Windows Server 2008 R2 Unleashed (70 page)
Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
Chapter 10 for more information on DNS GlobalNames.
Examining Directory Integration
The third concept that is critical to a functional Active Directory networking infrastructure
is Directory Integration. Having a centralized directory that contains a database of all
network clients, their services, user accounts, and security groups that can be used to
define security and permissions is vital to any centrally managed modern computer
network. Microsoft provides the Active Directory Domain Services role to serve this
purpose. Active Directory Domain Services is detailed in Chapter 7, “Active Directory
Infrastructure.”
The Active Directory Domain Services role, included with Windows Server 2008 R2, is a
core service that is depended upon by many other roles and services hosted on the
network. As an example of this, the servers that host the Active Directory Domain Services
role, also known as domain controllers, are accessed by other servers and workstations to
328
CHAPTER 11
DHCP/WINS/Domain Controllers
verify authentication to resources and to also locate resources on the network. Domain
controllers contain the full set of directory data used for many networking functions, but
certain domain controllers also host a role known as the global catalog. The global catalog
hosts a compact subset of the entire Active Directory domain controller database that is
indexed, read-only, and used to provide faster results to directory lookups and searches.
Global catalog domain controllers are explained in more detail in the “Understanding the
Role of the Active Directory Global Catalog” section later in this chapter.
Subsequently, choosing where to place domain controllers and domain controllers that are
also global catalog servers is critical to the design and operation of the Windows Server
2008 R2 Active Directory infrastructure. Special considerations must be made regarding
this concept because access to directory lookup and registration are crucial functions for
Active Directory clients on the network. Of course, before an Active Directory client can
locate or register with a domain controller or do a search of the global catalog, they must
first get on the network and find the right systems hosting these services, through
network addressing and name resolution.
Outlining Networking Services Changes in Windows Server 2008 R2
Windows Server 2008 R2 introduces several functional improvements to networking
services. These improvements allow for increased administrative functionality, greater reli-
ptg
ability, and an overall increase in value for an organization’s network infrastructure.
DHCP improvements such as DHCP MAC address filtering for leases, DHCP delay in
address distribution for redundant DHCP architectures, and DHCP migration improve-
ments using the new Windows Server Migration Tools feature of Windows Server 2008 R2
provide the functionality that many DHCP administrators desired. WINS improvements
include advanced database searches and filtering in the WINS console, but the architecture
and functionality has not changed too much in this release. You can find more informa-
tion about these capabilities later in this chapter.
Exploring the Dynamic Host Configuration Protocol
Amazingly little is known about the DHCP service, although it is used in virtually all orga-
nizations and networks. The service itself has simple beginnings but has evolved to
become an important component in a network environment. If you have ever connected
a computer to a network, such as a Wi-Fi hot spot at the local café, the computer was
given a network address from a DHCP service running on that network.
Detailing the Need for DHCP
Aside from just assigning a network device a unique IP address on the network, there
needs to be a network architecture that manages how network devices communicate, and,
particularly, which devices can communicate and when. This network communication
management is provided by the TCP/IP networking protocol. TCP/IP is too complex and
Exploring the Dynamic Host Configuration Protocol (DHCP)
329
not necessary to define in this chapter but one thing that is certain is that each device
connected to a TCP/IP network requires a unique address. This unique address defines the
11
node’s network affiliation and provides for a means of sending and receiving network
information between itself and the destination network device(s). This address, or IP
address, must be assigned to each device on the network to allow for communication
using TCP/IP. In the past, many IP addresses were manually distributed as new clients
were added to a network. This required a large amount of administrative overhead to
maintain, and often resulted in problems in configuration caused by simple typographical
errors and basic human error. Also, manually adding IP addresses to devices, without a
well-managed and up-to-date address table or database, resulted in multiple machines on
the network using the same address. When multiple devices were configured with the
same IP address on a single network, the result usually included failed networking on both
devices. As an example of this, if two people in the same household picked up different
phones to dial simultaneously, they would both hear the dial tone but when they dialed
the number, most likely an incorrect number would be dialed that did not match either of
the desired numbers.
Aside from building in checks to deal with duplicate IP addressed devices on a single TCP/IP
network, administrators quickly realized that automating address distribution was the way
to go. The search for such a system led to the predecessors of DHCP: RARP and BOOTP.
ptg
Outlining DHCP Predecessors: RARP and BOOTP
The need for dynamic allocation of IP addresses to clients was first addressed by the
Reverse Address Resolution Protocol (RARP). RARP simply allocated an IP address to a
client after that client requested it through a network broadcast. This protocol was quickly
discovered to be ineffective for communicating between different networks.
The successor to RARP was the Bootstrap Protocol (BOOTP), which improved the dynamic
assignment of IP addresses by allowing for routing through different networks and used a
concept called a magic cookie, a 64-byte portion of the BOOTP packet that contained
configuration information such as subnet mask, DNS server designations, and so on. This
protocol was a drastic improvement over RARP but was still limited in a few functional
areas—namely, the fact that the database was not dynamic and was stored in a static text
file, which limited its usability. BOOTP is still used today to deliver IP addresses to systems
that need to connect to a network to locate the necessary files to load an application or
operating system, such as is the case in a diskless computer.
Exploring the DHCP Server Service
DHCP was developed as an improvement to BOOTP. In fact, a DHCP packet is almost
identical to a BOOTP packet, except for the modification of the magic cookie portion of a
packet, which was expanded in size to accommodate additional options such as DNS
server, WINS server, and so on.
330
CHAPTER 11
DHCP/WINS/Domain Controllers
The DHCP process is straightforward. A client boots up, and a broadcast request is sent out
to all nodes on the network to which the client is connected. If a DHCP service is active
and listening for these broadcasts, it will respond to the client request by issuing an avail-
able IP address from a predefined range or pool, as illustrated in Figure 11.1.
10.1.2.242
Client
Client
DHCP
Client
DHCP
Server
Server
Client boots up and
A DHCP server, listening on
After the proper prerequisites
broadcasts DHCP IP address
UDP port 67, receives the client
have been satisfied, the
request to all nodes
broadcast and responds,
DHCP server issues an
on the local network subnet.
beginning a lease negotiation
IP lease to the client.
process with the client.
FIGURE 11.1
The DHCP IP request process.
ptg
In addition to an IP address, all options that are defined on the server scope are issued to a
client. This includes DNS servers, WINS servers, gateways, subnet masks, and many other
settings. If these options are issued automatically, the chance for errors is lessened and the
entire IP address assignment becomes automated, decreasing administrative overhead.
Examining the DHCP Client Service
The server portion of DHCP is only half of the equation in a DHCP transaction. The
request for an IP address comes from a specific interface known as the DHCP client. The
DHCP Client service is included in all versions of TCP/IP deployed with Microsoft
Windows, but on some of the older clients, TCP/IP would need to be installed separately.
The DHCP client, as previously mentioned, interacts with the DHCP Server service, in terms
of requesting, accepting, and releasing IP addresses. Each version of the Windows TCP/IP
protocol included with each operating system includes a different DHCP client, and there
are slight variations in the functionality of each of them. However, the overall function—to
apply for and receive an IP address from a DHCP server—remains the same in each.
Understanding Automatic Private IP Addressing (APIPA)
The TCP/IP DHCP Client/Server service was updated with the release of Windows 2000 to
enable Windows clients to automatically assign themselves an IP address if no BOOTP or
DHCP server was available; it does so through a process called Automatic Private IP
Exploring the Dynamic Host Configuration Protocol (DHCP)
331
Addressing (APIPA). APIPA clients automatically assign themselves an IP address in the
169.254.0.0/16 range in this situation, which allows them to have basic TCP/IP connectiv-
11
ity in small networks. So, in essence, a small workgroup network can be built with
Windows 2000, XP, Vista, or Windows 7 workstations, and without too much work, these
systems would be able to communicate with each other using addresses self-assigned by
the APIPA service.
APIPA might be problematic in larger networks because it forces clients to assign them-
selves addresses in a range that is normally not part of a local company subnet. If a DHCP
server is down, clients that are attempting to renew a lease or obtain a new IP address
from a DHCP server will fail and automatically assign themselves an APIPA address. When
the server comes back online, these clients will not immediately get a legitimate IP
address from the DHCP server because they are no longer broadcasting for an IP address,
and will essentially remain cut off from the network. In a case like this, the client worksta-
tion will need to initiate a new DHCP address request by rebooting the system or forcing a
manual address request using a command such as Ipconfig /renew from a command
prompt. This can be quite troublesome for corporate network administrators and help
desk support staff if the DHCP services on their network are slow to respond or fail often.
In certain situations, network administrators might want to disable the APIPA functional-
ity, and Microsoft supplies a Registry key that will perform this function for Windows
2000 and later systems. A Registry key can be manually created on the systems in the
ptg
following location:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
IPAutoconfigurationEnabled:REG_DWORD=0
You can create this key by following these steps on the client:
1. Open Registry Editor (choose Start, Run, and then enter regedit).
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Tcpip\Parameters\_Interfaces\
hexadecimal representation of the network adapter in question).
3. Right-click on the
4. Enter IPAutoconfigurationEnabled to rename the DWORD value.
5. Double-click the new value and ensure that 0 is entered as the value data.
6. Click OK and close the Registry Editor.
To validate that APIPA is disabled, an administrator should run IPCONFIG /ALL from the
command prompt and then check that the Autoconfiguration Enabled option is set to No.
332
CHAPTER 11
DHCP/WINS/Domain Controllers
NOTE
APIPA can also be effectively disabled in Windows XP clients through an alternate IP
configuration, which allows for the designation of a static IP address if DHCP is unavail-
able. You can find more information on this concept in the section “Understanding
DHCP Client Alternate Network Capability,” later in this chapter.
Detailing DHCP Relay Agents
Because DHCP clients use network broadcasts to seek out DHCP servers, it is important
that there is a DHCP server on each network. To send and receive network traffic between
separate networks, a device known as a network router is used. By default, network routers
do not forward any broadcast network traffic between networks. On complex networks
