So how do the two combine and what role do they play? This is often a problem that plagues beginners. In this article, I will briefly discuss the relationship between the two, and I hope to help everyone.
a. The difference between the two
The combination of dns and Active Directory is the main feature of the Windows 2000 Server Edition. The dns domain and the Active Directory domain use the same domain name for different namespaces. Because the two namespaces use the same domain structure, it is easy to confuse. Therefore, it is important to understand the difference between them. They each store different data, so they manage different objects. Dns stores its zone and resource records; Active Directory stores domains and objects in the domain.
For dns, the domain name is based on the DNs layer naming structure, which is an inverted tree structure: a root domain, the following domain is both a parent domain and a child domain. Computers in each dns domain can be identified by a fully qualified domain name (fqdn). For example, the full domain name of the computer named yjy in the domain bjpeu.edu.cn is yjy.bjpeu.edu.cn.
Each Windows 2000 domain connected to the Internet has a dns name, and each computer in the Windows 2000 domain also has a dns name. Therefore, domains and computers represent Active Directory objects and represent domain nodes.
But dns and Active Directory use different databases to resolve names:
·dns is a name resolution service: dns accepts requests through the dns server to query the dns database to resolve the domain or computer. For the ip address. The dns client sends the dns name to the dns server they set. The dns server accepts the request or resolves the name through the local dns database, or queries other dns databases on the Internet. Dns does not require an Active Directory to work.
·Active Directory is a directory service: Active Directory accepts requests through the domain controller to query the Active Directory database to resolve domain object names to object records. The Active Directory user sends a request to the Active Directory server through the ldap protocol (a protocol that enters the directory service). In order to locate the Active Directory database, dns needs to be used. That is, the Active Directory uses dns as a location service to resolve the Active Directory server. For the ip address. The Active Directory has to work, and it is inseparable from dns.
dns can be independent of Active Directory, but Active Directory must have dns help to work. In order for Active Directory to work properly, the dns server must support service location (srv) resource records, which map the service name to the server name that provides the service. Active Directory clients and domain controllers use the srv resource record to determine the IP address of the domain controller.
In addition to the dns server that supports the win2000 network to support srv resource records, Microsoft also recommends that dns server provide dynamic upgrades to dns. The dns dynamic upgrade defines a protocol for the dns server to automatically upgrade within a certain value. Without this protocol, the administrator has to manually configure the new records generated by the domain controller. The new win2000 dns service supports srv resource records and supports dynamic upgrades. If you choose another non-win2000-based dns server, then you must verify that it supports srv resource logging. For a legitimate dns server that supports srv resource records but does not support dynamic upgrades, you must manually upgrade its resource records when you upgrade the win2000 server to a domain controller. These can be done with the netLogon.dns file, which is created by the Active Directory Smart Setup Wizard and exists in the folder %systemroot%\\system32\\config.
Two. The combination of the two
Since dns and Active Directory have such a big difference, how are they combined? In general, they are combined by the following methods:
·Active Directory domain and dns domain use the same hierarchy: although the function and purpose are different, an organization's dns namespace and Active Directory space have The same structure.
·The dns area can be stored in the Active Directory: if you use the win2000 dns service, the primary domain can be stored in the Active Directory to provide replication services for other Active Directory domain controllers, and to provide enhanced dns services. Safety measures.
·Active Directory Clients use dns to locate domain controllers: For a specific domain, in order to locate domain controllers, Active Directory clients request resource records from their dns servers.
When a company uses win2000 server version as their network operating system, Active Directory is considered to be one or more hierarchical Win2000 domains under the registered legal dns name root domain.
According to the naming convention of dns, each part of the dns name separated by a period (.) represents a node of the dns tree hierarchy and represents a potential active directory domain of the win2000 domain tree hierarchy. The root node of dns is indicated by a blank (""), and the root node of the Active Directory namespace has no parent domain. It provides the ldap entry point of the Active Directory.
Oh, the relationship between the two is introduced here. I hope that for the friends who are in contact with the win2000 operating system, I will not take this effort.