Data
Reader small image

You're reading from  Active Directory Administration Cookbook - Second Edition

Product typeBook
Published inJul 2022
PublisherPackt
ISBN-139781803242507
Edition2nd Edition
Concepts
Identity Management
Right arrow
Author (1)
Sander Berkouwer
Sander Berkouwer
author image
Sander Berkouwer

Sander Berkouwer calls himself an Active Directory aficionado; he's done everything with Active Directory and Azure AD, including decommissioning. He has been MCSA, MCSE, and MCITP-certified for ages, an MCT for the past 5 years and a Microsoft Most Valuable Professional (MVP) on Directory Services and Enterprise Mobility for over a decade. Sander is also decorated with Veeam Vanguard and VMware vExpert awards for his international cross-platform knowledge, experience and passion. As the CTO at SCCT, Sander leads a team of architects performing many projects, most of them identity-related, throughout Europe.
Read more about Sander Berkouwer

Right arrow

Chapter 9: Managing DNS

The Domain Name System (DNS) is an essential service on the internet. It also plays a vital role in Active Directory. DNS offers name resolution, which enables people to navigate functionality based on names instead of IP addresses. It also enables systems to find functionality, such as domain controllers.

Misconfigured DNS records, DNS zones, and DNS servers could result in the loss of functionality, unintentional information disclosure, and an increased vulnerability toward Meddler-in-the-Middle (MitM) attacks. Domain-joined systems use DNS records to locate domain controllers. Domain controllers delegate privileges based on serviceprincipalnames values, which, in turn, are also based on DNS names.

Most domain controllers also offer DNS, but this is not necessary. In many complex networking infrastructures, DNS is not offered by domain controllers but by dedicated DNS servers and dedicated appliances.

The following recipes are covered in this chapter...

Managing the DNS server role on domain controllers

This recipe covers the necessary steps to add and remove the DNS server role from domain controllers.

Getting ready

Sign in with an account that has local administrator privileges on the domain controller.

How to do it…

Managing the DNS server role on the domain controllers consists of three steps:

  1. Modifying the primary and secondary DNS server addresses on the network interface card(s)
  2. Restarting the Netlogon service
  3. Removing the DNS server role

Modifying the primary and secondary DNS server addresses on the network interface card(s)

DNS is vital to Active Directory, as most, if not all, Active Directory services rely on name resolution. The DNS server addresses configured in the domain controller's Network Interface Card (NIC) settings allow name resolution for reachability. They also allow the replication of objects within Active Directory among other required services.

To change...

Creating a DNS zone

The basis of DNS is DNS zones. This recipe shows you how to create a DNS zone.

Getting ready

This recipe is applicable to DNS servers running on domain controllers, domain-joined servers, and standalone Windows Server installations. However, these scenarios require different group memberships to gain the administrator privileges that you need to perform the steps in this recipe:

  • On a DNS server that runs as a domain controller, sign in with an account that has memberships with the DNSAdmins, Administrators, Domain Admins, and/or Enterprise Admins Active Directory groups.
  • On a DNS server that is either domain-joined or standalone, sign in with an account with membership to the local Administrators group.

How to do it…

To create a DNS zone, perform the following steps:

  1. Press Start.
  2. Search for dnsmgmt.msc and click the corresponding search result to run it. The DNS Manager window appears.
  3. In the left-hand navigation...

Managing the DNS zone properties

This recipe shows how to change the DNS zone properties.

Getting ready

This recipe is applicable to DNS servers running on domain controllers, domain-joined servers, and standalone Windows Server installations. However, these scenarios require different group memberships to gain the administrator privileges you need to perform the steps in this recipe:

  • On a DNS server that runs as a domain controller, sign in with an account that has memberships with the DNSAdmins, Administrators, Domain Admins, and/or Enterprise Admins Active Directory groups.
  • On a DNS server that is either domain-joined or standalone, sign in with an account with membership to the local Administrators group.

How to do it…

To manage a DNS zone, perform the following steps:

  1. Press Start.
  2. Search for dnsmgmt.msc and click the corresponding search result to run it. The DNS Manager window appears.
  3. In the left-hand navigation pane, expand...

Deleting a DNS zone

This recipe shows how to delete a DNS zone.

Getting ready

This recipe is applicable to DNS servers running on domain controllers, domain-joined servers, and standalone Windows Server installations. However, these scenarios require different group memberships to gain the administrator privileges you need to perform the steps in this recipe:

  • On a DNS server that runs as a domain controller, sign in with an account that has memberships with the DNSAdmins, Administrators, Domain Admins, and/or Enterprise Admins Active Directory groups.
  • On a DNS server that is either domain-joined or standalone, sign in with an account with membership to the local Administrators group.

How to do it…

To delete a DNS zone, perform the following steps:

  1. Press Start.
  2. Search for dnsmgmt.msc and click the corresponding search result to run it. The DNS Manager window appears.
  3. In the left-hand navigation pane, expand the DNS server's name...

Creating a DNS record

An empty DNS zone allows locating domain controllers along with name resolutions for the domain name. In many organizations, other systems and services rely on DNS to be located. For this purpose, create DNS records inside the DNS zone. This recipe shows how to create a DNS record.

Getting ready

To create a DNS record, delegated permissions on the DNS zones in which to create the DNS record are needed. By default, membership to the Administrators group provides access to standalone DNS zones. For Active Directory-integrated zones, delegation can be configured for DNS zones beyond the default DNSAdmins, Administrators, Domain Admins, and/or Enterprise Admins Active Directory groups to allow the management of DNS records.

How to do it…

To create a DNS record for a DNS zone, perform the following steps:

  1. Press Start.
  2. Search for dnsmgmt.msc and click the corresponding search result to run it. The DNS Manager window appears:
...

Deleting a DNS record

This recipe shows how to delete a DNS record.

Getting ready

To delete a DNS record, you need delegated permissions on the DNS zones from which you want to delete the DNS record. By default, membership to the Administrators group provides access to standalone DNS zones. For Active Directory-integrated zones, delegation can be configured for DNS zones beyond the default DNSAdmins, Administrators, Domain Admins, and/or Enterprise Admins Active Directory groups to allow you to manage DNS records.

How to do it…

To delete a DNS record for a DNS zone, perform the following steps:

  1. Press Start.
  2. Search for dnsmgmt.msc and click its corresponding search result to run it. The DNS Manager window appears.
  3. In the left-hand navigation pane, expand the DNS server's name.
  4. Expand the Forward Lookup Zones or Reverse Lookup Zones node that you wish to delete a DNS record from.
  5. On the main pane, right-click the DNS record you want to...

Verifying the domain controller SRV DNS records

This recipe shows how to check whether a domain controller registers its SRV DNS records.

Getting ready

The steps in this recipe require access to the C:\ drive of a domain controller. To complete the steps in this recipe, sign in with an account that is a member of any of the Server Operators, Administrators, Domain Admins, or Enterprise Admins Active Directory groups.

How to do it…

To check whether a domain controller registers its SRV DNS records, perform the following steps:

  1. Press Start.
  2. Open File Explorer by searching for its name. Alternatively, you can search for its executable (explorer.exe) in the Start menu or use the Run... option in the Start menu to run the executable directly. The File Explorer window appears.
  3. Navigate to C:\Windows\system32\Config.
  4. Double-click the netlogon.dns file. Notepad opens with the file, as follows:

Figure 9.8 – The typical...

Creating a DNS conditional forwarder

For an Active Directory trust, hosts in one Active Directory domain or forest need to be able to resolve names in another Active Directory domain or forest, and vice versa. For this purpose, you can create conditional forwarders in DNS.

Create conditional forwarders on a domain controller in each Active Directory domain or forest.

Getting ready

This recipe is applicable to DNS servers running on domain controllers, domain-joined servers, and standalone Windows Server installations. However, these scenarios require different group memberships to gain the administrator privileges that you need to perform the steps in this recipe:

  • On a DNS server that runs as a domain controller, sign in with an account that has memberships with the DNSAdmins, Administrators, Domain Admins, and/or Enterprise Admins Active Directory groups.
  • On a DNS server that is either domain-joined or standalone, sign in with an account with membership to the...
lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 10 of 18
Next Chapter
You have been reading a chapter from
Active Directory Administration Cookbook - Second Edition
Published in: Jul 2022Publisher: PacktISBN-13: 9781803242507
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Sander Berkouwer

Sander Berkouwer calls himself an Active Directory aficionado; he's done everything with Active Directory and Azure AD, including decommissioning. He has been MCSA, MCSE, and MCITP-certified for ages, an MCT for the past 5 years and a Microsoft Most Valuable Professional (MVP) on Directory Services and Enterprise Mobility for over a decade. Sander is also decorated with Veeam Vanguard and VMware vExpert awards for his international cross-platform knowledge, experience and passion. As the CTO at SCCT, Sander leads a team of architects performing many projects, most of them identity-related, throughout Europe.
Read more about Sander Berkouwer

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages