CREATING THE PHYSICAL DESIGN FOR AN ACTIVE DIRECTORY AND NETWORK INFRASTRUCTURE

To host an Active Directory integrated zone, a DNS server must also be a domain controller.

Incremental Zone Transfer (IXFR) allows for more frequent zone transfer and thereby increases accuracy of zone information.

Caching-only DNS servers should be used with a small remote office that has a relatively slow link back to the main office. These servers are not authoritative for a zone and therefore do not perform zone transfer. This conserves available bandwidth on the slow link.

Conditional forwarding is new to Windows Server 2003. This service allows all queries for a particular namespace to be forwarded directly to the server that hosts that namespace. Doing so increases the efficiency of name resolution on a network.

The Global Catalog (GC) contains all the objects in the Active Directory forest. It is used by computers, users, and applications to search the Active Directory. Domain controllers can be set to also be a GC server. You should have at least one GC server per site.

The schema is a list of all the object classes and attributes in the Active Directory and the rules associated with combining them to create objects. There is only one schema per Active Directory. You should only modify the schema when no other alternative exists.

Flexible Single Master Operation (FSMO) roles include the schema master and domain naming master (one per forest) and the PDC emulator, RID master, and infrastructure master (one per domain).

To make changes to the schema, a person with an account in the Schema Admins group must be able to make contact with server holding the schema master role.

To add or delete a domain from a forest, a person with an account in the Enterprise Admins group must be able to make contact with the server holding the role of domain naming master.

The PDC emulator emulates the NT 4.0 BDC for mixed mode domains, keeps the time, and is the final authority of password changes for each domain. There is only one PDC emulator per domain.

The RID master ensures that all domain security IDs remain unique for each domain.

The infrastructure master keeps track of group-to-name references in each domain.

Seizing an FSMO role from a computer is a risky operation and should be performed only as a last resort. The most likely role to be seized is the PDC emulator role because it is the role that will be missed the soonest.

There are four editions of Windows Server 2003: Standard, Web, Enterprise, and Datacenter. Web Edition cannot be used as a domain controller.

The L2TP and PPTP tunneling protocols are used for VPNs. PPTP is the oldest of the two. Windows 2000 Professional and later clients support L2TP natively. Windows 98 and Windows NT have an L2TP client that can be downloaded from Microsoft.

Physically placing a server between the Internet and the other servers on a private network can provide additional authentication and security for a network while letting the other servers keep more services available for those who are authorized.

Public IP addresses should be registered through the Internet Corporation of Assigned Names and Numbers (ICANN) or one of its registries located throughout the world.