• Chapter 1. Installing and Configuring Windows Server 2003
  • software development Company Server 2003
  • Chapter 1. Installing and Configuring Windows Server 2003
  • New Features in Windows Server 2003
  • Best Practices
  • Moving Forward
  • Version Comparisons
  • Hardware Recommendations
  • Installation Checklist
  • Functional Overview of Windows Server 2003 Setup
  • Installing Windows Server 2003
  • Post Setup Configurations
  • Functional Description of the Windows Server 2003 Boot Process
  • Correcting Common Setup Problems
  • Chapter 2. Performing Upgrades and Automated Installations
  • New Features in Windows Server 2003
  • NT4 Upgrade Functional Overview
  • Upgrading an NT4 or Windows 2000 Server
  • Automating Windows Server 2003 Deployments
  • Moving Forward
  • Chapter 3. Adding Hardware
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Architecture
  • Overview of Windows Server 2003 Plug and Play
  • Installing and Configuring Devices
  • Troubleshooting New Devices
  • Moving Forward
  • Chapter 4. Managing NetBIOS Name Resolution
  • New Features in Windows Server 2003
  • Moving Forward
  • Overview of Windows Server 2003 Networking
  • Name Resolution and Network Services
  • Network Diagnostic Utilities
  • Resolving NetBIOS Names Using Broadcasts
  • Resolving NetBIOS Names Using Lmhosts
  • Resolving NetBIOS Names Using WINS
  • Managing WINS
  • Disabling NetBIOS-over-TCP/IP Name Resolution
  • Chapter 5. Managing DNS
  • New Features in Windows Server 2003
  • Configuring a Caching-Only Server
  • Configuring a DNS Server to Use a Forwarder
  • Managing Dynamic DNS
  • Configuring Advanced DNS Server Parameters
  • Examining Zones with Nslookup
  • Command-Line Management of DNS
  • Configuring DHCP to Support DNS
  • Moving Forward
  • Overview of DNS Domain Structure
  • Functional Description of DNS Query Handling
  • Designing DNS Domains
  • Active Directory Integration
  • Configuring DNS Clients
  • Installing and Configuring DNS Servers
  • Configuring Secondary DNS Servers
  • Integrating DNS Zones into Active Directory
  • Chapter 6. Understanding Active Directory Services
  • New Features in Windows Server 2003
  • Active Directory Support Files
  • Active Directory Utilities
  • Bulk Imports and Exports
  • Moving Forward
  • Limitations of Classic NT Security
  • Directory Service Components
  • Brief History of Directory Services
  • X.500 Overview
  • LDAP Information Model
  • LDAP Namespace Structure
  • Active Directory Namespace Structure
  • Active Directory Schema
  • Chapter 7. Managing Active Directory Replication
  • New Features in Windows Server 2003
  • Replication Overview
  • Detailed Replication Transaction Descriptions
  • Designing Site Architectures
  • Configuring Inter-site Replication
  • Controlling Replication Parameters
  • Special Replication Operations
  • Troubleshooting Replication Problems
  • Moving Forward
  • Chapter 8. Designing Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Design Objectives
  • DNS and Active Directory Namespaces
  • Domain Design Strategies
  • Strategies for OU Design
  • Flexible Single Master Operations
  • Domain Controller Placement
  • Moving Forward
  • Chapter 9. Deploying Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Preparing for an NT Domain Upgrade
  • In-Place Upgrade of an NT4 Domain
  • In-Place Upgrade of a Windows 2000 Forest
  • Migrating from NT and Windows 2000 Domains to Windows Server 2003
  • Additional Domain Operations
  • Moving Forward
  • Chapter 10. Active Directory Maintenance
  • New Features in Windows Server 2003
  • Loss of a DNS Server
  • Loss of a Domain Controller
  • Loss of Key Replication Components
  • Backing Up the Directory
  • Performing Directory Maintenance
  • Moving Forward
  • Chapter 11. Understanding Network Access Security and Kerberos
  • New Features in Windows Server 2003
  • Windows Server 2003 Security Architecture
  • Security Components
  • Password Security
  • Authentication
  • Analysis of Kerberos Transactions
  • MITv5 Kerberos Interoperability
  • Security Auditing
  • Moving Forward
  • Chapter 12. Managing Group Policies
  • New Features in Windows Server 2003
  • Group Policy Operational Overview
  • Managing Individual Group Policy Types
  • Moving Forward
  • Chapter 13. Managing Active Directory Security
  • New Features in Windows Server 2003
  • Overview of Active Directory Security
  • Using Groups to Manage Active Directory Objects
  • Service Accounts
  • Using the Secondary Logon Service and RunAs
  • Using WMI for Active Directory Event Notification
  • Moving Forward
  • Chapter 14. Configuring Data Storage
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Data Storage
  • Performing Disk Operations on IA32 Systems
  • Recovering Failed Fault Tolerant Disks
  • Working with GPT Disks
  • Moving Forward
  • Chapter 15. Managing File Systems
  • New Features in Windows Server 2003
  • Overview of Windows Server 2003 File Systems
  • NTFS Attributes
  • Link Tracking Service
  • Reparse Points
  • File System Recovery and Fault Tolerance
  • Quotas
  • File System Operations
  • Moving Forward
  • Chapter 16. Managing Shared Resources
  • New Features in Windows Server 2003
  • Functional Description of Windows Resource Sharing
  • Configuring File Sharing
  • Connecting to Shared Folders
  • Resource Sharing Using the Distributed File System (Dfs)
  • Printer Sharing
  • Configuring Windows Server 2003 Clients to Print
  • Managing Print Services
  • Moving Forward
  • Chapter 17. Managing File Encryption
  • New Features in Windows Server 2003
  • File Encryption Functional Description
  • Certificate Management
  • Encrypted File Recovery
  • Encrypting Server-Based Files
  • EFS File Transactions and WebDAV
  • Special EFS Guidelines
  • EFS Procedures
  • Moving Forward
  • Chapter 18. Managing a Public Key Infrastructure
  • New Features in Windows Server 2003
  • Moving Forward
  • PKI Goals
  • Cryptographic Elements in Windows Server 2003
  • Public/Private Key Services
  • Certificates
  • Certification Authorities
  • Certificate Enrollment
  • Key Archival and Recovery
  • Command-Line PKI Tools
  • Chapter 19. Managing the User Operating Environment
  • New Features in Windows Server 2003
  • Side-by-Side Assemblies
  • User State Migration
  • Managing Folder Redirection
  • Creating and Managing Home Directories
  • Managing Offline Files
  • Managing Servers via Remote Desktop
  • Moving Forward
  • Chapter 20. Managing Remote Access and Internet Routing
  • New Features in Windows Server 2003
  • Configuring a Network Bridge
  • Configuring Virtual Private Network Connections
  • Configuring Internet Authentication Services (IAS)
  • Moving Forward
  • Functional Description of WAN Device Support
  • PPP Authentication
  • NT4 RAS Servers and Active Directory Domains
  • Deploying Smart Cards for Remote Access
  • Installing and Configuring Modems
  • Configuring a Remote Access Server
  • Configuring a Demand-Dial Router
  • Configuring an Internet Gateway Using NAT
  • Chapter 21. Recovering from System Failures
  • New Features in Windows Server 2003
  • Functional Description Ntbackup
  • Backup and Restore Operations
  • Recovering from Blue Screen Stops
  • Using Emergency Management Services (EMS)
  • Using Safe Mode
  • Restoring Functionality with the Last Known Good Configuration
  • Recovery Console
  • Moving Forward
  • Who Should Read This Book
  • Who This Book Is Not For
  • Conventions
  • Acknowledgments
  • About the Author
  • About the Technical Reviewers
  • Index
  • Index A
  • Index B
  • Index C
  • Index D
  • Index E
  • Index F
  • Index G
  • Index H
  • Index I
  • Index J
  • Index K
  • Index L
  • Index M
  • Index N
  • Index O
  • Index P
  • Index Q
  • Index R
  • Index S
  • Index SYMBOL
  • Index T
  • Index U
  • Index V
  • Index W
  • Index X
  • Index Z
  • Preface
  • Previous Section Next Section

    Configuring DHCP to Support DNS

    If you have downlevel clients that you want to register in DNS, you can take advantage of the DHCP proxy features for Dynamic DNS registration. This proxy makes it possible to move large numbers of desktops and servers over to DNS-enabled name resolution very quickly.

    The DHCP proxy feature was structured using the provisions of Internet Draft draft-ietf-dhc-dhcp-dns-10.txt, "Interaction Between DHCP and DNS." This draft outlines the use of a new DHCP option called Client FQDN, option 81. This option includes a new message format that a client can use to inform the DHCP server of its FQDN. The DHCP server uses this information to send a DNS Update message to the DNS server on behalf of the client.

    Important: If you plan on using DHCP to proxy DNS updates, be sure to use Active Directory Integrated zones with Secure Dynamic Updates enabled. This protects the zone records from accidental or deliberate overwrites. Do not install DHCP on a domain controller. The DHCP service runs in the LocalSystem security context, and therefore has full privileges on the machine. This permits a DHCP client to update any record in DNS, with potentially disastrous results.

    Installing DHCP

    Before installing DHCP, you should inventory your current IP address assignments and ensure that you know the hosts that have static addresses. Windows Server 2003 DHCP, along with NT4 SP4, will use ICMP to verify that an address is free before leasing it, but that verification is not comprehensive. When you are ready to install DHCP and set aside addresses to lease, follow Procedure 5.25.

    Procedure 5.25 Installing DHCP Service Drivers

    1. From Control Panel, open the Add/Remove Programs applet.

    2. Click Add/Remove Windows Components. The Windows Components Wizard starts with the focus set to the Windows Components window.

    3. Highlight Networking Services and click Details. The Networking Services window opens.

    4. Select Dynamic Host Configuration Protocol (DHCP) and click OK to save the change and return to the Windows Components window.

    5. Click Next. The Configuring Components window opens and the drivers begin loading. When the drivers have loaded and the configuration is complete, the wizard displays a successful completion window.

    6. Click Finish to close the window and return to the Add/Remove Programs window.

    7. Close the Add/Remove Programs window.

    At this point, you can begin configuring the service. There is no need to restart.

    Authorizing a DHCP Server

    After the service drivers have been loaded, open the DHCP console. The server icon shows a red down arrow, meaning that the service has not started. If you are installing the service on a domain controller or domain member server, the status in the right pane will show Not Authorized. If you are installing in a workgroup, press F5 to refresh the console. The server status should change to Running.

    Windows Server 2003 DHCP has a feature that attempts to prevent rogue DHCP servers from coming on the wire and leasing improper IP addresses. This feature requires a DHCP server to be authorized. An authorized DHCP server has a DHCPClass object in Active Directory. This object can be viewed using the AD Sites and Services console. It is stored under Services | NetServices. Figure 5.19 shows an example.

    Figure 5.19. AD Sites and Services console showing authorized DHCP server.

    graphics/05fig19.gif

    Authorize a DHCP server by right-clicking the server icon in the right pane and selecting AUTHORIZE from the flyout menu. The DHCP object is added to the directory automatically. Then, refresh the console by pressing F5. The server status changes to Running. Figure 5.20 shows an operational DHCP scope with leased addresses.

    Figure 5.20. DHCP console showing authorized DHCP server that has leased addresses.

    graphics/05fig20.gif

    Verify that the server is issuing addresses by renewing an existing DHCP client. If you are in a routed network that uses DHCP helpers, you need to configure the BOOTP relay agents at your routers to point at the new DHCP server. After you have verified basic operability, take the server out of production by deactivating the scope while you configure the scope options.

    Configuring Scope Options

    While the scope is deactivated, select the scope options that you want to include in the DHCP ACK packet that is returned to the clients along with their leased address. The list of scope options does not include the new option 81, FQDN Client option. This option is configured separately as part of scope properties. It is covered in the next section. At this point, you need to configure options for DNS server(s), a DNS domain name, and a default gateway. You may have other options you want to include, but these are the basics. To configure scope options, follow the steps in Procedure 5.26.

    Procedure 5.26 Configuring Scope Options

    1. Right-click the server icon and select NEW SCOPE from the flyout menu. The New Scope Wizard starts.

    2. Click Next. The Scope Name window opens. Give the scope a name and description that can help you identify it when it displays in the console.

    3. Click Next. The IP Address Range window opens (see Figure 5.21). Enter an address range and subnet mask for the scope. The example shows the private network of 10.1.0.0 with a 24-bit subnet mask.

      Figure 5.21. New Scope Wizard—IP Address Range window.

      graphics/05fig21.jpg

    4. Click Next. The Add Exclusions window opens. If you have addresses within the scope that are already assigned to hosts or need to be set aside for static assignment, exclude them here.

    5. Click Next. The Lease Duration window opens. The new default lease duration is eight days, up from three days in NT4. This gives enough time for a user to go on a week's vacation and still get the old address back. If you have a shortage of addresses, you can cut the lease duration back to eight hours.

    6. Click Next. The Configure Your DHCP Options window opens. Let's skip the rest of the wizard and configure the options from the DHCP console. It's faster. Select No,I Will Configure These Options Later.

    7. Click Next. The wizard displays a completion window.

    8. Click Finish to close the wizard and return to the DHCP console. The console now shows the new scope with its address pool and exclusions.

    9. Right-click the Scope Options window and select NEW SCOPE OPTIONS from the flyout menu. The Scope Options window opens.

    10. Select Option 006 DNS Servers. Enter the FQDN of the DNS server that you want to use for this scope and click Resolve to get its IP address. (I prefer this method because it quickly validates that the DNS configuration is correct.)

    11. Select Option 015 DNS Domain Name. Enter the DNS domain name (same as DNS Suffix) you want to distribute to clients in this scope. This name must exist as a DNS zone on the server selected in option 006.

    12. Select other options you want to include in the configuration packet. Typical entries are Option 003 Router, Option 046 WINS/NBNS Servers, and 046 WINT/NBT Node Type.

    13. Click OK to set the options and close the window.

    14. Right-click the Scope icon and select Active. This permits the DHCP service to respond to DHCP requests and makes the address pool in the scope available. The status of the scope changes to Active in the right pane of the console.

    When a DHCP client leases an address, it gets a configuration packet containing the IP address of one or more DNS servers. The client registers its newly leased address, both the A and PTR records, with the DNS server. You can verify this by checking the DNS console to see whether new addresses appear as Windows Server 2003 DHCP clients get their DHCP configuration packets.

    DNS Update Proxy Configuration

    If a DHCP client is not running Windows Server 2003 or some other client that supports Dynamic DNS Updates, it will not register its leased DHCP address in DNS. This limits the effectiveness of DNS as a name repository in a peer networking environment, at least if you want to get away from running WINS.

    You can configure the DHCP server to act as a DNS update proxy for downlevel clients. Open the server Properties window and select the DNS tab. Figure 5.22 shows an example.

    Figure 5.22. DHCP server Properties window showing the DNS tab.

    graphics/05fig22.gif

    Dynamic Client Icons

    If you highlight the Address Leases icon and look at the list of active DHCP clients, you will notice that the icons for dynamically registered clients have fountain pen emblems.

    The Automatically Update DHCP Client Information in DNS selection enables option 81, Client FQDN, for all addresses in the scope. The remaining options are dimmed if this is deselected. Here is a list of the functions for the various configuration options:

    • Update DNS Only if DHCP Client Requests. This is the preferred option. If the client has selected the Register This Connection's Addresses in DNS option under TCP/IP Properties, the client takes responsibility for updating DNS and the DHCP server bows out.

    • Always Update DNS. This option overrides the Register This Connection's Addresses in DNS setting at the client and uses the FQDN message from the client to register. If this option is selected, a flag is toggled in the option 81 message to the client telling it not to update DNS.

    • Discard Forward (Name-to-Address) Lookups When Lease Expires. This option is selected by default. It removes the A record when the lease expires. The DNS scavenger does this, too, but it's better to keep the zone tidy day-by-day.

    • Enable Updates for DNS Clients That Do Not Support Dynamic Updates. This option is not set by default. It provides a way for downlevel clients to dynamically register their resource records. If you are prepared to have a couple of thousand resource records appear in your zone file during tomorrow morning's logon, select this option.

    If you select the last option that registers downlevel clients by proxy, you'll see the icons appear as dynamic registration icons (fountain pen emblems) as the clients renew their leases. As clients renew their leases, they renew their Dynamic DNS registrations, as well.

      Previous Section Next Section