Subtitles of the Movie

Once you have your active directory architecture sorted out, and active directory installed along with DNS on your system, you can start to have a look around at the active directory specific DNS features, and go through the process of setting up an active directory integrated zone in DNS. Open the DNS snap-in from the start>administrative tools menu, expand the server and expand forward look up zones. . You can see the two zones created automatically when active directory is installed. The ca.domain.tld zone contains regular DNS records, and the msdcs.ca.domain.tld zone contains the active directory DNS functionality. If you expand the ca.domain.tld zone, you can see the active directory related DNS entries. Expand the TCP sub-domain, which holds the TCP protocol service locator or SRV records for the domain. You can see the service locator records for the global catalogue used to locate information in the directory, kerberos which is used for user and system authentication, and others. These records are used by clients and servers to locate services on the network. Right click forward lookup zones, and select new zone. Click next. As this server has active directory installed, the zone add process is different than that covered earlier in the course. For example select primary zone and leave the - store the zone in active directory - box checked. This causes the zone to be stored in the active directory instead of in a zone file. Click next. As this zone is being stored in active directory, you now need to decide how replication will work. Secondary zones are not required with active directory zones as the zone data is replicated to all domain controls by default. You can choose to replicate the data to all DNS servers in the domain or all DNS servers in the forest. If you have application directory partitions to find, you can also use their scope to control replication of the zone. Click next to continue. Specify the zone name and click next. The defaults for dynamic updates for active directory integrated zones is different from that for non-integrated zones; while non integrated zones do not allow dynamic updates by default, active directory integrated zones allow secure dynamic updates by default. Click next to continue. You may notice that you didn't need to specify a zone file name in this process like you do when you add a non-integrated zone. This is because there is no zone file with an integrated zone; the zone data is all stored in the directory. Click finish to add the zone.