namespace and DNS architecture to support it, and then revising the ADS and DNS design if unforeseen, or undesirable consequences are uncovered.
The Windows 2000 Active Directory Namespace Design white paper describes the ADS namespace, including the forest and tree domain structure, organizational units, the global catalog, trust relationships, and replication. It then provides examples of namespace implementations and describes the architectural criteria that network architects and administrators should consider when designing an Active Directory namespace for the Enterprise. By following the recommendations in that paper, the Enterprise network architect should be able to design a namespace that is capable of withstanding company reorganizations without expensive restructuring.
Some of the fundamental DNS design questions that need to be answered are:
•How many Active Directory domains will you have?
•What will their names be?
•Will your DNS namespace have a private root?
•What will your computer names be?
Choosing Names
In Windows 2000, Active Directory domains are named with DNS names. When choosing DNS names to use for your Active Directory domains, identify the registered DNS domain name suffix that your company has reserved for use on the Internet, such as ‘company.com.’. It is recommended that you use different internal and external namespaces to simplify name resolution process. So, you could use internally (and as a forest root) a registered DNS suffix different from the external one, like “comp.com.”, or subdomain of the external domain, like “corp.company.com.”. You can then combine this name with a location or organizational name used within your company to form full names for your Active Directory domains, for example “hr.corp.company.com.”. This method of naming ensures that each Active Directory domain name is globally unique.
Once you have decided on DNS names for each of your Active Directory domains, you can use these names as parents for creating additional child domains to further manage other divisions within your company. Child domains must have DNS names that are immediately subordinate to their parent’s DNS name. For example, if a child domain were to be added in the ”us.corp.company.com.” tree for the human resources department in the American branch of the company, an appropriate name for that domain might be “hr.us.corp.company.com.”
Internet Access Considerations
Typically, a company namespace consists of two portions: private and public. The private one is a portion invisible from the outside world, while the public one is exposed to the Internet. Here the names that form the private and public namespaces are referred to as internal and external, respectively. Even though the private names are not exposed to the Internet, repetition of any external names (not only from the company, but from the Internet in general) in the private namespace is
Windows 2000 White Paper | 46 |
