DNS and Active Directory
Thomas Fortner
thomas.fortner at sbcglobal.net
Thu Mar 18 16:47:54 UTC 2004
Okay, please don't rip my head off here for asking a MS question, but I
figured I would get a slightly less biased answer here. That being
said....
We are upgrading our Exchange 5.5 server to Exchange 2003. We are a
mixed shop with Linux and Windows. (There are numerous other systems,
mostly of the *nix variety) While I tried to edge them to use
Communitgate Pro, Contact, or OpenExchange, they decided there would be
less impact on users if we stayed with Exchange.
Now comes my issues, I feel like Alice falling down the rabbit hole
here. In reading the docs for Exchange 2003, it says it needs Active
Directory. Great, so now I have to learn Active Directory and futz with
that. Now I am setting up Active Directory, flying by the seat of my
pants, and it says that it wants its own DNS server in order to work
properly. All my DNS servers are Linux based.
Can Active Directory work with Linux based DNS? I thought I recalled a
few of you saying you had Exchange 2000/2003 running, just wanted to
know how you did it.
Any help would be appreciated.
--
Edward M. Croft
Sr. Systems Engineer
Open Ratings, Inc.
200 West Street
Waltham, MA 02451-1121
Hi Edward,
Actually the answer is both yes and no. Yes, you can make Bind 9 work
with Active Directory, but it will not resolve NetBIOS names, which
Active Directory requires for file/print sharing. When you set up an
Active Directory domain controller, it requires an Active Directory
enabled DNS server, something Bind cannot do. Active Directory has
hidden objects in the DNS records that don't appear in the zone files
because they are embedded in the registry. Also, to find a domain
controller to authenticate Windows clients, you must have SRV resource
records in the zone, something Bind 9 supports but I've never tried it
so I can't say how well it works.
Another issue you will face is the matter of broadcast storms from
browse master elections. Domain controllers win those elections when
they exist, but every new client starting up forces a new browse master
election. You can limit this by using Samba and set the "OS level" value
to 65 or greater and the Samba server will win all the elections, and
then you can use Samba's WINS server to handle your workstation browse
requests.
I would try to make the Exchange Server a domain controller and a DNS
server. This would reduce the amount of traffic created by the Exchange
server and its clients since they use DNS and not WINS. For file and
Print sharing I would use Samba, and make the Samba server use the
Active Directory server to authenticate the Windows clients. You didn't
say whether you have Win9x or NT4 or < clients, but these require mixed
mode for Active Directory to work with them as they don't support Active
Directory in native mode.
Microsoft's approach to open standards is called "embrace and extend,"
which is another way to make an open standard a Microsoft proprietary
architecture. This makes cross platform networking a series of stubborn
obstacles and causes network engineers to loose their hair. I've been
doing this stuff for 13 years, so if you have any other questions,
please feel free to email me directly and we can continue this without
filling the group with Microsoft protocol issues.
Tom
Thomas S. Fortner
Burleson, Texas
thomas.fortner at sbcglobal.net
"but we preach Christ crucified..." 1 Corinthians 1:23
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-list/attachments/20040318/e99b08e5/attachment.htm>
More information about the redhat-list
mailing list