Understanding WS Domain and DNS

https://kb.blackbaud.com/knowledgebase/articles/Article/38187 - What is a Domain and a Domain Controller?

https://community.spiceworks.com/t/linking-your-windows-domain-and-your-website-domain/828181

https://support.cloudshare.com/hc/en-us/articles/360035332172-Active-Directory-Domain-Creation-in-Windows-Server-2016-Standard

• A logical group of network objects (computers, users, devices) that share a centralized directory database

• Managed by Active Directory Domain Services (AD DS) on Windows Server

• Provides single sign-on - users log in once to access all domain resources

• Domain Name: Like company.local or corp.contoso.com

• Domain Database: Stores all user accounts, computer accounts, security groups, and policies

• Trust Relationships: Allow users from one domain to access resources in another

• Organizational Units (OUs): Containers within a domain for organizing and managing objects

• A Windows Server that runs Active Directory Domain Services (AD DS)

• Authenticates users and computers when they log into the domain

• Stores the Active Directory database

• Enforces security policies across the domain

• Replicates directory changes to other domain controllers

• Authentication: Verifies usernames/passwords

• Authorization: Determines what resources users can access

• Replication: Syncs changes with other DCs

• Group Policy: Applies and enforces security settings

• FSMO Roles: Special roles like PDC Emulator, RID Master, Schema Master

DNS in AD

• Active Directory is completely dependent on DNS to function

• Computers use DNS to locate domain controllers and other AD services

• Without proper DNS, users cannot log in or find domain resources

How AD Uses DNS:

1. SRV Records
   • Special DNS records that help computers find domain controllers
   • Examples: _ldap._tcp.domain.com, _kerberos._tcp.domain.com
   • When a computer needs to authenticate, it queries DNS for these SRV records

2. AD-Integrated DNS Zones
   • DNS zones stored directly in Active Directory
   • Replicate automatically with AD replication

3. Dynamic DNS Updates
   • Domain computers automatically register their own DNS records
   • Domain controllers register multiple SRV records for various services
   • Keeps DNS synchronized with current network state

GENERAL CONFIG (FULL INSTALLATION IN OTHER SECTION)

1. Domain Join Process:
   • Computer queries DNS for domain controller SRV records
   • DNS returns list of available DCs
   • Computer contacts DC to join domain
   • DC creates computer account in AD
   • Computer registers its own DNS record

2. User Login Process:
   • User enters credentials at workstation
   • Workstation queries DNS for domain controller
   • DNS provides DC location via SRV records
   • Workstation contacts DC for authentication
   • DC validates credentials and provides access token

3. Name Resolution:
   • Domain uses DNS namespace (like company.local)
   • Every domain object has a DNS name
   • Computers use DNS to resolve names to IP addresses
   • Example: server01.company.local → 192.168.1.10

DNS Setup

• Install DNS on all domain controllers

• Use AD-integrated zones for auto-replication

• Point all domain computers to DC for DNS

• Set up forwarders for internet resolution

• Never use external DNS (8.8.8.8) as primary

Domain Controllers

• Minimum 2 DCs for redundancy

• Place in different locations when possible

• Use static IP addresses

• Configure DNS before DC promotion

• Sync time for Kerberos

DNS Records

• A Record - hostname to IP

• SRV Record - finds domain controllers

• PTR Record - reverse lookup

• CNAME - hostname aliases

• NS Record - identifies DNS servers