[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: DNS and Active Directory

Okay, please don't rip my head off here for asking a MS question, but I
figured I would get a slightly less biased answer here. That being
We are upgrading our Exchange 5.5 server to Exchange 2003. We are a
mixed shop with Linux and Windows. (There are numerous other systems,
mostly of the *nix variety) While I tried to edge them to use
Communitgate Pro, Contact, or OpenExchange, they decided there would be
less impact on users if we stayed with Exchange.
Now comes my issues, I feel like Alice falling down the rabbit hole
here. In reading the docs for Exchange 2003, it says it needs Active
Directory. Great, so now I have to learn Active Directory and futz with
that. Now I am setting up Active Directory, flying by the seat of my
pants, and it says that it wants its own DNS server in order to work
properly. All my DNS servers are Linux based.
Can Active Directory work with Linux based DNS? I thought I recalled a
few of you saying you had Exchange 2000/2003 running, just wanted to
know how you did it.
Any help would be appreciated.

Edward M. Croft
Sr. Systems Engineer
Open Ratings, Inc.
200 West Street
Waltham, MA 02451-1121

Hi Edward,

Actually the answer is both yes and no. Yes, you can make Bind 9 work with Active Directory, but it will not resolve NetBIOS names, which Active Directory requires for file/print sharing. When you set up an Active Directory domain controller, it requires an Active Directory enabled DNS server, something Bind cannot do. Active Directory has hidden objects in the DNS records that don't appear in the zone files because they are embedded in the registry. Also, to find a domain controller to authenticate Windows clients, you must have SRV resource records in the zone, something Bind 9 supports but I've never tried it so I can't say how well it works.

Another issue you will face is the matter of broadcast storms from browse master elections. Domain controllers win those elections when they exist, but every new client starting up forces a new browse master election. You can limit this by using Samba and set the "OS level" value to 65 or greater and the Samba server will win all the elections, and then you can use Samba's WINS server to handle your workstation browse requests.

I would try to make the Exchange Server a domain controller and a DNS server. This would reduce the amount of traffic created by the Exchange server and its clients since they use DNS and not WINS. For file and Print sharing I would use Samba, and make the Samba server use the Active Directory server to authenticate the Windows clients. You didn't say whether you have Win9x or NT4 or < clients, but these require mixed mode for Active Directory to work with them as they don't support Active Directory in native mode.

Microsoft's approach to open standards is called "embrace and extend," which is another way to make an open standard a Microsoft proprietary architecture. This makes cross platform networking a series of stubborn obstacles and causes network engineers to loose their hair. I've been doing this stuff for 13 years, so if you have any other questions, please feel free to email me directly and we can continue this without filling the group with Microsoft protocol issues.


Thomas S. Fortner
Burleson, Texas
thomas fortner sbcglobal net
"but we preach Christ crucified..."  1 Corinthians 1:23

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]