Contents Overview 1 Identifying Business Needs 2 DNS and Active Directory 3 Planning Active Directory Domain Names 7 Designing a DNS Naming Strategy for Active Directory 11 Lab A: Designing an Active Directory Naming Strategy 22 Review 31 Module 2: Designing an A ctive Directory Naming Strategy Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2000 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows NT, Active Directory, BackOffice, PowerPoint, Visual Basic, and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Other product and company names mentioned herein may be the trademarks of their respective owners. Project Lead: Andy Sweet (S&T OnSite) Instructional Designers: Andy Sweet (S&T OnSite), Ravi Acharya (NIIT), Sid Benavente, Richard Rose, Kathleen Norton Instructional Design Consultants: Paul Howard, Susan Greenberg Program Managers: Lorrin Smith-Bates (Volt), Megan Camp (Independent Contractor) Technical Contributors: Angie Fultz, Lyle Curry, Brian Komar (3947018 Manitoba, Inc.), Jim Clark (Infotec Commercial Systems), Bill Wade (Excell Data Corporation), David Stern, Steve Tate, Greg Bulette (Independent Contractor), Kathleen Cole (S&T OnSite) Graphic Artist: Kirsten Larson (S&T OnSite) Editing Manager: Lynette Skinner Editor: Jeffrey Gilbert (Wasser) Copy Editor: Patti Neff (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aditi) Online Support: Eric Brandt (S&T Consulting) Multimedia Development: Kelly Renner (Entex) Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T OnSite) Courseware Testing: Testing Testing 123 Production Support: Ed Casper (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Managers: Dean Murray, Ken Rosen Group Product Manager: Robert Stewart Module 2: Designing an Active Directory Naming Strategy iii Instructor Notes Microsoft ® Windows ® 2000 Active Directory ™ directory service contains information about all objects in an organization’s network. The goal is to provide clients access to this information. This module provides students with the ability to successfully plan and implement Microsoft Windows NT ® version 5.0 Active Directory naming. It starts by looking at how Domain Name System (DNS) naming is done. This sets the foundation for Active Directory naming. It is important to note that DNS as a topic may be new to many students. Stress that this module is not intended to cover DNS in detail, but rather provides sufficient information for them to be successful in planning for DNS and Active Directory. At the end of this module, students will be able to: ! Identify business needs that impact the selection of Active Directory names. ! Describe how Active Directory is integrated with DNS. ! Plan Active Directory names within the Active Directory hierarchy. ! Design a DNS naming strategy for Active Directory root domains. Lab A, Designing an Active Directory Naming Strategy, is a scenario-based planning lab. The students will examine business criteria that affect the design of an Active Directory naming strategy. They will then use this information to design an Active Directory naming strategy. Materials and Preparation This section provides you with the materials and preparation tasks that are needed to teach this module. Required Materials To teach this module, you need Microsoft PowerPoint ® file 1561b_02.ppt. Preparation Tasks To prepare for this module, you should: ! Read all of the materials for this module. ! Complete the lab. ! Read the following technical white paper located on the Trainer Materials compact disc: • Windows 2000 DNS Presentation: 60 Minutes Lab: 60 Minutes iv Module 2: Designing an Active Directory Naming Strategy Instructor Setup for a Lab This section provides setup instructions that are required to prepare the instructor computer or classroom configuration for a lab. Lab A: Designing an Active Directory Naming Strategy No special setup is necessary. This planning lab in three exercises describes three organizations of different sizes that will use Active Directory. The students will create a naming design for the Active Directory, using their knowledge of DNS naming and Active Directory design. In the first exercise the students will determine the best name for an Active Directory root domain and justify their answers based on the criteria given. In exercises two and three the students will use the decision tree flow chart to make their decisions on how to name the domains to best meet the needs of the organizations as given in the criteria for the lab. Module Strategy Use the following strategy to present this module: ! Identifying Business Needs This section introduces the naming structure of Active Directory. Begin by explaining the directory naming needs of an organization. Discuss the intended scope of Active Directory for an organization and explain the importance of determining whether the organization is planning an Internet presence, if it has not done so already. ! DNS and Active Directory The section presents the relationship of DNS with Active Directory. Explain that although Active Directory and DNS share common names, each of them is used for a different purpose. Also explain that Berkeley Internet Name Domain (BIND) DNS servers can be used to interoperate with Active Directory. ! Planning Active Directory Domain Names This section illustrates the factors that may determine the naming strategy of Active Directory. Explain that determining the scope of Active Directory is the first step in planning Active Directory domain names. The next step includes designing the naming strategy of the Active Directory hierarchy. Then, describe the guidelines that should be considered while choosing Active Directory domain names. ! Designing a DNS Naming Strategy for Active Directory This section describes the design of naming strategies for the internal and the external network of an organization. Explain the initial naming decisions that include activities such as registering the DNS root names and determining internal and external naming strategies. Discuss the various scenarios of naming public and private networks in an Active Directory structure. Explain how a DNS solution is integrated with BIND. Finally summarize the process of designing an Active Directory naming strategy. Module 2: Designing an Active Directory Naming Strategy v Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. The lab in this module is a paper-based planning lab, and as a result, there are no lab setup requirements or configuration changes that affect replication or customization. Module 2: Designing an Active Directory Naming Strategy 1 Overview ! Identifying Business Needs ! DNS and Active Directory ! Planning Active Directory Domain Names ! Designing a DNS Naming Strategy for Active Directory Resolution of unique names is the cornerstone of identifying and accessing objects in Microsoft ® Windows ® 2000 Active Directory ™ directory service. Active Directory uses the Domain Name System (DNS) as a basis for naming domains. The hierarchical structure of Active Directory is derived from the root domain, which is the first domain created. Carefully selecting an inclusive DNS name for the root domain is crucial because an inclusive name may make it easier for users to access the network over the Internet and also enable network flexibility. At the end of this module, you will be able to: ! Identify business needs that impact the selection of Active Directory names. ! Describe how Active Directory is integrated with DNS. ! Plan Active Directory names within the Active Directory hierarchy. ! Design a DNS naming strategy for Active Directory root domains. Slide Objective To provide an overview of the module topics and objectives. Lead-in In this module, you will learn about naming strategies for Active Directory. 2 Module 2: Designing an Active Directory Naming Strategy Identifying Business Needs ! Main Business Needs that Impact a Naming Strategy: # Intended Scope of Active Directory # Internet Presence The initial root domain name will influence the structure of the Active Directory hierarchy. A properly selected name should accommodate the current and future planned business needs of an organization. The two primary business considerations that affect the naming of an Active Directory structure are how much of the organization Active Directory should include, and whether or not the organization plans to make some or all of its resources available on the Internet. Intended Scope of Active Directory When assessing business needs, you need to determine the scope of the planned Active Directory structure. Before you implement Active Directory, you must first determine how the Active Directory structure will meet the business requirements of the organization. Thus, the design of the Active Directory structure should accommodate one or more of the following possibilities, depending on the business requirements: ! Will the Active Directory structure include the entire organization, including subsidiaries? ! Will the Active Directory incorporate partners or customers in the future? ! Are you anticipating any mergers or acquisitions in the next two to five years? Internet Presence You must consider whether or not the organization's Active Directory will ever be available on the Internet. If so, you must choose a name for the Active Directory root that adheres to Internet standards. You must also choose a DNS strategy to support the Active Directory. Slide Objective To identify the main business needs that impact the naming strategy for Active Directory. Lead-in The scope of the business will help determine the root domain name of Active Directory. Module 2: Designing an Active Directory Naming Strategy 3 $ $$ $ DNS and Active Directory ! Distinguishing Between DNS and Active Directory ! Interoperability with BIND Active Directory follows DNS standards for naming domains, servers, and services. Active Directory also uses DNS as the domain locator service. You can use DNS for name resolution of both intranet (internal) and Internet (external) resources in your organization. There are special considerations you must take into account if your organization uses a Berkeley Internet Name Domain (BIND) DNS server and insists on maintaining it. Slide Objective To describe the relationship between Active Directory and DNS. Lead-in Active Directory closely follows DNS standards for naming. 4 Module 2: Designing an Active Directory Naming Strategy Distinguishing Between DNS and Active Directory Domain Name System (DNS) Domain Name System Domain Name System (DNS) (DNS) contoso.msft contoso.msft ! DNS Servers Store Resource Records ! Active Directory Servers Store Domain Objects Active Directory can consist of one or more domains. You identify Active Directory domains by the DNS names you assign them. The Active Directory domain and the corresponding DNS domain have the same name, yet each has a distinct role. These two domains store different information and manage different objects. DNS servers store and manage resource records within a zone database file. A DNS zone database file contains all resource records for a single DNS domain, or a discreet portion of a DNS domain tree. Active Directory stores and manages domain objects. Objects in the Active Directory include users, computers, printers, servers, workstations, services and shares. All objects are stored within Active Directory and managed either by scripting, or by tools within Microsoft Management Console (MMC). Because Active Directory and DNS domain names are identical and DNS is the mechanism for performing name resolution, each Active Directory domain requires a corresponding DNS domain. However, each DNS domain does not require a corresponding Active Directory domain. Slide Objective To illustrate how DNS interacts with Active Directory. Lead-in DNS and Active Directory share common names for their respective domains, but each is used for a different purpose. Key Points DNS and Active Directory share domain names but store and manage different information. [...]... two names with ICANN Use one externally and the other as the Active Directory forest root on internal DNS server 21 22 Module 2: Designing an Active Directory Naming Strategy Lab A: Designing an Active Directory Naming Strategy Slide Objective To introduce the lab Lead-in In this lab, you will use business criteria to create an Active Directory naming strategy and a BIND integration strategy Explain... resource records and dynamic DNS, see RFC 2052 and RFC 2136 Module 2: Designing an Active Directory Naming Strategy $ Planning Active Directory Domain Names Slide Objective To describe how Active Directory names are influenced by a chosen hierarchy ! ! To plan Active Directory domain names, you must first determine the scope of Active Directory within your organization Designing the Naming Hierarchy... records Existing DNS infrastructure and host names can remain unchanged Existing DNS zones and DNS topology can remain unchanged Module 2: Designing an Active Directory Naming Strategy Existing DNS implementation? Yes No Use existing DNS naming strategy as the Active Directory root? Yes Do you anticipate an Internet presence? No Yes No Register a name with ICANN and use as the forest root Separate... name Module 2: Designing an Active Directory Naming Strategy 17 ! It may not be necessary to register additional names with ICANN ! You may need to upgrade DNS servers to provide support for SRV resource records ! Existing DNS infrastructure and host names can remain unchanged and will match the Active Directory domain name ! Existing DNS zones and DNS topology can remain unchanged 18 Module 2: Designing. .. Determining the Scope of Active Directory Choosing Active Directory Domain Names Because Active Directory is tightly integrated with DNS, you should adhere to DNS standards when planning the naming strategy for Active Directory Your Active Directory design should include: ! Determining the scope of Active Directory within your organization ! Designing a hierarchical DNS name ! Choosing Active Directory domain... http://www.ietf.org/internet-drafts/draft-ietf-dnsindlocal-names-07.txt Module 2: Designing an Active Directory Naming Strategy 11 $ Designing a DNS Naming Strategy for Active Directory Slide Objective To describe naming strategies for Active Directory and DNS ! Making Initial Naming Decisions ! Using a Delegated Subdomain Name for the Internal Network ! Using a Single DNS Name for Public and Private Networks ! Using a Different DNS Name for Public and Private... name for your Active Directory structure and Internet presence ! Use a different DNS domain name for your Active Directory root to maintain separation between your Active Directory structure and your Internet presence 12 Module 2: Designing an Active Directory Naming Strategy Making Initial Naming Decisions Slide Objective To describe the first steps in determining a naming strategy Lead-in An Internet... 60 minutes Module 2: Designing an Active Directory Naming Strategy 23 Exercise 1 Planning a Naming Strategy for a Medium-sized Organization In this exercise, you will evaluate the existing environment and design criteria at a medium-sized company to determine the best possible root directory naming strategy Working with your lab partners, review the scenario and the design criteria and answer the questions... server No Register two names with ICANN Use one externally and the other as the Active Directory forest root on internal DNS server Module 2: Designing an Active Directory Naming Strategy 27 Existing DNS implementation? Yes No Use existing DNS naming strategy as the Active Directory root? Yes Do you anticipate an Internet presence? No Yes No Register a name with ICANN and use as the forest root Separate... Register two names with ICANN Use one externally and the other as the Active Directory forest root on internal DNS server 28 Module 2: Designing an Active Directory Naming Strategy Exercise 3 Planning a Naming Strategy for a Large Organization In this exercise, you will determine the name of the root directory for a large organization and how to integrate it with the company BIND DNS servers Working . between Active Directory and DNS. Lead-in Active Directory closely follows DNS standards for naming. 4 Module 2: Designing an Active Directory Naming Strategy. summarize the process of designing an Active Directory naming strategy. Module 2: Designing an Active Directory Naming Strategy v Customization