Active Directory for small network?

I have a "how-to" question. I am replacing the server (hardware) for a
small company that has 8 users on a network, it's currently using
Windows 2000 Server. I had installed AD on the old server a couple of
years ago and I don't remember all the setup details, and I want to know
the REASONS for all the configuration options and which ones really
apply to a very small network.

I can't find any articles on "how to set up AD for a small network".
For example, KB article 237675 tells you to create a forward lookup zone
and give it a name, but doesn't tell you what a forward lookup zone is,
or any suggestions on a name. I have read a lot about AD but it talks
about publishing resources so everyone can find them, which is great,
and then there's stuff about authoritative DNS zones which I don't
understand. We don't have a publicly registered ".com" name.

If none of the AD features are going to be used, should I even be
installing AD? (With Server 2003, I understand there's not a choice.)

The server serves 8 users as a DC, it runs the one shared laser printer,
it owns the common data files that are stored on shared folders that
everyone has mapped drive letters for, and it backs up the data files
online (to another local disk) and offline (to tape) daily. That's it.
No Exchange server, no SQL server, no local Web page or FTP server, no
backup controller, nothing is replicated anywhere.

Where can I look for configuration examples? (For example, what should
I name the forward lookup zone? Is "local" a good name? What is the
forward lookup zone used for? How can I stop the errors that occur when
(I think) the local server is trying to register itself in my ISP's
DNS?)

What is meant by these settings in my context, as these are recommended
for the AD server:

Select "Append primary and connection specific DNS suffixes"
Check "Append parent suffixes of the primary DNS suffix"
Check "Register this connection's addresses in DNS" [Doesn't this mean
that my server is going to try to register itself with my ISP?]

Do these things matter in a small network that has no public "face"?

Any guidance would be greatly appreciated.

Thanks.

David Walker

Just open a command prompt on the Server and run "DCPromo.exe"

There is no SQL stuff, no DNS stuff, ...the utility does it all for you as
long as you at least know what you want to call the domain. Use a name that
won't appear on the internet,...like "mycompany.loc" instead of
"mycompany.com". DCPromo will even install DNS if it is not already on the
machine,...and then automatically configure it after it is installed. Just
go with the Defaults on everything.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------




"DWalker" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I have a "how-to" question. I am replacing the server (hardware) for a
> small company that has 8 users on a network, it's currently using
> Windows 2000 Server. I had installed AD on the old server a couple of
> years ago and I don't remember all the setup details, and I want to know
> the REASONS for all the configuration options and which ones really
> apply to a very small network.
>
> I can't find any articles on "how to set up AD for a small network".
> For example, KB article 237675 tells you to create a forward lookup zone
> and give it a name, but doesn't tell you what a forward lookup zone is,
> or any suggestions on a name. I have read a lot about AD but it talks
> about publishing resources so everyone can find them, which is great,
> and then there's stuff about authoritative DNS zones which I don't
> understand. We don't have a publicly registered ".com" name.
>
> If none of the AD features are going to be used, should I even be
> installing AD? (With Server 2003, I understand there's not a choice.)
>
> The server serves 8 users as a DC, it runs the one shared laser printer,
> it owns the common data files that are stored on shared folders that
> everyone has mapped drive letters for, and it backs up the data files
> online (to another local disk) and offline (to tape) daily. That's it.
> No Exchange server, no SQL server, no local Web page or FTP server, no
> backup controller, nothing is replicated anywhere.
>
> Where can I look for configuration examples? (For example, what should
> I name the forward lookup zone? Is "local" a good name? What is the
> forward lookup zone used for? How can I stop the errors that occur when
> (I think) the local server is trying to register itself in my ISP's
> DNS?)
>
> What is meant by these settings in my context, as these are recommended
> for the AD server:
>
> Select "Append primary and connection specific DNS suffixes"
> Check "Append parent suffixes of the primary DNS suffix"
> Check "Register this connection's addresses in DNS" [Doesn't this mean
> that my server is going to try to register itself with my ISP?]
>
> Do these things matter in a small network that has no public "face"?
>
> Any guidance would be greatly appreciated.
>
> Thanks.
>
> David Walker
>

To get back to your original question, only you can decide whether the
advantages of AD are worth the effort for this network. But if it have been
running a domain setup, I suspect the users will be very frustrated going
back to a workgroup setup. W2k3 can run that way, just as W2k could.

DNS is required with AD because the whole AD structure depends on DNS.
Clients use DNS to find AD services (like netlogon). Your clients use your
local forward lookup zone to find each other. Your server and your clients
should not be using the DNS server at your ISP directly. The clients should
use your local DNS only and this server should forward to a public DNS (such
as your ISP) to resolve public URLs.

Phillip Windell wrote:
> Just open a command prompt on the Server and run "DCPromo.exe"
>
> There is no SQL stuff, no DNS stuff, ...the utility does it all for
> you as long as you at least know what you want to call the domain.
> Use a name that won't appear on the internet,...like "mycompany.loc"
> instead of "mycompany.com". DCPromo will even install DNS if it is
> not already on the machine,...and then automatically configure it
> after it is installed. Just go with the Defaults on everything.
>
>
> "DWalker" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> I have a "how-to" question. I am replacing the server (hardware)
>> for a small company that has 8 users on a network, it's currently
>> using Windows 2000 Server. I had installed AD on the old server a
>> couple of years ago and I don't remember all the setup details, and
>> I want to know the REASONS for all the configuration options and
>> which ones really apply to a very small network.
>>
>> I can't find any articles on "how to set up AD for a small network".
>> For example, KB article 237675 tells you to create a forward lookup
>> zone and give it a name, but doesn't tell you what a forward lookup
>> zone is, or any suggestions on a name. I have read a lot about AD
>> but it talks about publishing resources so everyone can find them,
>> which is great, and then there's stuff about authoritative DNS zones
>> which I don't understand. We don't have a publicly registered ".com"
>> name.
>>
>> If none of the AD features are going to be used, should I even be
>> installing AD? (With Server 2003, I understand there's not a
>> choice.)
>>
>> The server serves 8 users as a DC, it runs the one shared laser
>> printer, it owns the common data files that are stored on shared
>> folders that everyone has mapped drive letters for, and it backs up
>> the data files online (to another local disk) and offline (to tape)
>> daily. That's it. No Exchange server, no SQL server, no local Web
>> page or FTP server, no backup controller, nothing is replicated
>> anywhere.
>>
>> Where can I look for configuration examples? (For example, what
>> should I name the forward lookup zone? Is "local" a good name?
>> What is the forward lookup zone used for? How can I stop the errors
>> that occur when (I think) the local server is trying to register
>> itself in my ISP's DNS?)
>>
>> What is meant by these settings in my context, as these are
>> recommended for the AD server:
>>
>> Select "Append primary and connection specific DNS suffixes"
>> Check "Append parent suffixes of the primary DNS suffix"
>> Check "Register this connection's addresses in DNS" [Doesn't this
>> mean that my server is going to try to register itself with my ISP?]
>>
>> Do these things matter in a small network that has no public "face"?
>>
>> Any guidance would be greatly appreciated.
>>
>> Thanks.
>>
>> David Walker

"Bill Grant" <not.available@online> wrote in
news:ev$(E-Mail Removed):

> To get back to your original question, only you can decide whether
> the
> advantages of AD are worth the effort for this network. But if it have
> been running a domain setup, I suspect the users will be very
> frustrated going back to a workgroup setup. W2k3 can run that way,
> just as W2k could.
>
> DNS is required with AD because the whole AD structure depends on
> DNS.
> Clients use DNS to find AD services (like netlogon). Your clients use
> your local forward lookup zone to find each other. Your server and
> your clients should not be using the DNS server at your ISP directly.
> The clients should use your local DNS only and this server should
> forward to a public DNS (such as your ISP) to resolve public URLs.
>

Thanks for the info. I understand that AD offers lots of great things
that are all set up through DNS. But in our case, our clients don't
*need* to find each other; they only need to find the (one) shared
folder on the server. Plus the one shared printer. I don't think that
DNS is actually used for any of that; the folder is at a mapped drive
letter, and the printer was installed once by the users (four years ago)
and that's it.

The clients do log on to the domain, so I suppose that the AD is used to
find the Netlogon service.

I will point our users to our server's DNS, instead of the ISP's DNS,
since I understand that that's how it is supposed to be set up, and I
suppose it provides some DNS local caching. (But almost 100% of the DNS
requests are going to be forwarded to the ISP by our server's DNS.)

As you say, there's really no advantage in our system of using AD. We
could run the server as a DC without AD, but I set it up as AD anyway.

Thanks.

David Walker