolution problem"

    Relevant Pages

    • Re: NT to W2K3 Migration
      ... How to Upgrade from Windows NT Server 4.0 ... Best Practice Active Directory Design for Managing Windows Networks ... ensure that you have designed a DNS ...
      (microsoft.public.windows.server.active_directory)
    • Re: Migrating NT4 to Windows 2003
      ... Migrating from Windows NT Server 4.0 to Windows Server 2003 ... How to Upgrade from Windows NT Server 4.0 ... Best Practice Active Directory Design for Managing Windows Networks ... ensure that you have designed a DNS ...
      (microsoft.public.windows.server.active_directory)
    • Re: NT Domain to AD migration
      ... Windows 2000/XP always prefer Kerberos authentication, ... Server 2003 Active Directory service, ensure that you have designed a DNS ...
      (microsoft.public.windows.server.active_directory)
    • Re: Connection to a SAMBA Active Directory
      ... Keep in mind that you're trying to setup a NT4 style trust ... if you setup the Exchange as a resource forest model, ... domain and the Exchange server in another domain will work. ... I am able to define a 2 way Realm trust using the Active Directory ...
      (microsoft.public.exchange.connectivity)
    • Re: 2003 Migration
      ... Best Practice Active Directory Design for Managing Windows Networks ... Windows Server 2003 Tools ... ensure that you have designed a DNS and Active ...
      (microsoft.public.windows.server.active_directory)