ADS Active Directory Service (Farsi User Guide)
Resource: Windows 2000 Server Resource kit Distributed Systems Guide

> Part 1 > Name Resolution in Active Directory > Locating Active Directory Servers > Domain Controller Name Registration

Domain Controller Name Registration

این قسمت بدلیل مهم بودنش به دو زبان وجود دارد در پایین می توانید ترجمه آن را مشاهده کنید

Every Windows 2000–based domain controller registers two types of names at startup:
  • A DNS domain name with the DNS service (for example, noam.reskit.com).
  • A NetBIOS name with Windows Internet Name Service (WINS) or another transport-specific service (for example, noam).

When a user starts a computer and logs on to a domain, the computer must do one of two things:

  • If the name of the logon domain is a DNS name, the computer must query DNS to find a domain controller with which to authenticate.
  • If the name of the logon domain is a NetBIOS name, the computer must send a mailslot message to find a domain controller for the specified domain.

After the computer has found a domain controller, the information is cached so that a new query is not required for subsequent logon sessions.

DNS Domain Name Registration

Active Directory supports dynamic registration of domain controller addresses in DNS. After Active Directory has been installed during domain controller creation, the Net Logon service dynamically creates records in the DNS database that are used to locate the server. Dynamic update (described in Request for Comments (RFC) 2136) is a recent addition to the DNS standard; this addition to the standard defines a protocol for dynamically updating a DNS server with new or changed resource record values. Before the advent of this new protocol, administrators had to manually create the records that are stored on DNS servers. The implementation of DNS server that is included with Windows 2000 supports dynamic updates, as does the Berkeley Internet Name Domain (BIND) version 8.x implementation of DNS. (For more information about BIND DNS, see "Windows 2000 DNS" in the TCP/IP Core Networking Guide.)

Every Windows 2000–based domain controller dynamically registers service records (SRV records) in DNS, which allow servers to be located by service type (for example, LDAP) and protocol (for example, Transmission Control Protocol [TCP]). Because domain controllers are LDAP servers that communicate over TCP, SRV records can be used to find the DNS computer names of domain controllers. In addition to registering LDAP-specific SRV records, Net Logon also registers Kerberos v5 authentication protocol–specific SRV records to enable locating servers that run the Kerberos Key Distribution Center (KDC) service. (For more information about the Kerberos v5 authentication protocol and the KDC, see "Authentication" in this book.)

Every Windows 2000–based domain controller also dynamically registers a single host resource record (an A resource record), which contains the name of the domain (DnsDomainName) where the domain controller is and the IP address of the domain controller. The A resource record makes it possible for clients that do not recognize SRV records to locate a domain controller by means of a generic host lookup.

You can disable the Net Logon registration of an A resource record that maps the Active Directory domain name to the IP address of the domain controller. For example, if a Web server registers the same name as the name of an Active Directory domain, you do not want non-Web servers to register A resource records for this name. Otherwise, if the Web browser located the domain controller instead of the Web server, the browser would receive the message that the site for which it was searching was not found. In another example, if a mail server is not enabled to do mail exchanger (MX) resource record lookup and, therefore, relies on A resource records for DNS lookup, the names that are used for mail servers must not be identical to the names that are used by other services, such as Active Directory.

To disable Net Logon registration of the A record for a domain controller

  1. On the Start menu, click Run.
  2. Type regedt32.exe or regedit.exe, and then click OK.
  3. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    \Netlogon\Parameters.
  4. If the entry exists, double-click the DnsRegisterARecords entry.
  5. In the DWORD Editor dialog box (in Regedt32.exe) or the Edit DWORD Value (in Regedit.exe), type 0 in the text box, and then click OK.
  6. If the entry does not exist, create the entry as follows:
    • In Regedt32.exe, on the Edit menu, click Add Value.

    In the Value Name box, type DnsRegisterARecords.

    In the Data Type drop-down list box, click REG_DWORD, and then click OK.

    In the DWORD Editor dialog box, type 0 in the Data box, and then click OK.

    – Or –

    • In Regedit.exe, on the Edit menu, click New.

    Click DWORD Value.

    Type DnsRegisterARecords for the value name. A value of 0 is assigned automatically.

  7. Close the registry editor.
Caution

Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. There are programs available in Control Panel or Microsoft Management Console (MMC) for performing most administrative tasks. These programs provide safeguards that prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Registry editors bypass the standard safeguards that are provided by these administrative tools. Modifying the registry is recommended only when no administrative tool is available. Before you make changes to the registry, it is recommended that you back up any valuable data on the computer. For instructions about how to edit registry entries, see Help for the registry editor that you are using. For more information about the registry, see the Microsoft Windows 2000 Resource Kit Technical Reference to the Windows 2000 Registry (Regentry.chm).

NetBIOS Domain Name Registration

A domain controller registers its NetBIOS name (DomainName[1C]) by broadcasting or directing a NetBIOS name registration request to a NetBIOS name server, such as a WINS server. Registering the NetBIOS name makes it possible for Windows-based clients that are not DNS-enabled to find the domain controllers that are running Windows 2000, Windows NT 4.0, or Windows NT 3.51. In this case, the client finds the domain controller by sending a Net Logon mailslot request that is based on the NetBIOS domain name.

 

در تمامی Windows 2000 سیستم ها به بعد در زمان Boot شدن از دو روش می توانند برای Name Resolution و Name Registration استفاده کنند .

  • A DNS domain name with the DNS service (for example, noam.reskit.com).
  • A NetBIOS name with Windows Internet Name Service (WINS) or another transport-specific service (for example, noam).

زمانی که User می خواهد Log On کند به یک Domain بعد از Boot شدن سیستمش  یکی از این دو راه را استفاده می کند .

  • If the name of the logon domain is a DNS name, the computer must query DNS to find a domain controller with which to authenticate.

  • If the name of the logon domain is a NetBIOS name, the computer must send a mailslot message to find a domain controller for the specified domain.

در اینجا یا باید از DNS استفاده کند و یا از ترافیک NetBIOS استفاده کند برای پیداکردن DC و Joined شدن به Domain مورد نظر .

زمانی که سیستم به Domain وصل شد اطلاعات Cache می شوند و برای ارتباط بعدی یا Log On بعدی نیازی به ارسال Query های بالا ندارد .

 
DNS Domain Name Registration

ADS می تواند بصورت Dynamic اطلاعات را بر روی DNS ذخیره کند و این عمل توسط Net Logon Service انجام می شود .

در اینجا منظور همان بحث Dynamic Update می باشد

تمامی Domain Controller ها بصورت Dynamic  بر روی DNS رکورد SRV را Register یا ثبت می کنند .

این رکورد برای مشخص کردن مواردی همچون استفاده از سرویس LDAP برای Domain Controller و نیز مشخص کردن TCP Port مد نظر می باشد

می دانیم که DC از LDAP Service  از طریق TCP Port استفاده می کند SRV این امکان را می دهد برای  پیدا کردن DNS Name یک DC .

کلا SRV Recoard برای مشخص کردن نوع سرویسهایی می باشد که یک سرور می تواند بدهد برای پیدا کردن سرویسهای مختلف در شبکه از این رکورد استفاده می شود .

Net Logon Service همیشه Register  می کند اطلاعات مربوط به  سیستمی که Kerberos v5 Service برروی آن نصب می باشد

در واقع همان سیستمی که سرویس KDC بر روی آن نصب می باشد که همان Active Directory سرور ما می باشد .

این SRV می باشد که مشخص می کند کدام سرویس بر روی کدام سرور یا آدرس وجود دارد و  بر روی کدام Port.

تمامی Win2k  که DC می باشند بصورت Dynamic رکورد A Resource Record را بر روی DNS ثبت می کنند .

که در بر دارد DnsDomainName مربوط به خود آن DC.و همچنین IP Address مربوطه نیز وجود دارد .

Client ها از A Resource Record استفاده می کنند و از SRV می توانند استفاده کنند بصورت مستقیم برای دسترسی به DC.

در قسمت بعد بشتر با SRV آشنا می شویم .و نیز رابطه Client ها با SRV و Net Logon Service.

NetBIOS Domain Name Registration

در زمانی که DNS وجود نداشته باشد یا Client از DNS استفاده نکند سیستم از NetBIOS Traffic استفاده می کند

که یا بصورت Broadcast یا بصورت Direct انجام می شود و یا در حالت دوم از طریق WINS انجام می شود برای بدست آوردن یا پیدا کردن نام DC.

Name Type Usage
00 Unique Workstation
00 Group Domain
01 Unique Messenger Service
01 Group Master Browser
03 Unique Logon Name/Computer Name /Messenger Service
20 Unique Server  
2F Group Lotus Notes
33 Group Lotus Notes
1B Unique Domain Master Browser
1C Group Domain Controllers
1E Group Browser Service Elections

Table 1 Explanations of NetBIOS Types

NetBIOS recognizes domain controllers by the [1C] registration.For more information about registering names with WINS, see "Windows Internet Name Service" in the TCP/IP Core Networking Guide.

 

ADS Active Directory Service (Farsi User Guide)

LastUpdate:2005/06/16

> Part 1 > Name Resolution in Active Directory > Locating Active Directory Servers > Domain Controller Name Registration