Вы находитесь на странице: 1из 22

Active Director & DNS Setup

Active Directory & DNS Setup

This document can help you implement Domain Name System (DNS) on Microsoft
Windows Server 2003 on a small networ! DNS is the main way that Windows Server 2003
translates computer names to networ addresses! "n "ctive Directory #ased domain controller
also can act as a DNS server that re$isters the names and addresses of computers in the domain
and then provides the networ address of a mem#er computer when %ueried with the computer&s
This $uide e'plains how to set up DNS on a simple networ consistin$ of a sin$le domain!
Domain Name System Step-by-Step Guide
Domain Name System (DNS) is a system for namin$ computers and networ services that
or$ani(es them into a hierarchy of domains! DNS namin$ is used on T)*+,* networs- such as the
,nternet- to locate computers and services #y usin$ user.friendly names! When a user enters the
DNS name of a computer in an application- DNS can loo up the name and provide other
information associated with the computer- such as its ,* address or services that it provides for the
networ! This process is called name resolution!
Name systems such as DNS mae it easier to use networ resources #y providin$ users a way to
refer to a computer or service #y a name that is easy to remem#er! DNS loos up that name and
provides the numeric address that operatin$ systems and applications re%uire to identify the
computer on a networ! /or e'ample- users enter www!microsoft!com instead of the server&s
numeric ,* address to identify the Microsoft We# server on the ,nternet!
DNS re%uires little on$oin$ maintenance for small and medium.si(ed #usinesses- which typically
have one to four DNS servers (lar$er medium.si(ed or$ani(ations usually have #etween four and
01 DNS servers)! DNS pro#lems- however- can affect availa#ility for your entire networ! Most
DNS pro#lems arise #ecause of DNS settin$s that are incorrectly confi$ured! 2y followin$ the
procedures in this $uide- you can avoid such pro#lems when you deploy DNS in a simple Microsoft
Windows Server 20033#ased networ!
This $uide e'plains how to install and confi$ure a #asic DNS implementation in a networ that
consists of a sin$le new "ctive Directory4 domain! ,t then addresses some advanced topics that
medium.si(ed or$ani(ations mi$ht need to consider! /inally- it includes some #asic DNS
trou#leshootin$ steps you can tae if you suspect your environment is havin$ pro#lems with DNS!
In This Guide
5 *lannin$ DNS
5 ,nstallin$ and )onfi$urin$ "ctive Directory and DNS
5 )onfi$urin$ DNS )lient Settin$s (DNS Step.#y.Step)
5 "dvanced DNS )onfi$uration (DNS Step.#y.Step)
Active Director & DNS Setup
5 Trou#leshootin$ DNS (DNS Step.#y.Step)
Planning DNS
DNS is the primary method for name resolution in the Microsoft Windows Server 2003- Standard
6dition7 Windows Server 2003- 6nterprise 6dition7 and Windows Server 2003- Datacenter 6dition
operatin$ systems (collectively referred to as 8Windows Server 20038 in this $uide)! DNS is a
re%uirement for deployin$ the "ctive Directory directory service! ,nte$ratin$ DNS with "ctive
Directory ena#les DNS servers to tae advanta$e of the security- performance- and fault tolerance
capa#ilities of "ctive Directory!
Typically- you or$ani(e your DNS namespace (the association of domains- su#domains- and
hosts) in a way that supports how you plan to use "ctive Directory to or$ani(e the computers on
your networ!
Understanding the DNS Namespace
DNS is a hierarchical namin$ system! " DNS name includes the names of all of the DNS
namespaces that it #elon$s to! The followin$ illustration shows how the DNS namespace is
The DNS namespace #e$ins with a lo$ical root domain that is not named- partly #ecause it is
implicit in all DNS names! The root domain in turn contains a limited num#er of su#domains that
Active Director & DNS Setup
help or$ani(e the DNS namespace! These su#domains are called top.level domains (T9Ds)
#ecause they are the hi$hest.level or most inclusive part of the DNS namespace that people use!
The names of these top.level domains are either functional or $eo$raphical!
/unctional top.level domains su$$est the purpose of the or$ani(ation that has re$istered a
su#domain in the top.level domain! Some of the most common functional top.level domain names
5 The !com top.level domain- which is usually used to re$ister DNS domain names that
#elon$ to commercial entities- such as corporations!
5 The !edu top.level domain- which is most often used #y educational institutions- such as
colle$es and pu#lic and private schools!
5 The !$ov top.level domain- which is used #y $overnment entities- includin$ federal- state-
and local $overnments!
5 The !net top.level domain- which is often used #y or$ani(ations that provide ,nternet
services- such as ,nternet service providers (,S*s)!
5 The !or$ top.level domain- which is typically used for private- nonprofit or$ani(ations!
;eo$raphical top.level domains indicate the country or re$ion where the or$ani(ation that
re$istered the domain is located! /or e'ample- an or$ani(ation that wants to emphasi(e that it is
located in )anada would re$ister its ,nternet domain name in the !ca top.level domain- while an
or$ani(ation that wants to show that it is #ased in 2ra(il would re$ister its ,nternet domain name in
the !#r top.level domain!
Most or$ani(ations that want to have an ,nternet presence- such as for a We# site or sendin$ and
receivin$ e.mail- re$ister an ,nternet domain name that is a su#domain of a top.level domain!
<sually they choose a su#domain name #ased on their or$ani(ation&s name- such as contoso!com
or microsoft!com! =e$isterin$ an ,nternet domain name reserves the name for the e'clusive use of
the or$ani(ation and confi$ures DNS servers on the ,nternet to provide the appropriate ,nternet
*rotocol (,*) address when they are %ueried for that name! ,n other words- it creates the
e%uivalent of a telephone directory entry for the ,nternet domain name! 2ut instead of providin$ a
telephone num#er for the name- it provides the ,* address that a computer re%uires to access the
computers in the re$istered domain!
The DNS namespace is not limited to >ust the pu#licly re$istered ,nternet domain names!
?r$ani(ations that have networs with their own DNS servers can create domains for their internal
use! "s the ne't section e'plains- these internal DNS namespaces can #e- #ut are not re%uired to
#e- su#domains of a pu#lic ,nternet domain name!
Designing a DNS Namespace
@ou can desi$n an e'ternal namespace that is visi#le to ,nternet users and computers- and you
can also desi$n an internal namespace that is accessi#le only to users and computers that are
within the internal networ!
?r$ani(ations that re%uire an ,nternet presence as well as an internal namespace must deploy
#oth an internal and an e'ternal DNS namespace and mana$e each namespace separately! ,n this
case- it is recommended that you mae your internal domain a su#domain of your e'ternal
domain! <sin$ an internal domain that is a su#domain of an e'ternal domain:
Active Director & DNS Setup
5 =e%uires you to re$ister only one name with an ,nternet name authority even if you later
decide to mae part of your internal namespace pu#licly accessi#le!
5 6nsures that all of your internal domain names are $lo#ally uni%ue!
5 Simplifies administration #y ena#lin$ you to administer internal and e'ternal domains
5 "llows you to use a firewall #etween the internal and e'ternal domains to secure your
DNS deployment!
/or e'ample- an or$ani(ation that has an e'ternal domain name of contoso!com mi$ht use the
internal domain name corp!contoso!com!
@ou can use your internal domain as a parent for additional child domains that you create to
mana$e divisions within your company- in cases where you are deployin$ an "ctive Directory
domain for each division! )hild domain names are immediately su#ordinate to the domain name of
the parent! /or e'ample- a child domain for a manufacturin$ division that is added to the
us!corp!contoso!com namespace mi$ht have the domain name manu!us!corp!contoso!com!
reating an Internet DNS Domain Name
"n ,nternet DNS domain name is composed of a top.level domain name (such as !com- !or$- or
!edu) and a uni%ue su#domain name chosen #y the domain owner! /or e'ample- a company
named )ontoso )orporation would pro#a#ly choose contoso!com as its ,nternet domain name!
When you have selected your ,nternet DNS domain- conduct a preliminary search of the ,nternet to
confirm that the DNS domain name that you selected is not already re$istered to another
or$ani(ation! ,f you do not find that your domain name is already re$istered to another
or$ani(ation- contact your ,nternet service provider (,S*) to confirm that the domain name is
availa#le and to help you re$ister your domain name! @our ,S* will pro#a#ly set up a DNS server
on its own networ to host the DNS (one for your domain name- or it mi$ht help you set up a DNS
server on your networ for this purpose!
reating Internal DNS Domain Names
/or your internal domains- create names relative to your re$istered ,nternet DNS domain name!
/or e'ample- if you have re$istered the ,nternet DNS domain name contoso!com for your
or$ani(ation- use a DNS domain name such as corp!contoso!com for the internal fully %ualified
DNS domain name and use )?=* as the Net2,?S name!
,f you are deployin$ DNS in a private networ and do not plan to create an e'ternal namespace-
you should nevertheless consider re$isterin$ the DNS domain name that you create for your
internal domain! ,f you do not re$ister the name and later attempt to use it on the ,nternet- or
connect to a networ that is connected to the ,nternet- you mi$ht find that the name is unavaila#le!
reating DNS omputer Names
,t is important to develop a practical DNS computer.namin$ convention for computers on your
networ! This ena#les users to remem#er the names of computers on pu#lic and private networs
easily- and therefore facilitates access to networ resources!
Active Director & DNS Setup
<se the followin$ $uidelines when creatin$ names for the DNS computers in your Windows
Server 2003 DNS infrastructure:
5 Select computer names that are easy for users to remem#er!
5 ,dentify the owner of a computer in the computer name! /or e'ample- >ohn.doe indicates
that Aohn Doe uses the computer- and pu#s.server indicates that the computer is a server that
#elon$s to the *u#lications department!
5 "lternatively- select names that descri#e the purpose of the computer! /or e'ample- a file
server named past.accounts.0 indicates that the file server stores information related to past
5 Do not use character case to convey the owner or purpose of a computer! DNS is not
5 Match the "ctive Directory domain name to the primary DNS suffi' of the computer name!
The primary DNS suffi' is the part of the DNS name that appears after the host name!
5 <se uni%ue names for all computers in your or$ani(ation! Do not assi$n the same
computer name to different computers in different DNS domains!
5 <se "S),, characters to ensure interopera#ility with computers runnin$ versions of
Windows earlier than Windows 2000! /or DNS computer names- use only the characters "3B-
a3(- 03C- and the hyphen (.)!
Installing and on!iguring Active Directory and DNS
When you create a new domain- the "ctive Directory ,nstallation Wi(ard installs DNS on the server
#y default! This ensures that DNS and "ctive Directory are confi$ured properly for inte$ration with
each other!
2efore you install "ctive Directory and DNS on the first domain controller server in a new
domain- ensure that the ,* address of the server is static- meanin$ it is not assi$ned #y
Dynamic Dost )onfi$uration *rotocol (DD)*)! DNS servers must have static addresses to
ensure that they can #e located relia#ly!
To install DNS "ith Active Directory in a ne" domain#
Active Director & DNS Setup
0! )lic Start- point to Administrative tools- and then clic on!igure $our Server
2! ?n the 'anage $our Server pa$e- clic Add or remove a role!
3! ?n the on!igure $our Server %i&ard pa$e- clic Ne(t!
1! )lic Domain ontroller )Active Directory* and then clic Ne(t!
E! ?n the %elcome to the Active Directory Installation %i&ard pa$e- clic Ne(t!
F! ?n the +perating System ompatibility pa$e- read the information and then clic
,f this is the first time you have installed "ctive Directory on a server runnin$ Windows
Server 2003- clic ompatibility ,elp for more information!
G! ?n the Domain ontroller Type pa$e- clic Domain controller !or a ne" domain
and then clic Ne(t!
H! ?n the reate Ne" Domain pa$e- clic Domain in a ne" !orest and then clic
C! ?n the Ne" Domain Name pa$e- type the full DNS name (such as
corp!contoso!com) for the new domain- and then clic Ne(t!
00! ?n the Net-I+S Domain Name pa$e- verify the Net2,?S name (for e'ample-
)?=*)- and then clic Ne(t!
00! ?n the Database and .og /olders pa$e- type the location in which you want to
install the data#ase and lo$ folders- or clic -ro"se to choose a location- and then clic
Active Director & DNS Setup
02! ?n the Shared System 0olume pa$e- type the location in which you want to install
the S@SI?9 folder- or clic -ro"se to choose a location- and then clic Ne(t!
Active Director & DNS Setup
03! ?n the DNS 1egistration Diagnostics pa$e- clic Install and con!igure the DNS
server on this computer2 and set this computer to use this DNS server as its
pre!erred DNS server- and then clic Ne(t!
Active Director & DNS Setup
01! ?n the Permissions pa$e- select one of the followin$:
5 Permissions compatible "ith pre-%indo"s 3444 Server operating systems
5 Permissions compatible only "ith %indo"s 3444 or %indo"s Server 3445
operating systems
0E! ?n the Directory Services 1estore 'ode Administrator Pass"ord pa$e- type a
password that will #e used to lo$ on to the server in Directory Services =estore Mode-
confirm the password- and then clic Ne(t!
0F! =eview the Summary pa$e- and then clic Ne(t to #e$in the installation!
0G! "fter the "ctive Directory installation completes- clic +6 to restart the computer!
Active Director & DNS Setup
on!iguring DNS lient Settings )DNS Step-by-Step*
)onfi$ure the followin$ settin$s for each DNS client:
5 T)*+,* settin$s for DNS
5 Dost name and domain mem#ership
To con!igure DNS client settings
0! "t the computer that you are confi$urin$ to use DNS- clic Start- point to ontrol
Panel- and then clic Net"or7 onnections!
2! =i$ht.clic the networ connection that you want to confi$ure- and then clic
3! ?n the General ta#- clic Internet Protocol )TP8IP*- and then clic Properties!
1! ,f you want to o#tain DNS server addresses from a DD)* server- clic +btain DNS
server address automatically!
Active Director & DNS Setup
E! ,f you want to confi$ure DNS server addresses manually- clic Use the !ollo"ing
DNS server addresses- and in Pre!erred DNS server and Alternate DNS server- type
the ,nternet *rotocol (,*) addresses of the preferred DNS server and alternate DNS
F! )lic +6 to e'it!
,t is not necessary to restart the computer at this time if you intend to chan$e the
computer&s name or domain mem#ership in the followin$ steps!
G! ,n ontrol Panel- dou#le.clic System!
H! ?n the omputer Name ta#- clic hange!
C! ,n omputer name- type the name of the computer (the host name)!
00! )lic Domain- and then type the name of the domain you want the computer to >oin!
Active Director & DNS Setup
00! ,f omputer Name hanges appears- in User Name- type the domain name and
user name of an account that is allowed to >oin computers to the domain- and in
Pass"ord- type the password of the account! Separate the domain name and user name
with a #acslash (for e'ample- domainJusername)!
02! )lic +6 to close all dialo$ #o'es!
Active Director & DNS Setup
,istory o! TP8IP
Transmission )ontrol *rotocol+,nternet *rotocol (T)*+,*) is an industry standard suite of protocols
that is desi$ned for lar$e networs consistin$ of networ se$ments that are connected #y routers!
T)*+,* is the protocol that is used on the ,nternet- which is the collection of thousands of networs
worldwide that connect research facilities- universities- li#raries- $overnment a$encies- private
companies- and individuals!
The roots of T)*+,* can #e traced #ac to research conducted #y the <nited States Department of
Defense (DoD) "dvanced =esearch *ro>ects "$ency (D"=*") in the late 0CF0s and early 0CG0s!
The followin$ list hi$hli$hts some important T)*+,* milestones:
5KK,n 0CG0- "=*"N6T hosts started to use Networ )ontrol *rotocol (N)*)- a preliminary form of
what would #ecome the Transmission )ontrol *rotocol (T)*)!
5KK,n 0CG2- the Telnet protocol was introduced! Telnet is used for terminal emulation to connect
dissimilar systems! ,n the early 0CG0s- these systems were different types of mainframe
5KK,n 0CG3- the /ile Transfer *rotocol (/T*) was introduced! /T* is used to e'chan$e files #etween
dissimilar systems!
5KK,n 0CG1- the Transmission )ontrol *rotocol (T)*) was specified in detail! T)* replaced N)* and
provided enhanced relia#le communication services!
5KK,n 0CH0- the ,nternet *rotocol (,*) (also nown as ,* version 1 L,*v1M) was specified in detail! ,*
provides addressin$ and routin$ functions for end.to.end delivery!
5KK,n 0CH2- the Defense )ommunications "$ency (D)") and "=*" esta#lished the Transmission
)ontrol *rotocol (T)*) and ,nternet *rotocol (,*) as the T)*+,* protocol suite!
5KK,n 0CH3- "=*"N6T switched from N)* to T)*+,*!
5KK,n 0CH1- the Domain Name System (DNS) was introduced! DNS resolves domain names (such
as www!e'ample!com) to ,* addresses (such as 0C2!0FH!E!0H)!
5KK,n 0CCE- ,nternet service providers (,S*s) #e$an to offer ,nternet access to #usinesses and
5KK,n 0CCF- the Dyperte't Transfer *rotocol (DTT*) was introduced! The World Wide We# uses
5KK,n 0CCF- the first set of ,* version F (,*vF) standards were pu#lished!
TP8IP Terminology
The ,nternet standards use a specific set of terms when referrin$ to networ elements and
concepts related to T)*+,* networin$! These terms provide a foundation for su#se%uent
chapters! /ollowin$ fi$ure illustrates the components of an ,* networ!
)ommon terms and concepts in T)*+,* are defined as follows:
5KKNode "ny device- includin$ routers and hosts- which runs an implementation of ,*!
5KK1outer " node that can forward ,* pacets not e'plicitly addressed to itself! ?n an ,*vF networ-
a router also typically advertises its presence and host confi$uration information!
Active Director & DNS Setup
5KK,ost " node that cannot forward ,* pacets not e'plicitly addressed to itself (a non.router)! "
host is typically the source and the destination of ,* traffic! " host silently discards traffic that it
receives #ut that is not e'plicitly addressed to itself!
5KKUpper-layer protocol " protocol a#ove ,* that uses ,* as its transport! 6'amples include
,nternet layer protocols such as the ,nternet )ontrol Messa$e *rotocol (,)M*) and Transport layer
protocols such as the Transmission )ontrol *rotocol (T)*) and <ser Data$ram *rotocol (<D*)!
(Dowever- "pplication layer protocols that use T)* and <D* as their transports are not considered
upper.layer protocols! /ile Transfer *rotocol L/T*M and Domain Name System LDNSM fall into this
5KK.AN segment " portion of a su#net consistin$ of a sin$le medium that is #ounded #y #rid$es or
9ayer 2 switches!
5KKSubnet ?ne or more 9"N se$ments that are #ounded #y routers and use the same ,* address
prefi'! ?ther terms for su#net are networ se$ment and lin!
5KKNet"or7 Two or more su#nets connected #y routers! "nother term for networ is internetwor!
5KKNeighbor " node connected to the same su#net as another node!
5KKInter!ace The representation of a physical or lo$ical attachment of a node to a su#net! "n
e'ample of a physical interface is a networ adapter! "n e'ample of a lo$ical interface is a tunnel
interface that is used to send ,*vF pacets across an ,*v1 networ!
5KKAddress "n identifier that can #e used as the source or destination of ,* pacets and that is
assi$ned at the ,nternet layer to an interface or set of interfaces!
5KKPac7et The protocol data unit (*D<) that e'ists at the ,nternet layer and comprises an ,* header
and payload!
Windows includes #oth an ,*v1.#ased and an ,*vF.#ased T)*+,* component!
on!iguring the IPv9-based TP8IP omponent in %indo"s
Active Director & DNS Setup
The ,*v1.#ased T)*+,* component in Windows Server 2003 and Windows N* is installed #y
default and appears as the ,nternet *rotocol (T)*+,*) component in the Networ )onnections
folder! <nlie in previous versions of Windows- you cannot uninstall the ,nternet *rotocol (T)*+,*)
component! Dowever- you can restore its default confi$uration #y usin$ the netsh inter!ace ip
reset command! /or more information a#out Netsh commands!
The ,nternet *rotocol (T)*+,*) component can #e confi$ured to o#tain its confi$uration
automatically or from manually specified settin$s! 2y default- this component is confi$ured to
o#tain an address confi$uration automatically!
Figure 1-2 The General tab of the properties dialog box for the Internet Protocol (TCP/IP) coponent
Properties dialo$ #o'!
Automatic on!iguration
,f you specify automatic confi$uration- the ,nternet *rotocol (T)*+,*) component attempts to locate
a Dynamic Dost )onfi$uration *rotocol (DD)*) server and o#tain a confi$uration when Windows
Many T)*+,* networs use DD)* servers that are confi$ured to allocate T)*+,* confi$uration
information to clients on the networ
,f the ,nternet *rotocol (T)*+,*) component fails to locate a DD)* server- T)*+,* checs the
settin$ on the Alternate on!iguration ta#! /i$ure 0.3 shows this ta#!
Active Director & DNS Setup
Figure 1-! The "lternate Configuration tab of the Internet Protocol (TCP/IP) coponent
This ta# contains two options:
5KKAutomatic Private IP Address ,f you choose this option- "utomatic *rivate ,* "ddressin$
("*,*") is used! The ,nternet *rotocol (T)*+,*) component automatically chooses an ,*v1
address from the ran$e0FC!2E1!0!0 to 0FC!2E1!2EE!2E1- usin$ the su#net mas of 2EE!2EE!0!0!
The DD)* client ensures that the ,*v1 address that the ,nternet *rotocol (T)*+,*) component has
chosen is not already in use! ,f the address is in use- the ,nternet *rotocol (T)*+,*) component
chooses another ,*v1 address and repeats this process for up to 00 addresses! When the ,nternet
*rotocol (T)*+,*) component has chosen an address that the DD)* client has verified as not in
use- the ,nternet *rotocol (T)*+,*) component confi$ures the interface with this address! With
"*,*"- users on sin$le.su#net Small ?ffice+Dome ?ffice (S?D?) networs can use T)*+,*
without havin$ to perform manual confi$uration or set up a DD)* server! "*,*" does not confi$ure
a default $ateway! Therefore- only local su#net traffic is possi#le!
5KKUser on!igured ,f you choose this option- the ,nternet *rotocol (T)*+,*) component uses the
confi$uration that you specify! This option is useful when a computer is used on more than one
networ- not all of the networs have a DD)* server- and an "*,*" confi$uration is not wanted!
/or e'ample- you mi$ht want to choose this option if you have a laptop computer that you use #oth
at the office and at home! "t the office- the laptop uses a T)*+,* confi$uration from a DD)*
server! "t home- where no DD)* server is present- the laptop automatically uses the alternate
manual confi$uration! This option provides easy access to home networ devices and the ,nternet
and allows seamless operation on #oth networs- without re%uirin$ you to manually reconfi$ure the
,nternet *rotocol (T)*+,*) component! ,f you specify an "*,*" confi$uration or an alternate
manual confi$uration- the ,nternet *rotocol (T)*+,*) component continues to chec for a DD)*
server in the #ac$round every E minutes! ,f T)*+,* finds a DD)* server- it stops usin$ the "*,*"
or alternate manual confi$uration and uses the ,*v1 address confi$uration offered #y the DD)*
'anual on!iguration
To confi$ure the ,nternet *rotocol (T)*+,*) component manually- also nown as creatin$ a static
confi$uration- you must at a minimum assi$n the followin$:
5KKIP address "n ,* (,*v1) address is a lo$ical 32.#it address that is used to identify the interface of
an ,*v1.#ased T)*+,* node! 6ach ,*v1 address has two parts: the su#net prefi' and the host ,D!
The su#net prefi' identifies all hosts that are on the same physical networ! The host ,D identifies
a host on the networ! 6ach interface on an ,*v1.#ased T)*+,* networ re%uires a uni%ue ,*v1
address- such as 030!00G!2!200!
Active Director & DNS Setup
5KKSubnet mas7 " su#net mas allows the ,nternet *rotocol (T)*+,*) component to distin$uish the
su#net prefi' from the host ,D! "n e'ample of a su#net mas is 2EE!2EE!2EE!0!
@ou must confi$ure these parameters for each networ adapter in the node that uses the ,nternet
*rotocol (T)*+,*) component! ,f you want to connect to nodes #eyond the local su#net- you must
also assi$n the ,*v1 address of a default $ateway- which is a router on the local su#net to which
the node is attached! The ,nternet *rotocol (T)*+,*) component sends pacets that are destined
for remote networs to the default $ateway- if no other routes are confi$ured on the local host! @ou
can also manually confi$ure the ,*v1 addresses of primary and alternate DNS servers! The
,nternet *rotocol (T)*+,*) component uses DNS servers to resolve names- such as
www!e'ample!com- to ,*v1 or ,*vF addresses!
/i$ure 0.1 shows an e'ample of a manual confi$uration for the ,nternet *rotocol (T)*+,*)
Figure 1-# "n exaple of a anual configuration for the Internet Protocol (TCP/IP)
@ou can also manually confi$ure the ,nternet *rotocol (T)*+,*) usin$ netsh inter!ace ip
commands at a command prompt!
Installing and on!iguring the IPv:-based TP8IP omponent in %indo"s
Windows N* with Service *ac 0 (S*0) and Windows Server 2003 are the first versions of
Windows to support ,*vF for production use! @ou install ,*vF as a component in Networ
)onnections7 the component is named Microsoft T)*+,* Iersion F in Windows Server 2003 and
Microsoft ,*vF Developer 6dition in Windows N* with S*0!
Note The Microsoft ,*vF Developer 6dition component included in Windows N* with no service
pacs was intended for application developers only- not for use in production environments!
Therefore- all of the Delp topics for that version contain a disclaimer descri#in$ its limitations and
supported uses! S*0 includes a version of ,*vF that is intended for production use! Dowever- the
Delp topics were not updated for S*0! Therefore- you can disre$ard the disclaimer if you have
installed S*0! <nlie the ,nternet *rotocol (T)*+,*) component- the ,*vF component is not
installed #y default- and you can uninstall it! @ou can install the ,*vF component in the followin$
5KK<sin$ the Networ )onnections folder!
5KK<sin$ the netsh inter!ace ipv: install command!
To install the ,*vF component in Windows Server 2003 usin$ the Networ )onnections folder- do
the followin$:
0! )lic Start- point to ontrol Panel- and then dou#le.clic Net"or7 onnections!
Active Director & DNS Setup
2! =i$ht .clic any local area connection- and then clic Properties!
3! )lic Install!
1! ,n the Select Net"or7 omponent Type dialo$ #o'- clic Protocol- and then clic Add!
E! ,n the Select Net"or7 Protocol dialo$ #o'- clic 'icroso!t TP8IP 0ersion :- and then clic
F! )lic lose to save chan$es!
<nlie ,nternet *rotocol (T)*+,*)- the ,*vF component has no properties dialo$ #o' from which
you can confi$ure ,*vF addresses and settin$s! )onfi$uration should #e automatic for ,*vF hosts
and manual for ,*vF routers!
Automatic on!iguration
The Microsoft T)*+,* Iersion F component supports address auto confi$uration! "ll ,*vF nodes
automatically create uni%ue ,*vF addresses for use #etween nei$h#orin$ nodes on a su#net! To
reach remote locations- each ,*vF host upon startup sends a =outer Solicitation messa$e in an
attempt to discover the local routers on the su#net! "n ,*vF router on the su#net responds with a
=outer "dvertisement messa$e- which the ,*vF host uses to automatically confi$ure ,*vF
addresses- the default router- and other ,*vF settin$s!
'anual on!iguration
@ou do not need to confi$ure the typical ,*vF host manually! ,f a host does re%uire manual
confi$uration- use the netsh inter!ace ipv: commands to add addresses or routes and confi$ure
other settin$s!
,f you are confi$urin$ a computer runnin$ Windows N* with S*0 or Windows Server 2003 to #e an
,*vF router- then you must use the netsh inter!ace ipv: commands to manually confi$ure the
,*vF component with address prefi'es!
hapter Glossary
address 3 "n identifier that specifies the source or destination of ,* pacets and that is assi$ned at
the ,* layer to an interface or set of interfaces!
"*,*" 3 See "utomatic *rivate ,* "ddressin$!
"utomatic *rivate ,* "ddressin$ 3 " feature in Windows Server 2003 and Windows N* that
automatically confi$ures a uni%ue ,*v1 address from the ran$e 0FC!2E1!0!0 throu$h
0FC!2E1!2EE!2E1 and a su#net mas of 2EE!2EE!0!0! "*,*" is used when the ,nternet *rotocol
(T)*+,*) component is confi$ured for automatic addressin$- no DD)* server is availa#le- and the
"utomatic *rivate ,* "ddress alternate confi$uration option is chosen!
host 3 " node that is typically the source and a destination of ,* traffic! Dosts silently discard
received pacets that are not addressed to an ,* address of the host!
interface 3 The representation of a physical or lo$ical attachment of a node to a su#net! "n
e'ample of a physical interface is a networ adapter! "n e'ample of a lo$ical interface is a tunnel
interface that is used to send ,*vF pacets across an ,*v1 networ!
,* 3 /eatures or attri#utes that apply to #oth ,*v1 and ,*vF! /or e'ample- an ,* address is either
an ,*v1 address or an ,*vF address!
,*v1 3 The ,nternet layer protocols of the T)*+,* protocol suite as defined in =/) GC0! ,*v1 is in
widespread use today!
,*vF 3 The ,nternet layer protocols of the T)*+,* protocol suite as defined in =/) 21F0! ,*vF is
$ainin$ acceptance today!
9"N se$ment 3 " portion of a su#net that consists of a sin$le medium that is #ounded #y #rid$es
or 9ayer 2 switches!
nei$h#or 3 " node that is connected to the same su#net as another node!
Active Director & DNS Setup
networ 3 Two or more su#nets that are connected #y routers! "nother term for networ is
node 3 "ny device- includin$ routers and hosts- which runs an implementation of ,*!
pacet 3 The protocol data unit (*D<) that e'ists at the ,nternet layer and comprises an ,* header
and payload!
=e%uest for )omments (=/)) . "n official document that specifies the details for protocols
included in the T)*+,* protocol suite! The ,nternet 6n$ineerin$ Tas /orce (,6T/) creates and
maintains =/)s for T)*+,*!
=/) 3 See =e%uest for )omments (=/))!
router 3 " node that can #e a source and destination for ,* traffic and can also forward ,* pacets
that are not addressed to an ,* address of the router! ?n an ,*vF networ- a router also typically
advertises its presence and host confi$uration information!
su#net 3 ?ne or more 9"N se$ments that are #ounded #y routers and that use the same ,*
address prefi'! ?ther terms for su#net are networ se$ment and lin!
T)*+,* 3 See Transmission )ontrol *rotocol+,nternet *rotocol (T)*+,*)!
Transmission )ontrol *rotocol+,nternet *rotocol (T)*+,*) 3 " suite of networin$ protocols-
includin$ #oth ,*v1 and ,*vF- that are widely used on the ,nternet and that provide communication
across interconnected networs of computers with diverse hardware architectures and various
operatin$ systems!
upper.layer protocol 3 " protocol a#ove ,* that uses ,* as its transport! 6'amples of upper.layer
protocols include ,nternet layer protocols such as the ,nternet )ontrol Messa$e *rotocol (,)M*)
and Transport layer protocols such as the Transmission )ontrol *rotocol (T)*) and <ser
Data$ram *rotocol (<D*)!
Dynamic Dost )onfi$uration *rotocol (DD)*) is an ,* standard desi$ned to reduce the comple'ity
of administerin$ address confi$urations #y usin$ a server computer to centrally mana$e ,*
addresses and other related confi$uration details used on your networ! The Microsoft Windows
Server 2003 family provides the DD)* service- which ena#les the server computer to perform as a
DD)* server and confi$ure DD)*.ena#led client computers on your networ as descri#ed in the
current DD)* draft standard- =/) 2030! (=e%uest for )omments (=/))
"n official document of the ,nternet 6n$ineerin$ Tas /orce (,6T/) that specifies the details for
protocols included in the T)*+,* family!
DD)* includes Multicast "ddress Dynamic )lient "ssi$nment *rotocol (M"D)"*) which is used
to perform multicast address allocation! When re$istered clients are dynamically assi$ned ,*
addresses throu$h M"D)"*- they can participate efficiently in the data stream process- such as
for real.time video or audio networ transmissions!
2efore installin$ a DD)* or M"D)"* server
To install a DD)* server
?pen %indo"s omponents %i&ard!
<nder )omponents- scroll to and clic Net"or7ing Services!
)lic Details!
<nder Su#components of Networin$ Services- clic Dynamic ,ost on!iguration Protocol
)D,P*2 and then clic +6;
)lic Ne(t! ,f prompted- type the full path to the Windows Server 2003 distri#ution files- and then
clic Ne(t;
Active Director & DNS Setup
=e%uired files are copied to your hard dis!
To open the Windows )omponents Wi(ard- clic Start- clic ontrol Panel- dou#le.clic Add
or 1emove Programs- and then clic Add81emove %indo"s omponents!
DD)* servers must #e confi$ured with a static ,* address!
Net"or7 onnections
Network Connections provides connectivity between your computer and the Internet, a
network, or another computer. With Network Connections, you can configure settings to
reach local or remote network resources or functions.
Network Connections combines Microsoft Windows NT version .! "ial#$p Networking
with features that were formerly located in the Network Control %anel, such as network
protocol and service configuration. &ach connection in the Network Connections folder
contains a set of features that creates a link between your computer and another computer
or network. 'y using Network Connections, performing a task, such as modifying a
network protocol, is as easy as right#clicking a connection and then clicking Properties.
About Net"or7 onnections
Network Connections provides connectivity between your computer and the Internet, a
network, or another computer. With Network Connections, you can gain access to network
resources and functionality, whether you are physically located at the location of the
network or in a remote location. Connections are created, configured, stored, and
monitored from within the Network Connections folder.
Hardware requirements for network and dial-up connections
"epending on your configuration, you may need some or all of the following hardware(
)ne or more network adapters with a Network "river Interface *pecification
+N"I*, driver for -.N connectivity
)ne or more compatible modems and an available C)M port
I*"N adapter +if you are using an I*"N line,
"*- adapter
/.01 adapter or %." +if you are using /.01,
.nalog telephone line, I*"N line, /.01 line, or "*- line
*mart card reader
Wireless adapter
Active Director & DNS Setup
Using local area connections
Typically, computers running Windows are connected to a local area network +-.N,.
When you install Windows, your network adapter is detected, and a local area connection
is created. It appears, like all other connection types, in the Network Connections folder.
'y default, a local area connection is always activated. . local area connection is the only
type of connection that is automatically created and activated.
If you disable your local area connection, the connection is no longer automatically
activated. 'ecause your hardware profile remembers this, it accommodates your location#
based needs as a mobile user. 2or e3ample, if you travel to a remote sales office and use a
separate hardware profile for that location that does not enable your local area connection,
you do not waste time waiting for your network adapter to time out. The adapter does not
even try to connect.
If your computer has more than one network adapter, a local area connection icon for each
adapter is displayed in the Network Connections folder.
&3amples of -.N connections include &thernet, token ring, cable modems, "*-, 2""I,
I% over .TM, Ir". +Infrared,, wireless, and .TM#emulated -.Ns. &mulated -.Ns are
based on virtual adapter drivers such as the -.N &mulation %rotocol.
If changes are made to your network, you can modify the settings of an e3isting local area
connection to reflect those changes. The General tab of the Local Area Connection Status
dialog bo3 allows you to view connection information such as connection status, duration,
speed, signal strength, amounts of data transmitted and received, and any diagnostic tools
available for a particular connection. The Support tab contains information on(
The address type which indicates how the address was assigned. 2or e3ample the
TC%4I% address is assigned by "5C%.
The I% address currently assigned for the session.
The I% subnet mask for the I% address currently assigned for the session.
The default gateway address of the I% device that allows access to other protocols.
The Support tab also has a Details button that displays detailed information about the
properties of the network connection. This includes the addresses of dependent e3ternal
If you install a new -.N adapter in your computer, the ne3t time you start your computer,
a new local area connection icon appears in the Network Connections folder. %lug and
%lay functionality finds the network adapter and creates a local area connection for it. If
you are using a laptop computer, you can add a %C card while the computer is on. %lug
and %lay will identify the new card without you having to restart your laptop computer.
The local area connection icon is immediately added to the folder. 6ou cannot manually
add local area connections to the Network Connections folder.
6ou can configure multiple -.N adapters through the Advanced Settings menu option.
6ou can modify the order of adapters that are used by a connection, and the associated
Active Director & DNS Setup
clients, services, and protocols for the adapter. 6ou can modify the provider order in which
this connection gains access to information on the network, such as networks and printers.
6ou configure the device a connection uses, and all of the associated clients, services, and
protocols for the connection, through the Properties menu option. Clients define the
access of the connection to computers and files on your network. *ervices provide features
such as file and printer sharing. %rotocols, such as T)*+,*, define the language your
computer uses to communicate with other computers.
"epending on the status of your local area connection, the icon changes appearance in the
Network Connections folder, or a separate icon appears in the taskbar. If a -.N adapter is
not detected by your computer, a local area connection icon does not appear in the
Network Connections folder.