27. what are Active Directory Integrated Zones?

What Are Active Directory Integrated Zones?

One benefit of integrating DNS and Active Directory is the ability to integrate DNS zones into an Active Directory database. A zone is a portion of the domain namespace that has a logical grouping of resource records, which allows zone transfers of these records to operate as one unit.

Active Directory Integrated Zones

Microsoft DNS servers store information that is used to resolve host names to IP addresses and IP addresses to host names in a database file that has the extension .dns for each zone.

Active Directory integrated zones are primary zones that are stored as objects in the Active Directory database. If zone objects are stored in an Active Directory domain partition, they are replicated to all domain controllers in the domain

26. What is Integration of DNS and Active Directory ?

What is Integration of DNS and Active Directory

The integration of DNS and Active Directory is essential because a client computer in a Windows 2000 network must be able to locate a domain controller so that users can log on to a domain or use the services that Active Directory provides. Clients locate domain controllers and services by using A resource records and SRV records. The A resource record contains the FQDN and IP address for the domain controller. The SRV record contains the FQDN of the domain controller and the name of the service that the domain controller provides.

25. The global catalog contains

The global catalog contains:

●       The attributes that are most frequently used in queries, such as a user’s first name, last name, and logon name.

●       The information that is necessary to determine the location of any object in the directory.

●       The access permissions for each object and attribute that is stored in the global catalog. If you search for an object that you do not have the appropriate permissions to view, the object will not appear in the search results. Access permissions ensure that users can find only objects to which they have been assigned access.

A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. Taking a user object as an example, it would by default have many different attributes such as first name, last name, phone number, and many more. The GC will by default only store the most common of those attributes that would be used in search operations (such as a user’s first and last names, or login name, for example). The partial attributes that it has for that object would be enough to allow a search for that object to be able to locate the full replica of the object in active directory. This allows searches done against a local GC, and reduces network traffic over the WAN in an attempt to locate objects somewhere else in the network.

Domain Controllers always contain the full attribute list for objects belonging to their domain.  If the Domain Controller is also a GC, it will also contain a partial replica of objects from all other domains in the forest.

Active Directory uses DNS as the name resolution service to identify domains and domain host computers during processes such as logging on to the network.

Similar to the way a Windows NT 4.0 client will query WINS for a NetBIOS DOMAIN[1B] record to locate a PDC, or a NetBIOS DOMAIN[1C] record for domain controllers, a Windows 2000, 2003, or Windows XP client can query DNS to find a domain controller by looking for SRV records.

24. Domain-wide Roles

Domain-wide roles are unique to each domain in a forest, the domain-wide roles are:

●       Primary domain controller emulator (PDC)
Acts as a Windows NT PDC to support any backup domain controllers (BDCs) running Microsoft Windows® NT within a mixed-mode domain. This type of domain has domain controllers that run Windows NT 4.0. The PDC emulator is the first domain controller that you create in a new domain.

●       Relative identifier master (RID)
When a new object is created, the domain controller creates a new security principal that represents the object and assigns the object a unique security identifier (SID). This SID consists of a domain SID, which is the same for all security principals created in the domain, and a RID, which is unique for each security principal created in the domain. The RID master allocates blocks of RIDs to each domain controller in the domain. The domain controller then assigns a RID to objects that are created from its allocated block of RIDs.

●       Infrastructure master
when objects are moved from one domain to another, the infrastructure master updates object references in its domain that point to the object in the other domain. The object reference contains the object’s globally unique identifier (GUID), distinguished name, and a SID. Active Directory periodically updates the distinguished name and the SID on the object reference to reflect changes made to the actual object, such as moves within and between domains and the deletion of the object.