Designing an Active Directory Naming Strategy | MCSE Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Exam Cram 2 (Exam Cram 70-297)

Becaus Active Directory relies on DNS, a DNS infrastructure is required. When designing an Active Directory naming strategy, you must consider the existing DNS infrastructure, the company's Internet presence, the external and internal namespaces, and any NetBIOS naming requirements.

Identifying Internet Domain Name Registration Requirements

To avoid conflicts with other organizations on the Internet, the root domain for an Active Directory tree should be registered with an Internet authority when planning the DNS names. This holds true if you're planning to publish the domain name on the Internet. If not, the internal root domain name can be anything you want.

This includes the forest root domain as well as other root domains that might exist. You'll be able to determine which domain names need to be registered after you've designed the DNS infrastructure. Chapter 5, "Creating the Logical Design for a Network Services Infrastructure," looks at the different DNS strategies that can be implemented.

In some instances, you might not be required to register any domain names; for example, if a company already has an existing Internet presence that it wants to maintain.

The Active Directory root domain names must be unique within a DNS hierarchy. So, if you're planning to have an Internet presence and interact with other Internet domains, the root domain must be registered. If the Active Directory namespace is internal only, this is not necessary.

Specifying the Use of Hierarchical Namespace Within Active Directory

The first domain created within Active Directory becomes the forest root domain. This is the domain that represents the entire business. It is important to plan which domain becomes the forest root domain; after it has been established, it can be difficult to rename because doing so might affect existing child domains.

Careful planning is required when choosing a name for the forest root domain. Choosing an appropriate name for the forest root domain is important because all other domains created under the forest root (child domains) derive a portion of their namespace from it.

When deciding what to name the first domain in Active Directory, keep the following points in mind:

Choose a name that won't change in the near future a name that is static. Changing the name of the forest root domain might not be easy, so choose a name that won't change in the next 3 to 5 years.
Choose a name that is meaningful to the business, its employees, and its clients. When naming the forest root, consider using the name of the business.
If the internal and external namespace will be the same, make sure that the name is available for use on the Internet.

When creating the forest root domain, the design team might determine that the business's name would be an appropriate choice (as long as the business has no intention of changing the company name in the near future). The business's name provides a general representation of the business and an appropriate namespace for child domains within the forest. The company name is meaningful to employees and clients and makes the domain easily identifiable.

Be prepared to encounter exam questions that require you to select an Active Directory namespace based on a given scenario.

Identifying NetBIOS Naming Requirements

In a pure Windows 2000 or Windows Server 2003 environment, NetBIOS is not required. However, you might still need to support it for backward compatibility with pre Windows 2000 operating systems.

Operating systems earlier than Windows 2000 use NetBIOS names to identify computers on the network and the network services those computers are running. Computers running Windows 2000 and Windows Server 2003 can be identified by a NetBIOS name to remain backward compatible with legacy clients, by the full computer name, or by a fully qualified domain name. The NetBIOS name for a Windows 2000 or Windows Server 2003 computer is the first 15 characters of the full computer name.

Windows NT 4.0 also uses NetBIOS names as domain names. If you're upgrading a domain from Windows NT 4.0 to Windows Server 2003, you must also then consider the NetBIOS name and the DNS prefix to be used. You must decide whether the current NetBIOS name is suitable for the DNS prefix. If the current name is suitable, meaning that it appropriately represents the company and meets all naming requirements, it can be retained as the DNS prefix as well. If not, the NetBIOS name can be different from that of the DNS prefix.

When deploying new domains, it is recommended that the NetBIOS name for the domain be the same as the DNS prefix.