Sie sind auf Seite 1von 22

Active Director & DNS Setup

Active Directory & DNS Setup


Abstract
This document can help you implement Domain Name System (DNS) on Microsoft Windows Server 2003 on a small networ ! DNS is the main way that Windows Server 2003 translates computer names to networ addresses! "n "ctive Directory #ased domain controller also can act as a DNS server that re$isters the names and addresses of computers in the domain and then provides the networ address of a mem#er computer when %ueried with the computer&s name! This $uide e'plains how to set up DNS on a simple networ consistin$ of a sin$le domain!

Domain Name System Step-by-Step Guide


Domain Name System (DNS) is a system for namin$ computers and networ services that or$ani(es them into a hierarchy of domains! DNS namin$ is used on T)*+,* networ s- such as the ,nternet- to locate computers and services #y usin$ user.friendly names! When a user enters the DNS name of a computer in an application- DNS can loo up the name and provide other information associated with the computer- such as its ,* address or services that it provides for the networ ! This process is called name resolution! Name systems such as DNS ma e it easier to use networ resources #y providin$ users a way to refer to a computer or service #y a name that is easy to remem#er! DNS loo s up that name and provides the numeric address that operatin$ systems and applications re%uire to identify the computer on a networ ! /or e'ample- users enter www!microsoft!com instead of the server&s numeric ,* address to identify the Microsoft We# server on the ,nternet! DNS re%uires little on$oin$ maintenance for small and medium.si(ed #usinesses- which typically have one to four DNS servers (lar$er medium.si(ed or$ani(ations usually have #etween four and 01 DNS servers)! DNS pro#lems- however- can affect availa#ility for your entire networ ! Most DNS pro#lems arise #ecause of DNS settin$s that are incorrectly confi$ured! 2y followin$ the procedures in this $uide- you can avoid such pro#lems when you deploy DNS in a simple Microsoft Windows Server 20033#ased networ ! This $uide e'plains how to install and confi$ure a #asic DNS implementation in a networ that consists of a sin$le new "ctive Directory4 domain! ,t then addresses some advanced topics that medium.si(ed or$ani(ations mi$ht need to consider! /inally- it includes some #asic DNS trou#leshootin$ steps you can ta e if you suspect your environment is havin$ pro#lems with DNS! In This Guide 5 5 5 5 *lannin$ DNS ,nstallin$ and )onfi$urin$ "ctive Directory and DNS )onfi$urin$ DNS )lient Settin$s (DNS Step.#y.Step) "dvanced DNS )onfi$uration (DNS Step.#y.Step) 0

Active Director & DNS Setup 5 Trou#leshootin$ DNS (DNS Step.#y.Step)

Planning DNS
DNS is the primary method for name resolution in the Microsoft Windows Server 2003- Standard 6dition7 Windows Server 2003- 6nterprise 6dition7 and Windows Server 2003- Datacenter 6dition operatin$ systems (collectively referred to as 8Windows Server 20038 in this $uide)! DNS is a re%uirement for deployin$ the "ctive Directory directory service! ,nte$ratin$ DNS with "ctive Directory ena#les DNS servers to ta e advanta$e of the security- performance- and fault tolerance capa#ilities of "ctive Directory! Typically- you or$ani(e your DNS namespace (the association of domains- su#domains- and hosts) in a way that supports how you plan to use "ctive Directory to or$ani(e the computers on your networ !

Understanding the DNS Namespace


DNS is a hierarchical namin$ system! " DNS name includes the names of all of the DNS namespaces that it #elon$s to! The followin$ illustration shows how the DNS namespace is or$ani(ed!

The DNS namespace #e$ins with a lo$ical root domain that is not named- partly #ecause it is implicit in all DNS names! The root domain in turn contains a limited num#er of su#domains that 2

Active Director & DNS Setup help or$ani(e the DNS namespace! These su#domains are called top.level domains (T9Ds) #ecause they are the hi$hest.level or most inclusive part of the DNS namespace that people use! The names of these top.level domains are either functional or $eo$raphical! /unctional top.level domains su$$est the purpose of the or$ani(ation that has re$istered a su#domain in the top.level domain! Some of the most common functional top.level domain names are: 5 The !com top.level domain- which is usually used to re$ister DNS domain names that #elon$ to commercial entities- such as corporations! 5 The !edu top.level domain- which is most often used #y educational institutions- such as colle$es and pu#lic and private schools! 5 The !$ov top.level domain- which is used #y $overnment entities- includin$ federal- stateand local $overnments! 5 The !net top.level domain- which is often used #y or$ani(ations that provide ,nternet services- such as ,nternet service providers (,S*s)! 5 The !or$ top.level domain- which is typically used for private- nonprofit or$ani(ations!

;eo$raphical top.level domains indicate the country or re$ion where the or$ani(ation that re$istered the domain is located! /or e'ample- an or$ani(ation that wants to emphasi(e that it is located in )anada would re$ister its ,nternet domain name in the !ca top.level domain- while an or$ani(ation that wants to show that it is #ased in 2ra(il would re$ister its ,nternet domain name in the !#r top.level domain! Most or$ani(ations that want to have an ,nternet presence- such as for a We# site or sendin$ and receivin$ e.mail- re$ister an ,nternet domain name that is a su#domain of a top.level domain! <sually they choose a su#domain name #ased on their or$ani(ation&s name- such as contoso!com or microsoft!com! =e$isterin$ an ,nternet domain name reserves the name for the e'clusive use of the or$ani(ation and confi$ures DNS servers on the ,nternet to provide the appropriate ,nternet *rotocol (,*) address when they are %ueried for that name! ,n other words- it creates the e%uivalent of a telephone directory entry for the ,nternet domain name! 2ut instead of providin$ a telephone num#er for the name- it provides the ,* address that a computer re%uires to access the computers in the re$istered domain! The DNS namespace is not limited to >ust the pu#licly re$istered ,nternet domain names! ?r$ani(ations that have networ s with their own DNS servers can create domains for their internal use! "s the ne't section e'plains- these internal DNS namespaces can #e- #ut are not re%uired to #e- su#domains of a pu#lic ,nternet domain name!

Designing a DNS Namespace


@ou can desi$n an e'ternal namespace that is visi#le to ,nternet users and computers- and you can also desi$n an internal namespace that is accessi#le only to users and computers that are within the internal networ ! ?r$ani(ations that re%uire an ,nternet presence as well as an internal namespace must deploy #oth an internal and an e'ternal DNS namespace and mana$e each namespace separately! ,n this case- it is recommended that you ma e your internal domain a su#domain of your e'ternal domain! <sin$ an internal domain that is a su#domain of an e'ternal domain: 3

Active Director & DNS Setup 5 =e%uires you to re$ister only one name with an ,nternet name authority even if you later decide to ma e part of your internal namespace pu#licly accessi#le! 5 6nsures that all of your internal domain names are $lo#ally uni%ue!

5 Simplifies administration #y ena#lin$ you to administer internal and e'ternal domains separately! 5 "llows you to use a firewall #etween the internal and e'ternal domains to secure your DNS deployment! /or e'ample- an or$ani(ation that has an e'ternal domain name of contoso!com mi$ht use the internal domain name corp!contoso!com! @ou can use your internal domain as a parent for additional child domains that you create to mana$e divisions within your company- in cases where you are deployin$ an "ctive Directory domain for each division! )hild domain names are immediately su#ordinate to the domain name of the parent! /or e'ample- a child domain for a manufacturin$ division that is added to the us!corp!contoso!com namespace mi$ht have the domain name manu!us!corp!contoso!com! reating an Internet DNS Domain Name "n ,nternet DNS domain name is composed of a top.level domain name (such as !com- !or$- or !edu) and a uni%ue su#domain name chosen #y the domain owner! /or e'ample- a company named )ontoso )orporation would pro#a#ly choose contoso!com as its ,nternet domain name! When you have selected your ,nternet DNS domain- conduct a preliminary search of the ,nternet to confirm that the DNS domain name that you selected is not already re$istered to another or$ani(ation! ,f you do not find that your domain name is already re$istered to another or$ani(ation- contact your ,nternet service provider (,S*) to confirm that the domain name is availa#le and to help you re$ister your domain name! @our ,S* will pro#a#ly set up a DNS server on its own networ to host the DNS (one for your domain name- or it mi$ht help you set up a DNS server on your networ for this purpose! reating Internal DNS Domain Names /or your internal domains- create names relative to your re$istered ,nternet DNS domain name! /or e'ample- if you have re$istered the ,nternet DNS domain name contoso!com for your or$ani(ation- use a DNS domain name such as corp!contoso!com for the internal fully %ualified DNS domain name and use )?=* as the Net2,?S name! ,f you are deployin$ DNS in a private networ and do not plan to create an e'ternal namespaceyou should nevertheless consider re$isterin$ the DNS domain name that you create for your internal domain! ,f you do not re$ister the name and later attempt to use it on the ,nternet- or connect to a networ that is connected to the ,nternet- you mi$ht find that the name is unavaila#le! reating DNS omputer Names

,t is important to develop a practical DNS computer.namin$ convention for computers on your networ ! This ena#les users to remem#er the names of computers on pu#lic and private networ s easily- and therefore facilitates access to networ resources!

Active Director & DNS Setup <se the followin$ $uidelines when creatin$ names for the DNS computers in your Windows Server 2003 DNS infrastructure: 5 Select computer names that are easy for users to remem#er!

5 ,dentify the owner of a computer in the computer name! /or e'ample- >ohn.doe indicates that Aohn Doe uses the computer- and pu#s.server indicates that the computer is a server that #elon$s to the *u#lications department! 5 "lternatively- select names that descri#e the purpose of the computer! /or e'ample- a file server named past.accounts.0 indicates that the file server stores information related to past accounts! 5 Do not use character case to convey the owner or purpose of a computer! DNS is not case.sensitive! 5 Match the "ctive Directory domain name to the primary DNS suffi' of the computer name! The primary DNS suffi' is the part of the DNS name that appears after the host name! 5 <se uni%ue names for all computers in your or$ani(ation! Do not assi$n the same computer name to different computers in different DNS domains! 5 <se "S),, characters to ensure interopera#ility with computers runnin$ versions of Windows earlier than Windows 2000! /or DNS computer names- use only the characters "3Ba3(- 03C- and the hyphen (.)!

Installing and

on!iguring Active Directory and DNS

When you create a new domain- the "ctive Directory ,nstallation Wi(ard installs DNS on the server #y default! This ensures that DNS and "ctive Directory are confi$ured properly for inte$ration with each other! Important 2efore you install "ctive Directory and DNS on the first domain controller server in a new domain- ensure that the ,* address of the server is static- meanin$ it is not assi$ned #y Dynamic Dost )onfi$uration *rotocol (DD)*)! DNS servers must have static addresses to ensure that they can #e located relia#ly! To install DNS "ith Active Directory in a ne" domain#

Active Director & DNS Setup 0! )lic Start- point to Administrative tools- and then clic %i&ard! on!igure $our Server

2! ?n the 'anage $our Server pa$e- clic Add or remove a role! 3! ?n the on!igure $our Server %i&ard pa$e- clic Ne(t!

1! )lic Domain ontroller )Active Directory* and then clic Ne(t! E! ?n the %elcome to the Active Directory Installation %i&ard pa$e- clic Ne(t! F! ?n the +perating System Ne(t! ompatibility pa$e- read the information and then clic

,f this is the first time you have installed "ctive Directory on a server runnin$ Windows Server 2003- clic ompatibility ,elp for more information! G! ?n the Domain and then clic Ne(t! ontroller Type pa$e- clic Domain controller !or a ne" domain

H! ?n the Ne(t!

reate Ne" Domain pa$e- clic Domain in a ne" !orest and then clic

C! ?n the Ne" Domain Name pa$e- type the full DNS name (such as corp!contoso!com) for the new domain- and then clic Ne(t! 00! ?n the Net-I+S Domain Name pa$e- verify the Net2,?S name (for e'ample)?=*)- and then clic Ne(t! 00! ?n the Database and .og /olders pa$e- type the location in which you want to install the data#ase and lo$ folders- or clic -ro"se to choose a location- and then clic Ne(t! F

Active Director & DNS Setup

02! ?n the Shared System 0olume pa$e- type the location in which you want to install the S@SI?9 folder- or clic -ro"se to choose a location- and then clic Ne(t!

Active Director & DNS Setup

03! ?n the DNS 1egistration Diagnostics pa$e- clic Install and con!igure the DNS server on this computer2 and set this computer to use this DNS server as its pre!erred DNS server- and then clic Ne(t!

Active Director & DNS Setup 01! ?n the Permissions pa$e- select one of the followin$: 5 Permissions compatible "ith pre-%indo"s 3444 Server operating systems

5 Permissions compatible only "ith %indo"s 3444 or %indo"s Server 3445 operating systems

0E! ?n the Directory Services 1estore 'ode Administrator Pass"ord pa$e- type a password that will #e used to lo$ on to the server in Directory Services =estore Modeconfirm the password- and then clic Ne(t! 0F! =eview the Summary pa$e- and then clic Ne(t to #e$in the installation! 0G! "fter the "ctive Directory installation completes- clic +6 to restart the computer!

Active Director & DNS Setup

on!iguring DNS lient Settings )DNS Step-by-Step*


)onfi$ure the followin$ settin$s for each DNS client: 5 5 T)*+,* settin$s for DNS Dost name and domain mem#ership

To con!igure DNS client settings 0! "t the computer that you are confi$urin$ to use DNS- clic Panel- and then clic Net"or7 onnections! 2! =i$ht.clic Properties! the networ Start- point to ontrol

connection that you want to confi$ure- and then clic

3! ?n the General ta#- clic Internet Protocol )T P8IP*- and then clic Properties!

1! ,f you want to o#tain DNS server addresses from a DD)* server- clic +btain DNS server address automatically!

00

Active Director & DNS Setup

E! ,f you want to confi$ure DNS server addresses manually- clic Use the !ollo"ing DNS server addresses- and in Pre!erred DNS server and Alternate DNS server- type the ,nternet *rotocol (,*) addresses of the preferred DNS server and alternate DNS server! F! )lic +6 to e'it! Note ,t is not necessary to restart the computer at this time if you intend to chan$e the computer&s name or domain mem#ership in the followin$ steps! G! ,n ontrol Panel- dou#le.clic System! H! ?n the omputer Name ta#- clic hange!

C! ,n omputer name- type the name of the computer (the host name)! 00! )lic Domain- and then type the name of the domain you want the computer to >oin!

00

Active Director & DNS Setup

00! ,f omputer Name hanges appears- in User Name- type the domain name and user name of an account that is allowed to >oin computers to the domain- and in Pass"ord- type the password of the account! Separate the domain name and user name with a #ac slash (for e'ample- domainJusername)!

02! )lic +6 to close all dialo$ #o'es!

02

Active Director & DNS Setup

,istory o! T P8IP
Transmission )ontrol *rotocol+,nternet *rotocol (T)*+,*) is an industry standard suite of protocols that is desi$ned for lar$e networ s consistin$ of networ se$ments that are connected #y routers! T)*+,* is the protocol that is used on the ,nternet- which is the collection of thousands of networ s worldwide that connect research facilities- universities- li#raries- $overnment a$encies- private companies- and individuals! The roots of T)*+,* can #e traced #ac to research conducted #y the <nited States Department of Defense (DoD) "dvanced =esearch *ro>ects "$ency (D"=*") in the late 0CF0s and early 0CG0s! The followin$ list hi$hli$hts some important T)*+,* milestones: 5KK,n 0CG0- "=*"N6T hosts started to use Networ )ontrol *rotocol (N)*)- a preliminary form of what would #ecome the Transmission )ontrol *rotocol (T)*)! 5KK,n 0CG2- the Telnet protocol was introduced! Telnet is used for terminal emulation to connect dissimilar systems! ,n the early 0CG0s- these systems were different types of mainframe computers! 5KK,n 0CG3- the /ile Transfer *rotocol (/T*) was introduced! /T* is used to e'chan$e files #etween dissimilar systems! 5KK,n 0CG1- the Transmission )ontrol *rotocol (T)*) was specified in detail! T)* replaced N)* and provided enhanced relia#le communication services! 5KK,n 0CH0- the ,nternet *rotocol (,*) (also nown as ,* version 1 L,*v1M) was specified in detail! ,* provides addressin$ and routin$ functions for end.to.end delivery! 5KK,n 0CH2- the Defense )ommunications "$ency (D)") and "=*" esta#lished the Transmission )ontrol *rotocol (T)*) and ,nternet *rotocol (,*) as the T)*+,* protocol suite! 5KK,n 0CH3- "=*"N6T switched from N)* to T)*+,*! 5KK,n 0CH1- the Domain Name System (DNS) was introduced! DNS resolves domain names (such as www!e'ample!com) to ,* addresses (such as 0C2!0FH!E!0H)! 5KK,n 0CCE- ,nternet service providers (,S*s) #e$an to offer ,nternet access to #usinesses and individuals! 5KK,n 0CCF- the Dyperte't Transfer *rotocol (DTT*) was introduced! The World Wide We# uses DTT*! 5KK,n 0CCF- the first set of ,* version F (,*vF) standards were pu#lished!

T P8IP Terminology
The ,nternet standards use a specific set of terms when referrin$ to networ elements and concepts related to T)*+,* networ in$! These terms provide a foundation for su#se%uent chapters! /ollowin$ fi$ure illustrates the components of an ,* networ ! )ommon terms and concepts in T)*+,* are defined as follows: 5KKNode "ny device- includin$ routers and hosts- which runs an implementation of ,*! 5KK1outer " node that can forward ,* pac ets not e'plicitly addressed to itself! ?n an ,*vF networ a router also typically advertises its presence and host confi$uration information!

03

Active Director & DNS Setup

5KK,ost " node that cannot forward ,* pac ets not e'plicitly addressed to itself (a non.router)! " host is typically the source and the destination of ,* traffic! " host silently discards traffic that it receives #ut that is not e'plicitly addressed to itself! 5KKUpper-layer protocol " protocol a#ove ,* that uses ,* as its transport! 6'amples include ,nternet layer protocols such as the ,nternet )ontrol Messa$e *rotocol (,)M*) and Transport layer protocols such as the Transmission )ontrol *rotocol (T)*) and <ser Data$ram *rotocol (<D*)! (Dowever- "pplication layer protocols that use T)* and <D* as their transports are not considered upper.layer protocols! /ile Transfer *rotocol L/T*M and Domain Name System LDNSM fall into this cate$ory)! 5KK.AN segment " portion of a su#net consistin$ of a sin$le medium that is #ounded #y #rid$es or 9ayer 2 switches! 5KKSubnet ?ne or more 9"N se$ments that are #ounded #y routers and use the same ,* address prefi'! ?ther terms for su#net are networ se$ment and lin ! 5KKNet"or7 Two or more su#nets connected #y routers! "nother term for networ is internetwor ! 5KKNeighbor " node connected to the same su#net as another node! 5KKInter!ace The representation of a physical or lo$ical attachment of a node to a su#net! "n e'ample of a physical interface is a networ adapter! "n e'ample of a lo$ical interface is a tunnel interface that is used to send ,*vF pac ets across an ,*v1 networ ! 5KKAddress "n identifier that can #e used as the source or destination of ,* pac ets and that is assi$ned at the ,nternet layer to an interface or set of interfaces! 5KKPac7et The protocol data unit (*D<) that e'ists at the ,nternet layer and comprises an ,* header and payload! Windows includes #oth an ,*v1.#ased and an ,*vF.#ased T)*+,* component!

on!iguring the IPv9-based T P8IP omponent in %indo"s


01

Active Director & DNS Setup The ,*v1.#ased T)*+,* component in Windows Server 2003 and Windows N* is installed #y default and appears as the ,nternet *rotocol (T)*+,*) component in the Networ )onnections folder! <nli e in previous versions of Windows- you cannot uninstall the ,nternet *rotocol (T)*+,*) component! Dowever- you can restore its default confi$uration #y usin$ the netsh inter!ace ip reset command! /or more information a#out Netsh commands! The ,nternet *rotocol (T)*+,*) component can #e confi$ured to o#tain its confi$uration automatically or from manually specified settin$s! 2y default- this component is confi$ured to o#tain an address confi$uration automatically!

Figure 1-2 The General tab of the properties dialog box for the Internet Protocol (TCP/IP) co ponent

Properties dialo$ #o'! Automatic on!iguration ,f you specify automatic confi$uration- the ,nternet *rotocol (T)*+,*) component attempts to locate a Dynamic Dost )onfi$uration *rotocol (DD)*) server and o#tain a confi$uration when Windows starts! Many T)*+,* networ s use DD)* servers that are confi$ured to allocate T)*+,* confi$uration information to clients on the networ ,f the ,nternet *rotocol (T)*+,*) component fails to locate a DD)* server- T)*+,* chec s the settin$ on the Alternate on!iguration ta#! /i$ure 0.3 shows this ta#!

0E

Active Director & DNS Setup

Figure 1-! The "lternate Configuration tab of the Internet Protocol (TCP/IP) co ponent

This ta# contains two options: 5KKAutomatic Private IP Address ,f you choose this option- "utomatic *rivate ,* "ddressin$ ("*,*") is used! The ,nternet *rotocol (T)*+,*) component automatically chooses an ,*v1 address from the ran$e0FC!2E1!0!0 to 0FC!2E1!2EE!2E1- usin$ the su#net mas of 2EE!2EE!0!0! The DD)* client ensures that the ,*v1 address that the ,nternet *rotocol (T)*+,*) component has chosen is not already in use! ,f the address is in use- the ,nternet *rotocol (T)*+,*) component chooses another ,*v1 address and repeats this process for up to 00 addresses! When the ,nternet *rotocol (T)*+,*) component has chosen an address that the DD)* client has verified as not in use- the ,nternet *rotocol (T)*+,*) component confi$ures the interface with this address! With "*,*"- users on sin$le.su#net Small ?ffice+Dome ?ffice (S?D?) networ s can use T)*+,* without havin$ to perform manual confi$uration or set up a DD)* server! "*,*" does not confi$ure a default $ateway! Therefore- only local su#net traffic is possi#le! 5KKUser on!igured ,f you choose this option- the ,nternet *rotocol (T)*+,*) component uses the confi$uration that you specify! This option is useful when a computer is used on more than one networ - not all of the networ s have a DD)* server- and an "*,*" confi$uration is not wanted! /or e'ample- you mi$ht want to choose this option if you have a laptop computer that you use #oth at the office and at home! "t the office- the laptop uses a T)*+,* confi$uration from a DD)* server! "t home- where no DD)* server is present- the laptop automatically uses the alternate manual confi$uration! This option provides easy access to home networ devices and the ,nternet and allows seamless operation on #oth networ s- without re%uirin$ you to manually reconfi$ure the ,nternet *rotocol (T)*+,*) component! ,f you specify an "*,*" confi$uration or an alternate manual confi$uration- the ,nternet *rotocol (T)*+,*) component continues to chec for a DD)* server in the #ac $round every E minutes! ,f T)*+,* finds a DD)* server- it stops usin$ the "*,*" or alternate manual confi$uration and uses the ,*v1 address confi$uration offered #y the DD)* server! 'anual on!iguration To confi$ure the ,nternet *rotocol (T)*+,*) component manually- also nown as creatin$ a static confi$uration- you must at a minimum assi$n the followin$: 5KKIP address "n ,* (,*v1) address is a lo$ical 32.#it address that is used to identify the interface of an ,*v1.#ased T)*+,* node! 6ach ,*v1 address has two parts: the su#net prefi' and the host ,D! The su#net prefi' identifies all hosts that are on the same physical networ ! The host ,D identifies a host on the networ ! 6ach interface on an ,*v1.#ased T)*+,* networ re%uires a uni%ue ,*v1 address- such as 030!00G!2!200! 0F

Active Director & DNS Setup 5KKSubnet mas7 " su#net mas allows the ,nternet *rotocol (T)*+,*) component to distin$uish the su#net prefi' from the host ,D! "n e'ample of a su#net mas is 2EE!2EE!2EE!0! @ou must confi$ure these parameters for each networ adapter in the node that uses the ,nternet *rotocol (T)*+,*) component! ,f you want to connect to nodes #eyond the local su#net- you must also assi$n the ,*v1 address of a default $ateway- which is a router on the local su#net to which the node is attached! The ,nternet *rotocol (T)*+,*) component sends pac ets that are destined for remote networ s to the default $ateway- if no other routes are confi$ured on the local host! @ou can also manually confi$ure the ,*v1 addresses of primary and alternate DNS servers! The ,nternet *rotocol (T)*+,*) component uses DNS servers to resolve names- such as www!e'ample!com- to ,*v1 or ,*vF addresses! /i$ure 0.1 shows an e'ample of a manual confi$uration for the ,nternet *rotocol (T)*+,*) component!

Figure 1-# "n exa ple of a

anual configuration for the Internet Protocol (TCP/IP)

@ou can also manually confi$ure the ,nternet *rotocol (T)*+,*) usin$ netsh inter!ace ip commands at a command prompt!

Installing and

on!iguring the IPv:-based T P8IP omponent in %indo"s

Windows N* with Service *ac 0 (S*0) and Windows Server 2003 are the first versions of Windows to support ,*vF for production use! @ou install ,*vF as a component in Networ )onnections7 the component is named Microsoft T)*+,* Iersion F in Windows Server 2003 and Microsoft ,*vF Developer 6dition in Windows N* with S*0! Note The Microsoft ,*vF Developer 6dition component included in Windows N* with no service pac s was intended for application developers only- not for use in production environments! Therefore- all of the Delp topics for that version contain a disclaimer descri#in$ its limitations and supported uses! S*0 includes a version of ,*vF that is intended for production use! Dowever- the Delp topics were not updated for S*0! Therefore- you can disre$ard the disclaimer if you have installed S*0! <nli e the ,nternet *rotocol (T)*+,*) component- the ,*vF component is not installed #y default- and you can uninstall it! @ou can install the ,*vF component in the followin$ ways: 5KK<sin$ the Networ )onnections folder! 5KK<sin$ the netsh inter!ace ipv: install command! To install the ,*vF component in Windows Server 2003 usin$ the Networ )onnections folder- do the followin$: 0! )lic Start- point to ontrol Panel- and then dou#le.clic Net"or7 onnections! 0G

Active Director & DNS Setup


2! =i$ht .clic any local area connection- and then clic Properties! 3! )lic Install! 1! ,n the Select Net"or7 omponent Type dialo$ #o'- clic Protocol- and then clic Add! E! ,n the Select Net"or7 Protocol dialo$ #o'- clic 'icroso!t T P8IP 0ersion :- and then clic

+6! F! )lic lose to save chan$es! <nli e ,nternet *rotocol (T)*+,*)- the ,*vF component has no properties dialo$ #o' from which you can confi$ure ,*vF addresses and settin$s! )onfi$uration should #e automatic for ,*vF hosts and manual for ,*vF routers! Automatic on!iguration The Microsoft T)*+,* Iersion F component supports address auto confi$uration! "ll ,*vF nodes automatically create uni%ue ,*vF addresses for use #etween nei$h#orin$ nodes on a su#net! To reach remote locations- each ,*vF host upon startup sends a =outer Solicitation messa$e in an attempt to discover the local routers on the su#net! "n ,*vF router on the su#net responds with a =outer "dvertisement messa$e- which the ,*vF host uses to automatically confi$ure ,*vF addresses- the default router- and other ,*vF settin$s! 'anual on!iguration @ou do not need to confi$ure the typical ,*vF host manually! ,f a host does re%uire manual confi$uration- use the netsh inter!ace ipv: commands to add addresses or routes and confi$ure other settin$s! ,f you are confi$urin$ a computer runnin$ Windows N* with S*0 or Windows Server 2003 to #e an ,*vF router- then you must use the netsh inter!ace ipv: commands to manually confi$ure the ,*vF component with address prefi'es!

hapter Glossary
address 3 "n identifier that specifies the source or destination of ,* pac ets and that is assi$ned at the ,* layer to an interface or set of interfaces! "*,*" 3 See "utomatic *rivate ,* "ddressin$! "utomatic *rivate ,* "ddressin$ 3 " feature in Windows Server 2003 and Windows N* that automatically confi$ures a uni%ue ,*v1 address from the ran$e 0FC!2E1!0!0 throu$h 0FC!2E1!2EE!2E1 and a su#net mas of 2EE!2EE!0!0! "*,*" is used when the ,nternet *rotocol (T)*+,*) component is confi$ured for automatic addressin$- no DD)* server is availa#le- and the "utomatic *rivate ,* "ddress alternate confi$uration option is chosen! host 3 " node that is typically the source and a destination of ,* traffic! Dosts silently discard received pac ets that are not addressed to an ,* address of the host! interface 3 The representation of a physical or lo$ical attachment of a node to a su#net! "n e'ample of a physical interface is a networ adapter! "n e'ample of a lo$ical interface is a tunnel interface that is used to send ,*vF pac ets across an ,*v1 networ ! ,* 3 /eatures or attri#utes that apply to #oth ,*v1 and ,*vF! /or e'ample- an ,* address is either an ,*v1 address or an ,*vF address! ,*v1 3 The ,nternet layer protocols of the T)*+,* protocol suite as defined in =/) GC0! ,*v1 is in widespread use today! ,*vF 3 The ,nternet layer protocols of the T)*+,* protocol suite as defined in =/) 21F0! ,*vF is $ainin$ acceptance today! 9"N se$ment 3 " portion of a su#net that consists of a sin$le medium that is #ounded #y #rid$es or 9ayer 2 switches! nei$h#or 3 " node that is connected to the same su#net as another node!

0H

Active Director & DNS Setup networ 3 Two or more su#nets that are connected #y routers! "nother term for networ internetwor ! node 3 "ny device- includin$ routers and hosts- which runs an implementation of ,*! pac et 3 The protocol data unit (*D<) that e'ists at the ,nternet layer and comprises an ,* header and payload! =e%uest for )omments (=/)) . "n official document that specifies the details for protocols included in the T)*+,* protocol suite! The ,nternet 6n$ineerin$ Tas /orce (,6T/) creates and maintains =/)s for T)*+,*! =/) 3 See =e%uest for )omments (=/))! router 3 " node that can #e a source and destination for ,* traffic and can also forward ,* pac ets that are not addressed to an ,* address of the router! ?n an ,*vF networ - a router also typically advertises its presence and host confi$uration information! su#net 3 ?ne or more 9"N se$ments that are #ounded #y routers and that use the same ,* address prefi'! ?ther terms for su#net are networ se$ment and lin ! T)*+,* 3 See Transmission )ontrol *rotocol+,nternet *rotocol (T)*+,*)! Transmission )ontrol *rotocol+,nternet *rotocol (T)*+,*) 3 " suite of networ in$ protocolsincludin$ #oth ,*v1 and ,*vF- that are widely used on the ,nternet and that provide communication across interconnected networ s of computers with diverse hardware architectures and various operatin$ systems! upper.layer protocol 3 " protocol a#ove ,* that uses ,* as its transport! 6'amples of upper.layer protocols include ,nternet layer protocols such as the ,nternet )ontrol Messa$e *rotocol (,)M*) and Transport layer protocols such as the Transmission )ontrol *rotocol (T)*) and <ser Data$ram *rotocol (<D*)! is

D, P
Dynamic Dost )onfi$uration *rotocol (DD)*) is an ,* standard desi$ned to reduce the comple'ity of administerin$ address confi$urations #y usin$ a server computer to centrally mana$e ,* addresses and other related confi$uration details used on your networ ! The Microsoft Windows Server 2003 family provides the DD)* service- which ena#les the server computer to perform as a DD)* server and confi$ure DD)*.ena#led client computers on your networ as descri#ed in the current DD)* draft standard- =/) 2030! (=e%uest for )omments (=/)) "n official document of the ,nternet 6n$ineerin$ Tas /orce (,6T/) that specifies the details for protocols included in the T)*+,* family! DD)* includes Multicast "ddress Dynamic )lient "ssi$nment *rotocol (M"D)"*) which is used to perform multicast address allocation! When re$istered clients are dynamically assi$ned ,* addresses throu$h M"D)"*- they can participate efficiently in the data stream process- such as for real.time video or audio networ transmissions! 2efore installin$ a DD)* or M"D)"* server To install a DD)* server ?pen %indo"s omponents %i&ard! <nder )omponents- scroll to and clic Net"or7ing Services! )lic Details! <nder Su#components of Networ in$ Services- clic Dynamic ,ost on!iguration Protocol )D, P*2 and then clic +6; )lic Ne(t! ,f prompted- type the full path to the Windows Server 2003 distri#ution files- and then clic Ne(t; 0C

Active Director & DNS Setup =e%uired files are copied to your hard dis ! Notes To open the Windows )omponents Wi(ard- clic Start- clic ontrol Panel- dou#le.clic Add or 1emove Programs- and then clic Add81emove %indo"s omponents! DD)* servers must #e confi$ured with a static ,* address!

Net"or7 onnections
Network Connections provides connectivity between your computer and the Internet, a network, or another computer. With Network Connections, you can configure settings to reach local or remote network resources or functions. Network Connections combines Microsoft Windows NT version .! "ial#$p Networking with features that were formerly located in the Network Control %anel, such as network protocol and service configuration. &ach connection in the Network Connections folder contains a set of features that creates a link between your computer and another computer or network. 'y using Network Connections, performing a task, such as modifying a network protocol, is as easy as right#clicking a connection and then clicking Properties.

About Net"or7 onnections


Network Connections provides connectivity between your computer and the Internet, a network, or another computer. With Network Connections, you can gain access to network resources and functionality, whether you are physically located at the location of the network or in a remote location. Connections are created, configured, stored, and monitored from within the Network Connections folder.

Hardware requirements for network and dial-up connections


"epending on your configuration, you may need some or all of the following hardware(

)ne or more network adapters with a Network "river Interface *pecification +N"I*, driver for -.N connectivity )ne or more compatible modems and an available C)M port I*"N adapter +if you are using an I*"N line, "*- adapter /.01 adapter or %." +if you are using /.01, .nalog telephone line, I*"N line, /.01 line, or "*- line *mart card reader Wireless adapter
20

Active Director & DNS Setup

Using local area connections


Typically, computers running Windows are connected to a local area network +-.N,. When you install Windows, your network adapter is detected, and a local area connection is created. It appears, like all other connection types, in the Network Connections folder. 'y default, a local area connection is always activated. . local area connection is the only type of connection that is automatically created and activated. If you disable your local area connection, the connection is no longer automatically activated. 'ecause your hardware profile remembers this, it accommodates your location# based needs as a mobile user. 2or e3ample, if you travel to a remote sales office and use a separate hardware profile for that location that does not enable your local area connection, you do not waste time waiting for your network adapter to time out. The adapter does not even try to connect. If your computer has more than one network adapter, a local area connection icon for each adapter is displayed in the Network Connections folder. &3amples of -.N connections include &thernet, token ring, cable modems, "*-, 2""I, I% over .TM, Ir". +Infrared,, wireless, and .TM#emulated -.Ns. &mulated -.Ns are based on virtual adapter drivers such as the -.N &mulation %rotocol. If changes are made to your network, you can modify the settings of an e3isting local area connection to reflect those changes. The General tab of the Local Area Connection Status dialog bo3 allows you to view connection information such as connection status, duration, speed, signal strength, amounts of data transmitted and received, and any diagnostic tools available for a particular connection. The Support tab contains information on(

The address type which indicates how the address was assigned. 2or e3ample the TC%4I% address is assigned by "5C%. The I% address currently assigned for the session. The I% subnet mask for the I% address currently assigned for the session. The default gateway address of the I% device that allows access to other protocols.

The Support tab also has a Details button that displays detailed information about the properties of the network connection. This includes the addresses of dependent e3ternal devices. If you install a new -.N adapter in your computer, the ne3t time you start your computer, a new local area connection icon appears in the Network Connections folder. %lug and %lay functionality finds the network adapter and creates a local area connection for it. If you are using a laptop computer, you can add a %C card while the computer is on. %lug and %lay will identify the new card without you having to restart your laptop computer. The local area connection icon is immediately added to the folder. 6ou cannot manually add local area connections to the Network Connections folder. 6ou can configure multiple -.N adapters through the Advanced Settings menu option. 6ou can modify the order of adapters that are used by a connection, and the associated
20

Active Director & DNS Setup

clients, services, and protocols for the adapter. 6ou can modify the provider order in which this connection gains access to information on the network, such as networks and printers. 6ou configure the device a connection uses, and all of the associated clients, services, and protocols for the connection, through the Properties menu option. Clients define the access of the connection to computers and files on your network. *ervices provide features such as file and printer sharing. %rotocols, such as T)*+,*, define the language your computer uses to communicate with other computers. "epending on the status of your local area connection, the icon changes appearance in the Network Connections folder, or a separate icon appears in the taskbar. If a -.N adapter is not detected by your computer, a local area connection icon does not appear in the Network Connections folder.

22