If we consider Active Directory Domain Services (AD DS) to be the most common and central role in making our Microsoft-centric networks function, then the DNS and DHCP roles slide in at numbers two and three. I am yet to meet an admin who has chosen to deploy a new domain without deploying DNS at the same time, and every network has a need for DHCP whether or not that service is provided by a Windows server. Either of these roles could be served by something other than a traditional server. There are other companies and even appliances that exist to provide DNS within a corporate network, which has some advantages and some disadvantages. Regarding DHCP, there are plenty of options for providing that service outside of the Windows world, as most firewalls and even switches are capable of also being DHCP "servers" in a network. Although the preceding sentences are true, in reality, the majority of internal DNS and DHCP services for companies around the world are...

Domain Name System (DNS) is similar to Active Directory in that it is a structured database that is often stored on domain controller servers and distributed automatically around your network to other domain controller/DNS servers. Where an AD database contains information about the domain objects themselves, DNS is responsible for storing and resolving all of the names on your network. What do I mean by names? Whenever a user or computer tries to contact any resource by calling for a name, DNS is the platform responsible for turning that name into something else in order to get the traffic to the correct destination. You see, the way that traffic gets from the client to the server is via networking, and typically via the TCP/IP stack, using an IP address to get to its destination. When I open an application on my computer to access some data that resides on a server, I could configure the application so that it communicates directly to my server by using the server...

Having installed our DNS role on a server in the network, we can start using it to create DNS records, which resolve names to their corresponding IP addresses, or other pieces of information needed in order to route our traffic around the network. Assuming that you are working in a domain network, you may be pleasantly surprised to see that a number of records already exist inside DNS, even though you haven't created any of them. When you are running Active Directory and DNS together, the domain-join process that you take with your computers and servers self-registers a DNS record during that process, which means creating a DNS record for each new server or computer is not something that you need to remember to accomplish.

I have not yet created any DNS records in my new lab environment, not purposefully anyway, and yet when I open the DNS Manager console from inside the Tools menu of Server Manager, I can see a handful of records...

In all of our lab configurations, screenshots, and examples you will notice that domains we create on the internal network always end with .local. This is purposeful and is best practice. Public DNS zones, as you well know, can end in a myriad of ways. Websites or services that live on the internet may end with .com, .org, .edu, .biz, .info, .tech, .construction—the list goes on and on. These are known as top-level domains, and the creative use of such DNS suffixes should remain on the internet and away from our internal DNS zones.

Now, many of you may already work in corporate environments where your internal DNS is configured as something other than a .local, and so you already realize that internal domains can certainly be configured as one of these other suffixes. For example, Microsoft.com is obviously one of the public domains that Microsoft owns, and they could very well also have used Microsoft.com as an internal DNS zone too. In fact, it could even...

You are now familiar with creating different types of DNS records, but that information is only going to enable you to create new records inside of an existing DNS zone. At present in our test lab, we have only one DNS zone available to us, contoso.local, which was created automatically when we built the contoso.local domain. As of right now, computers who are using one of my contoso.local domain controllers as their DNS server are only able to look up DNS records that I have plugged into my DNS zone.

With DNS Server provided by Windows Server 2019, you can certainly build out many different DNS zones, to increase name resolution capabilities in your network. There are plenty of different reasons why you might want to create additional DNS zones, and you should understand what types of zones are available to implement. Let's take a minute and discuss the different types of zones available to us.

Active Directory Integrated Zones

This is not a zone...

IP addresses on your network are sort of like home addresses on your street. When you want to send a package to someone, you write their address on the front of the package and set it in the mailbox. In the same way, when your computer wants to send data to a server or another device on a network, each of those devices has an IP address that is used for the delivery of those packets. We know that DNS is responsible for telling the machines which name resolves to which IP address, but how do those IP addresses get put into place on the servers and computers in the first place?

Static addressing is simply the process of configuring IP addresses on your system manually, using your own hands as the configuration tool to plug all of your IP address information into the NIC settings on that device. While this is a quick and easy way to get network traffic flowing between a few endpoints, by giving them each an IP address, it is not scalable. We do often statically...

So far in the new Windows Server 2019 lab environment I have been building, I have been statically assigning IP addresses to all of the servers that are being built. This is starting to get old and is hard to keep track of. When the first domain controller was configured, I installed the DHCP role onto it but haven't told it to start doing anything yet. What does a DHCP server need to start handing out IP addresses? It needs to know what IP addresses, subnet mask, default gateway, and DNS server addresses are within your network so that it can package that up and start handing the information out to the computers who request it. This package of information inside the DHCP server is called a DHCP scope. Once we define our scope, the DHCP server will start handing out IP addresses from that scope to our new servers and computers that do not already have static addresses defined.

Once again, we need to launch a management tool on our Windows Server...

Assigning IP addresses from a big pool of available ones is great, but these address leases are subject to expiry and change. This means that a computer that has 10.10.10.100 today might receive 10.10.10.125 tomorrow. Typically, this is fine from a desktop computer perspective, as they don't generally care what IP address they have. Client computers are usually reaching outward on the network, but other devices are rarely trying to find and contact them. What if you have a more permanent fixture in your network, like a Windows server, but you don't want to have to deal with statically addressing this server? Another great example of such a device is a printer that is connected to your network. Some printers don't even have an interface from which you could assign a static IP address, and once your printer gets a DHCP address you typically want that address to remain the same throughout the printer's life, because you'll...

Never too much of a good thing? Just like the creation of multiple domain controller servers creates good redundancy for Active Directory, the DHCP servers in your network can be tied together into a failover pair to create their own form of high availability. While it is true that the DHCP server role often happens to co-exist alongside the AD DS and DNS roles, this is not a requirement. You already know that it is easy to store DNS zones right inside Active Directory so there is automatic replication of zone information, but this mentality is not true of DHCP scopes.

DHCP is a useful tool inside domain environments, or outside of domain environments. As such, it is not as tightly integrated a role as DNS. So when we create DHCP failover, we need to take a more manual approach, and whether or not the DHCP role happens to be hosted on top of a domain controller makes no difference.

Two DHCP servers

In a DHCP server failover environment, two DHCP servers can...

The IP Address Management (IPAM) feature built into Windows Server 2019 is overlooked by many server administrators because it is a feature and not a full-blown role inside Windows. IPAM is a technology that allows centralized monitoring and management of DHCP and DNS in your environment. If all of your infrastructure is sitting inside one building, it is easy enough to simply use the DNS and DHCP management tools from any server or workstation in your network and have full control over both of those technologies. But how about larger and enterprise-class networks that span many locations, each with its own sets of DNS and DHCP servers? IPAM is useful for gathering up all of those differing namespaces and scopes and providing access to them from one interface.

Let's install the IPAM feature in my lab so you have an idea of where to start, should you choose to employ this feature. Begin by choosing a server upon which you want to install IPAM, and simply walk through...

The Microsoft core stack of infrastructure technologies generally consists of Active Directory, DNS, and DHCP—and often you will find all three of these housed on the same servers. Understanding these technologies and knowing how to utilize their associated toolsets is an essential part of any server administrator's life. As a manager in an IT company, I will tell you with surety that having a grasp on this will greatly improve your chances of finding that sysadmin role you've been seeking.

I hope these last two chapters have been beneficial to your overall understanding of the ways that companies make use of Windows Server technology and have given you something to help prepare for IT life in a business setting. Next, we turn to another baked-in component of any Active Directory-focused environment, but one that is often underutilized. Group Policy is an amazingly powerful tool that can be used to enhance security and create automation inside any domain...

1. What kind of DNS record directs email flow?
2. Which type of DNS record resolves a name to an IPv6 address?
3. Which DNS zone type resolves IP addresses backward into hostnames?
4. What DHCP option is often used for VoIP phone provisioning?
5. Which mode of DHCP failover is often used between branch offices and a primary site?
6. What is the standard recommendation and default setting for Maximum Client Lead Time when configuring load balanced DHCP failover?
7. Which Windows Server roles can IPAM tap into?