DNS and Active Directory

Unlike Windows NT, a domain name is a DNS domain name in Windows 2000. Several basic guidelines should be followed when developing a naming scheme for new Windows 2000 implementations .

Domain Names

Domain names should follow RFC standards. Although Microsoft Windows 2000 DNS permits relaxed RFC compliance for names, and even allows Unicode names to be registered, you should follow RFCs 1034, 1035, and 1123 when naming domains and computers (see the "Need to Know More?"section at the end of this chapter). This is an especially important rule to follow when interoperability with non-Microsoft DNS is of prime concern. If, however, only Microsoft Windows 2000 DNS servers will be used, you can relax the naming restrictions. Name checking can be relaxed using the DNS MMC snap-in, selecting the Server Properties page, and clicking the Advanced tab, as shown in Figure 4.1.

Registered Domain Names

Companies wanting to conduct business on the Internet must obtain a registered domain name. Getting a registered name means that two companies cannot have or own the same name.

You can install Active Directory using a nonregistered name, but this is a very unwise idea. First, setting up email or Web servers with Internet access is impossible without a registered name. Even if an organization has no plans in the near future to connect to the Internet (hard to believe!), connecting at a later date will be impossible if some other company has registered the name in the meantime. Name registration is extremely inexpensive and should be a required step for any new Active Directory installation.

The other problem with a nonregistered name is that a merger could occur in which both companies have selected the same nonregistered domain name. Although the probability of such a merger occurring might be statistically small, Murphy's Law suggests that the likelihood is far, far greater.

You must register the Active Directory root domain name because the root domain (the first domain created in Active Directory) is also the forest root and you can't rename this domain. If business needs change and the root domain name proves to be unusable, you might have to uninstall Active Directory and reinstall from scratch. Clearly this is not a desirable option.

Differences Between DNS and Active Directory Domain Names

Depending on the business requirements of an organization, the externally recognized DNS domain name and the Active Directory domain name can be different. In some cases, the Active Directory domain name is just a subdomain of the DNS name. For example, if the external DNS name is xyz.corp , the Active Directory root domain could be ad.xyz.corp .

A second option is using a completely different domain name. Using the preceding example, the Active Directory root could be named xyz.local . In this case, configuration of a proxy server and email could prove challenging.

These options are discussed in greater detail in the following paragraphs.

Regardless of the DNS design approach used, the following best practices should be employed when creating DNS host and domain names for use with Windows 2000:

• Use RFC-compliant DNS names, especially when working in a heterogeneous DNS environment.

• Register the root domain (forest root) name before creating the first Windows 2000 domain controller.

• Register any other domain roots before creating the first domain controller for that domain tree.