Windows 2000 Active Directory application articles

In the previous articles, we talked about the basic principles and installation configuration of Active Directory, focusing on the advantages of some Active Directory, but it is not an independent service. It is only after combining some previous protocols and services. Successful implementation, such as the perfect combination of DNS, LDAP protocol and Active Directory, and the application of the site concept are all outstanding evidence. Below we will introduce these several application technologies.

First, the application of DNS in the Active Directory

WIN2K as a brand new operating system, its biggest feature is the introduction of Active Directory, and one of the biggest features of Active Directory is to put DNS and Active Directory Tightly combined together. Active Directory uses the Domain Name Service DNS as its location service, while expanding the standard DNS. Because DNS is the most widely used location service, DNS is used as a location service not only on the Internet, but also on many intranets. In the network system built with WINNT4.0, the unique identification information for each host is its NetBIOS name. The system uses the WINS service, information broadcast mode and Lmhost file to resolve the NetBIOS name to the corresponding IP address. To achieve information communication. In the internal network system (that is, in the LAN we usually call), it is very convenient and fast to use NetBIOS name to realize information communication. However, the unique identification information for a host on the Internet is its FQDN format domain name (such as www.163.com). In the Internet, the DNS standard is used to resolve the domain name to the corresponding IP address. If the network system built by WINNT4.0 is connected to the Internet, each host in the NT network also has a corresponding domain name, and the domain name resolution is realized by the DNS service supported by WINNT4.0. The configuration and implementation of DNS in WINNT4.0 is completely planned, designed and implemented manually. It can be seen from the above that in the WINNT4.0 network system, each host has both NetBIOS name and domain name, but the actual meaning is basically the same. This has increased the management burden of network administrators to a certain extent, and at the same time, the overall network management is more chaotic.

In WIN2K's Active Directory, the most basic unit is the domain. The domain is organized by the parent domain and the child domain to form a tree. The parent domain and the child domain are completely two-way trust relationships. And the relationship of trust is passed, and its organizational structure is similar to that of the DNS system. The naming policy in the Active Directory is basically implemented according to the Internet standard. According to the DNS and LDAP3.0 standards, the domain in the Active Directory and the domain in the DNS system adopt the same naming method, that is, the domain name in the Active Directory is the DNS domain name. . Then in the Active Directory, relying on DNS as a location service, the name is resolved to an IP address. Therefore, when we use WIN2K to build Active Directory, we must also install and configure the corresponding DNS. Regardless of whether the user implements IP address resolution or login authentication, DNS is used to locate the server in the Active Directory. This tight integration of Active Directory with the DNS system means that Active Directory is also well suited for both Internet and Intranet environments, which is a reflection of Microsoft's idea of ​​creating a network operating system for the Internet. Enterprises can connect Active Directory directly to the Internet to simplify communication with customers and partners. In addition, the DNS service in WIN2K allows customers to dynamically update resource records using the DNS Dynamic Update Protocol (RFC 2136), improving DNS management performance by reducing the time required to manually manage these same records. Computers running WIN2K can dynamically register their DNS names and IP addresses.

Since Active Directory is integrated with DNS, the NetBIOS name has gradually lost its meaning in WIN2K, and the corresponding WINS service is slowly being phased out. In WINNT, in order to effectively play the dynamic characteristics of WINS, we usually integrate DNS with WINS, which can obtain more accurate analysis results. However, WINS is not an Internet standard protocol, and the solution for DNS to dynamically maintain a machine name and IP address comparison table is dynamic DNS. Dynamic DNS does not require WINS because it allows customers who dynamically assign IP addresses to register directly to the DNS server and instantly update the DNS lookup table.

WIN2K supports dynamic DNS, and machines running Active Directory services can dynamically update DNS tables. WINS services are no longer needed in WIN2K networks, but WIN2K still supports WINS, which is due to backward compatibility. So if the network system no longer uses WINS, how does the client find the domain controller when the user logs in to the network? This is because WIN2K extends the standard DNS when implementing DNS, and adds a new record type SRV record to the DNS table, which points to the domain controller of the Active Directory. So if the network system has been fully upgraded to WIN2K, then you can no longer use the WINS service. In WIN2K, this integration has become unnecessary due to the support of the Dynamic Update Protocol (RFC 2136). DNS, which is composed of a series of Interpretation Requests (RFCs) standards, widely adopted on the Internet, has become a unified standardized specification in network technology. WIN2K's goal is to be widely used in the Internet and intranet environments, then its name resolution model should fully comply with a single DNS standard.