Windows Server 2008 R2 Unleashed (70 page)

Chapter 10 for more information on DNS GlobalNames.

Examining Directory Integration

The third concept that is critical to a functional Active Directory networking infrastructure

is Directory Integration. Having a centralized directory that contains a database of all

network clients, their services, user accounts, and security groups that can be used to

define security and permissions is vital to any centrally managed modern computer

network. Microsoft provides the Active Directory Domain Services role to serve this

purpose. Active Directory Domain Services is detailed in Chapter 7, “Active Directory

Infrastructure.”

The Active Directory Domain Services role, included with Windows Server 2008 R2, is a

core service that is depended upon by many other roles and services hosted on the

network. As an example of this, the servers that host the Active Directory Domain Services

role, also known as domain controllers, are accessed by other servers and workstations to

328

CHAPTER 11

DHCP/WINS/Domain Controllers

verify authentication to resources and to also locate resources on the network. Domain

controllers contain the full set of directory data used for many networking functions, but

certain domain controllers also host a role known as the global catalog. The global catalog

hosts a compact subset of the entire Active Directory domain controller database that is

indexed, read-only, and used to provide faster results to directory lookups and searches.

Global catalog domain controllers are explained in more detail in the “Understanding the

Role of the Active Directory Global Catalog” section later in this chapter.

Subsequently, choosing where to place domain controllers and domain controllers that are

also global catalog servers is critical to the design and operation of the Windows Server

2008 R2 Active Directory infrastructure. Special considerations must be made regarding

this concept because access to directory lookup and registration are crucial functions for

Active Directory clients on the network. Of course, before an Active Directory client can

locate or register with a domain controller or do a search of the global catalog, they must

first get on the network and find the right systems hosting these services, through

network addressing and name resolution.

Outlining Networking Services Changes in Windows Server 2008 R2

Windows Server 2008 R2 introduces several functional improvements to networking

services. These improvements allow for increased administrative functionality, greater reli-

ptg

ability, and an overall increase in value for an organization’s network infrastructure.

DHCP improvements such as DHCP MAC address filtering for leases, DHCP delay in

address distribution for redundant DHCP architectures, and DHCP migration improve-

ments using the new Windows Server Migration Tools feature of Windows Server 2008 R2

provide the functionality that many DHCP administrators desired. WINS improvements

include advanced database searches and filtering in the WINS console, but the architecture

and functionality has not changed too much in this release. You can find more informa-

tion about these capabilities later in this chapter.

Exploring the Dynamic Host Configuration Protocol

(DHCP)

Amazingly little is known about the DHCP service, although it is used in virtually all orga-

nizations and networks. The service itself has simple beginnings but has evolved to

become an important component in a network environment. If you have ever connected

a computer to a network, such as a Wi-Fi hot spot at the local café, the computer was

given a network address from a DHCP service running on that network.

Detailing the Need for DHCP

Aside from just assigning a network device a unique IP address on the network, there

needs to be a network architecture that manages how network devices communicate, and,

particularly, which devices can communicate and when. This network communication

management is provided by the TCP/IP networking protocol. TCP/IP is too complex and

Exploring the Dynamic Host Configuration Protocol (DHCP)

329

not necessary to define in this chapter but one thing that is certain is that each device

connected to a TCP/IP network requires a unique address. This unique address defines the

11

node’s network affiliation and provides for a means of sending and receiving network

information between itself and the destination network device(s). This address, or IP

address, must be assigned to each device on the network to allow for communication

using TCP/IP. In the past, many IP addresses were manually distributed as new clients

were added to a network. This required a large amount of administrative overhead to

maintain, and often resulted in problems in configuration caused by simple typographical

errors and basic human error. Also, manually adding IP addresses to devices, without a

well-managed and up-to-date address table or database, resulted in multiple machines on

the network using the same address. When multiple devices were configured with the

same IP address on a single network, the result usually included failed networking on both

devices. As an example of this, if two people in the same household picked up different

phones to dial simultaneously, they would both hear the dial tone but when they dialed

the number, most likely an incorrect number would be dialed that did not match either of

the desired numbers.

Aside from building in checks to deal with duplicate IP addressed devices on a single TCP/IP

network, administrators quickly realized that automating address distribution was the way

to go. The search for such a system led to the predecessors of DHCP: RARP and BOOTP.

ptg

Outlining DHCP Predecessors: RARP and BOOTP

The need for dynamic allocation of IP addresses to clients was first addressed by the

Reverse Address Resolution Protocol (RARP). RARP simply allocated an IP address to a

client after that client requested it through a network broadcast. This protocol was quickly

discovered to be ineffective for communicating between different networks.

The successor to RARP was the Bootstrap Protocol (BOOTP), which improved the dynamic

assignment of IP addresses by allowing for routing through different networks and used a

concept called a magic cookie, a 64-byte portion of the BOOTP packet that contained

configuration information such as subnet mask, DNS server designations, and so on. This

protocol was a drastic improvement over RARP but was still limited in a few functional

areas—namely, the fact that the database was not dynamic and was stored in a static text

file, which limited its usability. BOOTP is still used today to deliver IP addresses to systems

that need to connect to a network to locate the necessary files to load an application or

operating system, such as is the case in a diskless computer.

Exploring the DHCP Server Service

DHCP was developed as an improvement to BOOTP. In fact, a DHCP packet is almost

identical to a BOOTP packet, except for the modification of the magic cookie portion of a

packet, which was expanded in size to accommodate additional options such as DNS

server, WINS server, and so on.

330

CHAPTER 11

DHCP/WINS/Domain Controllers

The DHCP process is straightforward. A client boots up, and a broadcast request is sent out

to all nodes on the network to which the client is connected. If a DHCP service is active

and listening for these broadcasts, it will respond to the client request by issuing an avail-

able IP address from a predefined range or pool, as illustrated in Figure 11.1.

10.1.2.242

Client

Client

DHCP

Client

DHCP

Server

Server

Client boots up and

A DHCP server, listening on

After the proper prerequisites

broadcasts DHCP IP address

UDP port 67, receives the client

have been satisfied, the

request to all nodes

broadcast and responds,

DHCP server issues an

on the local network subnet.

beginning a lease negotiation

IP lease to the client.

process with the client.

FIGURE 11.1

The DHCP IP request process.

ptg

In addition to an IP address, all options that are defined on the server scope are issued to a

client. This includes DNS servers, WINS servers, gateways, subnet masks, and many other

settings. If these options are issued automatically, the chance for errors is lessened and the

entire IP address assignment becomes automated, decreasing administrative overhead.

Examining the DHCP Client Service

The server portion of DHCP is only half of the equation in a DHCP transaction. The

request for an IP address comes from a specific interface known as the DHCP client. The

DHCP Client service is included in all versions of TCP/IP deployed with Microsoft

Windows, but on some of the older clients, TCP/IP would need to be installed separately.

The DHCP client, as previously mentioned, interacts with the DHCP Server service, in terms

of requesting, accepting, and releasing IP addresses. Each version of the Windows TCP/IP

protocol included with each operating system includes a different DHCP client, and there

are slight variations in the functionality of each of them. However, the overall function—to

apply for and receive an IP address from a DHCP server—remains the same in each.

Understanding Automatic Private IP Addressing (APIPA)

The TCP/IP DHCP Client/Server service was updated with the release of Windows 2000 to

enable Windows clients to automatically assign themselves an IP address if no BOOTP or

DHCP server was available; it does so through a process called Automatic Private IP

Exploring the Dynamic Host Configuration Protocol (DHCP)

331

Addressing (APIPA). APIPA clients automatically assign themselves an IP address in the

169.254.0.0/16 range in this situation, which allows them to have basic TCP/IP connectiv-

11

ity in small networks. So, in essence, a small workgroup network can be built with

Windows 2000, XP, Vista, or Windows 7 workstations, and without too much work, these

systems would be able to communicate with each other using addresses self-assigned by

the APIPA service.

APIPA might be problematic in larger networks because it forces clients to assign them-

selves addresses in a range that is normally not part of a local company subnet. If a DHCP

server is down, clients that are attempting to renew a lease or obtain a new IP address

from a DHCP server will fail and automatically assign themselves an APIPA address. When

the server comes back online, these clients will not immediately get a legitimate IP

address from the DHCP server because they are no longer broadcasting for an IP address,

and will essentially remain cut off from the network. In a case like this, the client worksta-

tion will need to initiate a new DHCP address request by rebooting the system or forcing a

manual address request using a command such as Ipconfig /renew from a command

prompt. This can be quite troublesome for corporate network administrators and help

desk support staff if the DHCP services on their network are slow to respond or fail often.

In certain situations, network administrators might want to disable the APIPA functional-

ity, and Microsoft supplies a Registry key that will perform this function for Windows

2000 and later systems. A Registry key can be manually created on the systems in the

ptg

following location:

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\\

IPAutoconfigurationEnabled:REG_DWORD=0

You can create this key by following these steps on the client:

1. Open Registry Editor (choose Start, Run, and then enter regedit).

2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

Tcpip\Parameters\_Interfaces\ (where AdapterName is the

hexadecimal representation of the network adapter in question).

3. Right-click on the key and choose New, DWORD Value.

4. Enter IPAutoconfigurationEnabled to rename the DWORD value.

5. Double-click the new value and ensure that 0 is entered as the value data.

6. Click OK and close the Registry Editor.

To validate that APIPA is disabled, an administrator should run IPCONFIG /ALL from the

command prompt and then check that the Autoconfiguration Enabled option is set to No.

332

CHAPTER 11

DHCP/WINS/Domain Controllers

NOTE

APIPA can also be effectively disabled in Windows XP clients through an alternate IP

configuration, which allows for the designation of a static IP address if DHCP is unavail-

able. You can find more information on this concept in the section “Understanding

DHCP Client Alternate Network Capability,” later in this chapter.

Detailing DHCP Relay Agents

Because DHCP clients use network broadcasts to seek out DHCP servers, it is important

that there is a DHCP server on each network. To send and receive network traffic between

separate networks, a device known as a network router is used. By default, network routers

do not forward any broadcast network traffic between networks. On complex networks

Other books

How to Start a Fire by Lisa Lutz
A Ravishing Redhead by Jillian Eaton
Waggit Forever by Peter Howe
Just After Sunset by King, Stephen
Threads of Silk by Linda Lee Chaikin