|
|
| Line 52: |
Line 52: |
| ==Using Linux BIND DNS Servers for Dynamic AD Updates== | | ==Using Linux BIND DNS Servers for Dynamic AD Updates== |
|
| |
|
| Use these configurations to configure BIND to allow dynamic updates from Windows AD servers.
| | See [[ISC Bind#Windows AD Dynamic Updates|ISC BIND]]. |
| | |
| ===ACL===
| |
| | |
| acl "DOMAIN-CONTROLLERS" {
| |
| 10.144.30.101; // DC1-dave
| |
| 10.144.35.2; // DC2-dave
| |
| 10.150.30.5; // DC-jim
| |
| };
| |
| | |
| ===Zone Delcarations===
| |
| | |
| ====Master Config====
| |
| | |
| zone "_msdcs.lambnet.us" IN {
| |
| type master;
| |
| file "dynamic/_msdcs.lambnet.us";
| |
| allow-update { DOMAIN-CONTROLLERS; };
| |
| };
| |
|
| |
| zone "_sites.lambnet.us" IN {
| |
| type master;
| |
| file "dynamic/_sites.lambnet.us";
| |
| allow-update { DOMAIN-CONTROLLERS; };
| |
| };
| |
|
| |
| zone "_tcp.lambnet.us" IN {
| |
| type master;
| |
| file "dynamic/_tcp.lambnet.us";
| |
| allow-update { DOMAIN-CONTROLLERS; };
| |
| };
| |
|
| |
| zone "_udp.lambnet.us" IN {
| |
| type master;
| |
| file "dynamic/_udp.lambnet.us";
| |
| allow-update { DOMAIN-CONTROLLERS; };
| |
| };
| |
| | |
| ====Slave Config====
| |
| | |
| zone "_msdcs.lambnet.us" IN {
| |
| type slave;
| |
| masters { 10.144.30.4; };
| |
| file "dynamic/_msdcs.lambnet.us";
| |
| allow-update-forwarding { DOMAIN-CONTROLLERS; };
| |
| };
| |
|
| |
| zone "_sites.lambnet.us" IN {
| |
| type slave;
| |
| masters { 10.144.30.4; };
| |
| file "dynamic/_sites.lambnet.us";
| |
| allow-update-forwarding { DOMAIN-CONTROLLERS; };
| |
| };
| |
|
| |
| zone "_tcp.lambnet.us" IN {
| |
| type slave;
| |
| masters { 10.144.30.4; };
| |
| file "dynamic/_tcp.lambnet.us";
| |
| allow-update-forwarding { DOMAIN-CONTROLLERS; };
| |
| };
| |
|
| |
| zone "_udp.lambnet.us" IN {
| |
| type slave;
| |
| masters { 10.144.30.4; };
| |
| file "dynamic/_udp.lambnet.us";
| |
| allow-update-forwarding { DOMAIN-CONTROLLERS; };
| |
| };
| |
| | |
| ===Logging===
| |
| | |
| channel update-log {
| |
| file "/var/log/named/named.update" versions 5 size 5m;
| |
| severity info;
| |
| print-category yes;
| |
| print-severity yes;
| |
| print-time yes;
| |
| };
| |
|
| |
| category update { update-log; };
| |
Client Commands
List Applied GPO's
GUI:
rsop.msc
CLI:
gpresult /r /scope computer
or save it to an html file with /h:
gpresult /h c:\gpresult.html
Confirm DC is Reachable
net view \\<DC name>
Domain Controller Admin
Show DC Replication Status
This also shows the DSA object GUID of all DC's.
repadmin /showrepl
Show replication state and relative health of a forest
repadmin /replsummary
Sync Domain Controller with all Replication Partners
repadmin /syncall /d /e
Domain Controller Diagnostics
Verify DNS Services for DC
dcdiag /test:dns
Comprehensive, Run all tests, Verbose
dcdiag /c /v
Force registration of all DC-specific DNS records
nltest.exe /dsregdns
Check DC FSMO Roles
netdom query FSMO
Using Linux BIND DNS Servers for Dynamic AD Updates
See ISC BIND.
