Riordan
By: Jon • Essay • 1,019 Words • May 5, 2010 • 858 Views
Riordan
Today’s enterprise networks are more and more likely to be Windows based or at the very least have large Windows components coexisting with other network operating systems (NOS) such as the many UNIX/Linux variants, or Novell’s NetWare. Since the time that Microsoft began offering Windows NT Server version 3.51 through today’s Windows 2003 Server and its upcoming successor, codenamed “Longhorn”, the job of centralized network authentication and administration has been built around Microsoft’s domain network architecture.
Over the years Microsoft’s domain architecture has changed and evolved significantly. The introduction of Active Directory has eclipsed the older Primary Domain Controller (PDC) and Backup Domain Controller (BDC) model used prior to the introduction of Windows 2000 Server. The role of the domain in Microsoft’s current network schema can be defined as “a logical group of computers characterized by centralized authentication and administration” (DiNicolo, 2004, p. 10). Today’s modern Microsoft domain architecture often utilizes the concept of multiple domains. Examples of the usage of multiple domains can be found in the design of Windows 2000 and 20003 network infrastructure. It is often necessary and more efficient to create multiple domains to reflect different departments within an organization or to reflect different geographic locations within a company. The addition of multiple domains can assist with the improving of replication performance between domain controller Active Directory databases as well as assisting in the administration of differing security policies. When multiple domains are used, Microsoft terminology describes the actual network architecture schema in terms of Forests and Trees (DiNicolo, 2004, p. 28). A typical Microsoft network architecture planning process is shown in the following diagram (Figure 1) found in the Microsoft TechNet article entitled Creating a Forest Design.
Figure 1: Creating a Forest Design - Microsoft TechNet: http://technet2.microsoft.com/windowsserver/en/library/0e40afb5-4504-4990-b579-052abe6bc5991033.mspx?mfr=true. (2003)
The implementation of Microsoft’s Active Directory can also assist in actually reducing the number of domains used in a given Microsoft based network. In the more recent implementations of Microsoft’s domain model, all network objects such as computers, printers, users, groups, Microsoft Exchange mail accounts and other related network components are all stored in Microsoft’s Active Directory (DiNicolo, 2004, p. 24-25). Active Directory can minimize the number of domains required as compared to past Microsoft domain architecture examples by providing a central repository for network authentication and administration which is capable of replicating its data to other domain controllers within the network using the process known as multimaster replication (DiNicolo, 2004, p 25). This process allows a domain controller to replicate its Active Directory database to other domain controllers within the network. This process also enables users at other locations within the network to authenticate and use the same network resources as other users who are physically closer to the primary domain. In addition, the Dcpromo wizard allows for other Windows 2003 servers within the network to be promoted to the status of domain controller containing an identical copy of the Active Directory database as well as the established network Domain Name Server (DNS) database and zones in the case of possible failure of other domain controllers within the network. This capability further enhances the security of the Windows 2003 network architecture by providing a layer of redundancy which enhances the ease of administration as well as lessening the need for additional domains (Wright, 2004, p.270-271).
Dynamic Domain Name Server Service (DDNS) was an enhancement in network Internet Protocol (IP) and host addressing brought on with the advent of Windows 2000 and Windows 2003 Server. This process allows for a method in which Domain Name Server (DNS) records are created automatically as opposed to manual creation by a network administrator. When a Windows 2000 or Windows XP client logs into a Windows 2000 or 2003 domain, they contact the network domain DNS server and automatically create a hostname and IP address which is registered with the DNS server records even when Dynamic Host Configuration Protocol