FREE Monthly
Technology Updates
One-year Vendor
Product Upgrade
Protection Plan
FREE Membership to
Access.Globalknowledge
If it’s a
high-risk, high-impact,
must-not-fail situation,
it’s MISSION CRITICAL!
Robin Walshaw, MCSE
Technical Editor:
D. Lynn White, MCPS, MCSE, MCT, MCP+I
”This book is perfect for administrators who
need an advanced Windows 2000 reference.
I will turn to it again and again.“
–Eric Livingston,
Vice President and Chief Technology Officer
AppNet, Inc.
1928994164.qx 11/22/00 11:26 AM Page 1
With over 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco
study guides in print, we have come to know many of you personally. By
listening, we've learned what you like and dislike about typical computer
books. The most requested item has been for a web-based service that
keeps you current on the topic of the book and related technologies. In
response, we have created

, a service that
includes the following features:
■

A one-year warranty against content obsolescence that occurs as
the result of vendor product upgrades. We will provide regular web
updates for affected chapters.
■
Monthly mailings that respond to customer FAQs and provide
detailed explanations of the most difficult topics, written by content
experts exclusively for

.
■
Regularly updated links to sites that our editors have determined
offer valuable additional information on key topics.
■
Access to “Ask the Author”™ customer query forms that allow
readers to post questions to be addressed by our authors and
editors.
Once you've purchased this book, browse to
www.syngress.com/solutions
.
To register, you will need to have the book handy to verify your purchase.
Thank you for giving us the opportunity to serve you.

113_MC2k_FM 8/21/00 3:39 PM Page i
113_MC2k_FM 8/21/00 3:40 PM Page ii
MISSION CRITICAL!
MISSION CRITICAL!
WINDOWS 2000
SERVER ADMINISTRATION
113_MC2k_FM 8/21/00 3:40 PM Page iii
Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production

(collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the
Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold
AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other inci-
dental or consequential damages arising out from the Work or its contents. Because some states do not allow
the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not
apply to you.
You should always use reasonable case, including backup and other appropriate precautions, when working
with computers, networks, data, and files.
Syngress Media® and Syngress® are registered trademarks of Syngress Media, Inc. “Career Advancement Through
Skill Enhancement™,” “Ask the Author™,” “Ask the Author UPDATE™,” and “Mission Critical™” are trademarks
of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks
of their respective companies.
KEY SERIAL NUMBER
001 9TATW2ADSE
002 NF4TRA7TC4
003 CDE3C28FV7
004 DC5C8NVT4N
005 Z745QQE2BR
006 PF62RT652H
007 DTP252ZX44
008 NT3F743RTG
009 6532M977LS
010 SMWR8P554N
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Mission Critical Windows 2000 Server Administration

Copyright © 2000 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America.
Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or dis-
tributed in any form or by any means, or stored in a database or retrieval system, without the prior written per-
mission of the publisher, with the exception that the program listings may be entered, stored, and executed in a
computer system, but they may not be reproduced for publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-928994-16-4
Copy edit by: Beth Roberts Proofreading by: Fred Lanigan
Technical edit by: D. Lynn White Page Layout and Art by: Reuben Kantor
Index by: Robert Saigh and Shannon Tozier
Co-Publisher: Richard Kristof
Distributed by Publishers Group West
113_MC2k_FM 8/21/00 3:40 PM Page iv
v
Acknowledgments
We would like to acknowledge the following people for their kindness and sup-
port in making this book possible.
Richard Kristof, Duncan Anderson, Jennifer Gould, Robert Woodruff, Kevin
Murray, Dale Leatherwood, Rhonda Harmon, and Robert Sanregret of Global
Knowledge, for their generous access to the IT industry’s best courses,
instructors and training facilities.
Ralph Troupe and the team at Callisma for their invaluable insight into the
challenges of designing, deploying and supporting world-class enterprise net-
works.
Karen Cross, Kim Wylie, Harry Kirchner, John Hays, Bill Richter, Kevin Votel,
Brittin Clark, Sarah Schaffer, Ellen Lafferty and Sarah MacLachlan of
Publishers Group West for sharing their incredible marketing experience and
expertise.
Mary Ging, Caroline Hird, and Simon Beale of Harcourt International for

making certain that our vision remains worldwide in scope.
Annabel Dent, Anneka Baeten, Clare MacKenzie, and Laurie Giles of Harcourt
Australia for all their help.
David Buckland, Wendi Wong, David Loh, Marie Chieng, Lucy Chong, Leslie
Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthu-
siasm with which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Ethan Atkin at Cranbury International for his help in expanding the Syngress
program.
Special thanks to the professionals at Osborne with whom we are proud to
publish the best-selling Global Knowledge Certification Press series.
v
113_MC2k_FM 8/21/00 3:40 PM Page v
vi
From Global Knowledge
At Global Knowledge we strive to support the multiplicity of learning styles
required by our students to achieve success as technical professionals. As
the world's largest IT training company, Global Knowledge is uniquely
positioned to offer these books. The expertise gained each year from pro-
viding instructor-led training to hundreds of thousands of students world-
wide has been captured in book form to enhance your learning experience.
We hope that the quality of these books demonstrates our commitment to
your lifelong learning success. Whether you choose to learn through the
written word, computer based training, Web delivery, or instructor-led
training, Global Knowledge is committed to providing you with the very
best in each of these categories. For those of you who know Global
Knowledge, or those of you who have just found us for the first time, our
goal is to be your lifelong competency partner.
Thank your for the opportunity to serve you. We look forward to serving
your needs again in the future.

Warmest regards,
Duncan Anderson
President and Chief Executive Officer, Global Knowledge
113_MC2k_FM 8/21/00 3:40 PM Page vi
vii
About the Author
Robin Walshaw (B.Sc Computer Science, MCSE, DPPM) is an independent
consultant who delivers strategic Windows 2000 solutions to large corpora-
tions around the globe. Born in England, Robin spent the majority of his ear-
lier years in Scotland and South Africa. One of the first MCSEs in Africa, he
enjoys being at the forefront of new developments in network and operating
system architecture.
With a flair for developing strategic IT solutions for diverse clients, he
has worked in the world of computers in eight countries, and has traveled to
over thirty countries in the last ten years. A veteran of numerous global pro-
jects, Robin has honed his skills across of a wide variety of platforms and
technologies.
Though an industrious computer professional by day, by ‘night’ Robin
is an experienced mountain guide. Robin is a keen sportsman and has man-
aged to balance work with a passion for climbing the world’s highest moun-
tains, culminating in an attempt on the North Ridge of Mount Everest.
Residing with his wife, Natalie, in London and South Africa, Robin can
be contacted via email at Displaying Herculean
resolve, Natalie simultaneously manages to keep Robin’s feet on the ground
and a smile on his face. Some men just have all the luck.
113_MC2k_FM 8/21/00 3:40 PM Page vii
viii
Contributors
Melissa Craft (CCNA, MCSE, Network+, CNE-3, CNE-4, CNE-5, CNE-GW,
MCNE, Citrix) is a Director of e-Business Offering Development for MicroAge.

MicroAge is a global systems integrator headquartered in Tempe, Arizona.
MicroAge provides IT design, project management and support for distributed
computing systems. Melissa develops enterprise-wide technology solutions and
methodologies for client organizations. These technology solutions touch every
part of a system’s lifecycle—from network design, testing and implementation
to operational management and strategic planning. Melissa holds a bachelor’s
degree from the University of Michigan and is a member of the IEEE, the
Society of Women Engineers and American MENSA, Ltd. Melissa currently
resides in Phoenix, Arizona with her family, Dan, Justine and Taylor, and her
two dogs, Marmaduke and Pooka.
Debra Littlejohn Shinder (MCSE, MCP+I, MCT) is an Instructor in the AATP
program at Eastfield College, Dallas County Community College District,
where she has taught since 1992. She is Webmaster for the cities of Seagoville
and Sunnyvale, Texas, as well as the family Web site at www.shinder.net. She
and her husband, Dr. Thomas W. Shinder, provide consulting and technical
support services to Dallas area organizations. She is also the proud mom of a
daughter, Kristen, who is currently serving in the U.S. Navy in Italy, and a
son, Kris, who is a high school chess champion. Deb has been a writer for
most her life, and has published numerous articles in both technical and non-
technical fields. She can be contacted at
Thomas W. Shinder, M.D. (MCSE, MCP+I, MCT) is a Technology Trainer and
Consultant in the Dallas-Ft. Worth metroplex. Dr. Shinder has consulted with
major firms, including Xerox, Lucent Technologies, and FINA Oil, assisting in
the development and implementation of IP-based communications strategies.
Dr. Shinder attended medical school at the University of Illinois in Chicago,
and trained in neurology at the Oregon Health Sciences Center in Portland,
Oregon. His fascination with interneuronal communication ultimately melded
with his interest in internetworking and led him to focus on systems engi-
neering. Tom works passionately with his beloved wife, Deb Shinder, to design
elegant and cost-efficient solutions for small- and medium-sized businesses

based on Windows NT/2000 platforms.
113_MC2k_FM 8/21/00 3:40 PM Page viii
ix
Technical Editor
D. Lynn White (MCPS, MCSE, MCT, MCP+I) is President of Independent
Network Consultants, Inc. Lynn has more than 14 years experience in net-
working and programming. She has been a system manager in the mainframe
environment as well as a software developer for a process control company.
She is a technical author, editor, trainer, and consultant in networking and
computer-related technologies. Lynn has been delivering mainframe,
Microsoft-official curriculum and other networking coursed in and outside the
United States for more than 12 years.
113_MC2k_FM 8/21/00 3:40 PM Page ix
113_MC2k_FM 8/21/00 3:40 PM Page x
Contents
xi
Chapter 1: Introduction to Windows 2000 Server 1
Introduction 2
What’s New in Windows 2000 Server? 3
The Key to Unlocking Your Network: Active Directory 5
Why Should I Use the Active Directory? 6
Change and Configuration Management 7
Group Policies 10
Windows 2000 Security 11
Why the Change? 12
Differences in Windows 2000 Server Security 12
Windows 2000 Network Services 13
Managing and Supporting Windows 2000 Server 14
Integrated Directory Services 15
Comprehensive Management Solutions 15

Comprehensive File, Print, and Web Services 17
What’s Not New in Windows 2000 Server? 20
Core Architecture 21
Application Support 21
User Interface 21
Client Support 22
Windows 2000 Challenges 22
Summary 24
FAQs 25
Chapter 2: Active Directory—The Heart of
Windows 2000 Server 27
Introduction 28
Mission-Critical Active Directory Concepts 29
Where Active Directory Fits in the Overall Windows
2000 Architecture 30
Active Directory Concepts 30
What’s in a Name? 30
The Architecture of Active Directory 34
Putting the Pieces Together 36
113_toc 8/21/00 3:48 PM Page xi
xii Contents
Developing a Naming Strategy 40
Active Directory’s Integration with DNS 41
How Active Directory Uses DNS 43
Forest Plan 45
Domain and DNS Strategy 48
Organizational Units (OUs) 49
Site Topology 52
Naming Conventions 53
Defining DNS Names 53

Defining DNS Zones 55
Naming Conventions for Active Directory 55
Virtual Containers 56
Designing Active Directory Domains 56
Forest Plan 58
Domain Plan Including DNS Strategy 58
Organizational Unit Strategy 60
Organizational Unit Structure 60
OU Objects in the Active Directory 60
Group Policy and OUs 60
Delegating Administration 61
Site Topology 62
Summary 63
FAQs 64
Chapter 3: Migrating to Windows 2000 Server 67
Introduction 68
Server Migration Strategies 69
Primary Domain Controllers (PDCs) 76
Changes Required when Upgrading a
Domain Controller 78
Backup Domain Controllers (BDCs) 79
Member Servers 81
Promoting Member Servers with DCPROMO 81
Upgrading with the Windows 2000 Setup Wizard 82
Installing Active Directory Services 84
Interim Mixed Domains 87
Mixed Mode 88
Native Mode 88
Migrating Components 90
Using Organizational Units (OUs) to Create a

Hierarchical Structure 91
User Accounts 92
Machine Accounts 94
113_toc 8/21/00 3:48 PM Page xii
Contents xiii
Nested Groups 94
Global Groups 95
Delegating Administrative Authority 95
Insert into the Replication Topology 96
Migrating from Novell Directory Services 97
Upgrade Clients to Windows 2000 Professional 98
Summary 100
FAQs 102
Chapter 4: Implementing Domains, Trees
and Forests 103
Introduction 104
Implementing a Domain 104
Installing the First Domain in Active Directory 105
Active Directory Wizard 106
Integrating DNS into the Active Directory 110
Configuring DNS 111
Active Directory Integrated Zones 112
About Zones 112
Service Resource Record Registration 114
Creating Organizational Units 114
Managing Objects in Active Directory 115
Managing User Accounts 116
Managing Groups 117
Managing Computers 119
Managing Shares 120

Managing Printers 121
Common Object Management 122
Nesting Groups 122
Role-Based Administration 123
Microsoft Management Console 123
Administrative Roles 123
Delegating Administration 124
Object-Based Access Control 126
Building Trees and Forests 127
Forest Characteristics 128
Common Schema 128
Common Configuration 128
Global Catalog 128
Contiguous Namespace 129
Trust Relationships 129
Planning a Forest Structure 134
The Domain Tree Structure 137
Adding a Child Domain 139
113_toc 8/21/00 3:48 PM Page xiii
xiv Contents
Sizing the Active Directory Store 139
Managing the Forest 142
Summary 145
FAQs 147
Chapter 5: Planning and Implementing Active
Directory Sites 149
Introduction 150
The Function of Sites in Active Directory 150
Default-First-Site-Name 153
Replicated Active Directory Components 153

Domain Partitions 153
Global Catalog 154
Schema and Configuration Containers 155
Modifying the Schema 155
Configuring Site Replication Components 166
Creating Site Objects 166
Creating Connection Objects 167
Creating Site Links 167
Creating Site Link Bridges 168
Replication Protocols 169
Replication in Active Directory 170
Replication Topology 171
Planning a Site Structure 174
Placing Domain Controllers 177
Where to Place Global Catalog Servers 177
Implementing a Site Structure in Active Directory 178
Replication Utilities 183
Replication Monitor (REPLMON) 183
Replication Administrator (REPADMIN) 183
DSASTAT 183
Understanding Time Synchronization in Active Directory 184
Summary 185
FAQs 187
Chapter 6: Advanced Active Directory 189
Introduction 190
Interfacing with Active Directory 190
ADSI 190
RPC 192
Windows Sockets 192
DCOM 193

Exchange Server Active Directory Connector 193
Synchronizing with the Novell Directory Service 195
113_toc 8/21/00 3:48 PM Page xiv
Contents xv
Microsoft’s Metadirectory 195
VIA Architecture 199
Implementing a Disaster Recovery Plan 200
Modeling Sites with Disaster Recovery in Mind 201
The Active Directory Database File Structure 204
Backup 205
Creating an Emergency Repair Disk 206
Recovering a Failed Domain Controller 208
Authoritative Restore of Deleted Objects 208
Startup Options 209
The Recovery Console 210
For Experts 211
PDC Emulation and Native Mode 211
How Active Directory Prevents Unnecessary
Replication 212
How an LDAP Query Accesses Active Directory 213
Renaming Domains 214
Add a Server to Two Different Sites Simultaneously 214
Removing Phantom Objects 215
Phantom Domains 215
Transferring FSMO Roles 216
Troubleshooting Tips 219
Avoiding Errors When Migrating a Domain 220
Remote Procedure Call (RPC) Errors 220
Summary 221
FAQs 222

Chapter 7: Configuring IntelliMirror 223
Introduction 224
What Is IntelliMirror? 224
Configuring Group Policies 226
How Group Policies Are Applied 229
Refresh Interval 230
Blocking and Enforcing 230
Group Policy Information Storage 231
Administrative Templates 232
Registry.pol 233
Group Policy Settings 233
Computer Configuration 235
User Configuration 235
Designing a Group Policy Strategy 236
Group Policy in WAN Environments 237
Implementing Group Policy Strategies 240
Configuring Group Policy Objects 240
113_toc 8/21/00 3:48 PM Page xv
xvi Contents
Link a Group Policy Object to a Container 241
Keeping Groups from Growing Over Time 242
Delegating Control of Group Policy 243
Troubleshooting Group Policies 245
Policy Does Not Execute 245
Policy Executes in the Wrong Way 246
Logging On Takes a Long Time 246
Security 247
Groups 247
Group Strategy 249
Viewing Security Features in Active Directory

Users and Computers 250
Domain Security Console 250
Account Policies 250
Local Policies 254
Event Log 254
Restricted Groups 255
System Services 255
Registry 255
File System 255
Public Key Policies 256
IP Security Policies on Active Directory 256
Security Templates 256
Object Protection 256
Access Control Lists (ACLs) 256
Access Control Entries (ACEs) 257
Security Descriptor 258
Security Identifier (SID) 259
Summary 260
FAQs 261
Chapter 8: Managing Settings, Software, and User
Data with IntelliMirror 263
Introduction 264
Deploying Software with Group Policies 264
Assigning Software 265
User Assignments 265
Computer Assignments 266
Publishing Software 266
Enhancements within Add/Remove Programs 266
Packaging an Application 268
Windows Installer 269

Creating a Package 272
Repackaging 272
113_toc 8/21/00 3:48 PM Page xvi
Contents xvii
ZAP Files 273
Customizing a Package 273
Creating Distribution Points 274
Targeting Software and Using the Software
MMC Snap-In 274
Using the Software Policy MMC Snap-In 275
Using Group Policy to Assign or Publish
an Application 276
Managing Software with Group Policies 277
Upgrading Software 278
Upgrading Windows 2000 279
Removing Software 280
Redeploying Software 281
Software Installation Options 281
Group Policy Settings 283
Application Deployment Walkthrough 285
Deployment Methods 287
Managing User and Computer Settings 287
Using Administrative Templates 288
Assigning Registry-Based Policies 290
Creating Custom Administrative Templates 293
Adding Administrative Templates 299
Using Scripts 300
Assigning Script Policies to Users and Computers 301
Folder Redirection 303
Summary 305

FAQs 306
Chapter 9: Managing Users and Groups 309
Introduction 310
Setting Up User Accounts 310
Defining an Acceptable Use Policy 310
Requirements for New User Accounts 312
Default User Account Settings 313
Logon Mechanics 313
Creating User Accounts 314
Setting Account Policies 315
Account Policy Configuration 315
Modifying Properties for User Accounts 317
Managing User Accounts 319
Deleting User Accounts 319
Resetting Passwords 319
Disabling an Account 320
Enabling an Account 320
113_toc 8/21/00 3:48 PM Page xvii
xviii Contents
Other Active Directory Users and Computers
Functions 320
Moving User Accounts 320
Mapping a Certificate to a User 321
Using Groups to Organize User Accounts 323
Group Types 323
Security Groups 323
Distribution Lists 324
Group Scope 324
Local 324
Domain Local 325

Global 325
Universal 325
Implementing Groups 326
Creating a Group 328
Assigning Users to a Group 328
Adding Users through Group Settings 328
Configuring Group Settings 328
Managing Groups 329
Changing a Group’s Scope 330
Deleting Groups 330
Implementing Local Groups 331
Preparing to Create Local Groups 331
Creating a Local Group 331
Implementing Built-in Groups 332
Built-In Group Behavior 332
Groups—Best Practices 335
Administering User Accounts 336
User Profiles Overview 337
Types of User Profiles 337
Contents of a User Profile 338
Settings Saved in a User Profile 339
Local User Profiles 340
Roaming User Profiles 340
Creating Individualized Roaming User Profiles 341
Mandatory Profiles 341
Setting Up a Roaming User Profile 342
Assigning Customized Roaming Profiles 343
Creating Home Directories 343
Home Directories and My Documents 343
Creating Home Directories 344

Advanced Techniques 345
Creating Multiple User Accounts 345
Migrating Users from a Windows NT 4.0 Domain 345
113_toc 8/21/00 3:48 PM Page xviii
Contents xix
Creating New Active Directory Users in Bulk 346
Importing Users from Novell Directory Services (NDS) 348
Summary 348
FAQs 349
Chapter 10: Managing File and Print Resources 351
Introduction 352
Windows 2000 Data Storage 352
Understanding Disk Types 352
Basic Disks 353
Dynamic Disks 354
Configuring Disks 355
Understanding Windows 2000 File Systems 357
CDFS 358
UDF 358
FAT 358
NTFS 359
Configuring File Systems 364
Configuration Options for Windows 2000 Storage 365
Logical Disk Manager 366
Removable Storage Manager 366
Remote Storage Server 367
Distributed File System 367
File Replication Service 368
Indexing Service 369
Backup Utility 369

Defragmentation Utility 369
Administering NTFS Resources 370
How NTFS Permissions Are Applied 370
Access Control Lists 371
Combining NTFS Permissions 371
Permission Inheritance 372
NTFS Folder Permissions 372
NTFS File Permissions 372
Managing NTFS Permissions 373
Special Access Permissions 375
Using Special Access Permissions 375
Changing NTFS Permissions 378
Copying and Moving Files and Folders 378
Copying Files 378
Moving Files 379
Administering Shared Resources 380
Securing Network Resources 380
Shared Folder Permissions 381
113_toc 8/21/00 3:48 PM Page xix
xx Contents
Creating Shared Folders 381
Administrative Shares 381
Creating a Shared Folder 383
Assigning Permissions to a Shared Folder 383
Managing Shared Folders 384
Administering Printers 385
Planning the Print Environment 386
Local, Remote, and Network Printers 386
Creating the Print Environment 386
Installing a Local Printer 386

Installing a Network Printer 387
Installing a Printer from Another Server 388
Loading Printer Drivers 388
Managing Printer Permissions 389
Security/Sharing Permissions 389
Printer Ownership 390
Managing Printers 390
Creating a Printer Pool 390
Specifying Printer Priorities 391
Redirecting a Printer 391
Removing Printer Drivers 391
Managing Documents in a Print Queue 392
Setting Priority, Notification, and Printing Time 392
Administering Printers by Using a Web Browser 393
Summary 394
FAQs 396
Chapter 11: Inside Windows 2000 TCP/IP 397
Introduction 398
A TCP/IP Primer 398
IP Address Classes and Subnets 398
Subnets and Routing 399
The OSI Model 400
Seven Layers of the Networking World 401
The TCP/IP Protocol Suite 403
TCP/IP Core Protocols 404
TCP 404
UDP 405
IP 405
ARP 408
ICMP 408

IGMP 408
TCP/IP Applications 408
Windows TCP/IP 410
113_toc 8/21/00 3:48 PM Page xx
Contents xxi
Windows 2000 TCP/IP Stack Enhancements 410
NetBT and WINS 410
DHCP 412
DNS 412
SNMP 412
Using TCP/IP Utilities 412
ARP 412
Hostname 413
Ipconfig 413
Nbtstat 414
Netstat 415
Nslookup 415
Ping 416
Route 417
Tracert 417
Pathping 418
Netdiag 419
SNMP 421
How Does SNMP Work? 421
Installing the Agent 422
Using Windows 2000 Monitoring Tools 425
Basic Monitoring Guidelines 425
Performance Logs and Alerts 426
Counters 427
Log File Format 427

Alerts 427
Network Monitor 428
Filtering 428
Security Issues 429
Using Network Monitor 429
Capture Window Panes 430
Buffers 430
Collecting Data 430
Filtered Captures 433
Summary 437
FAQs 439
Chapter 12: Managing Windows 2000 DHCP Server 441
Introduction 442
DHCP Overview 442
The Process of Obtaining a Lease 442
DHCPDISCOVER 443
DHCPOFFER 443
DHCPREQUEST 443
113_toc 8/21/00 3:48 PM Page xxi
xxii Contents
DHCPACKNOWLEDGMENT (DHCPACK) 444
DHCP Negative Acknowledgment (DHCPNACK) 444
Integration of DHCP with DNS 445
What Are Leases? 447
Leasing Strategy 447
Operating without a DHCP Server 448
Automatic Client Configuration 448
Manual IP Addresses 450
Design of a DHCP Configuration 450
Placement of Servers 450

Using DHCP Routers or DHCP Relay Agents 451
RRAS Integration 452
Configuring a DHCP Server 452
DHCP Scopes 453
Configuring Leases 453
DHCP Options 453
Server Options 454
Scope Options 455
Client Options 456
DHCP Options Order of Precedence 456
BOOTP/DCHP Relay Agent 457
Vendor-Specific Options 457
User Class Options 458
BOOTP Tables 459
Similarities between DHCP and BOOTP 459
Differences between DHCP and BOOTP 460
Superscopes 460
Managing DHCP Servers 461
Enhanced Monitoring and Statistical Reporting for
DHCP Servers 461
Authorizing DHCP Servers 461
How Rogue DHCP Servers Are Detected 462
Authorizing a DHCP Server 463
Deploying DHCP 464
Best Practices 465
Optimizing Lease Management Practices 466
Lengthening Lease Duration 466
Shortening Lease Duration 466
Determining the Number of DHCP Servers to Use 467
Fault-Tolerant Planning 467

Router Support Required 468
DHCP Walkthroughs 468
Installing a DHCP Server 468
Creating Leases 468
113_toc 8/21/00 3:48 PM Page xxii
Contents xxiii
Troubleshooting DHCP 471
The DHCP Database 472
Multiple Clients Fail to Obtain IP Addresses 472
Duplicate Addresses 473
Summary 473
FAQs 474
Chapter 13: Managing Windows 2000 DNS Server 477
Introduction 478
Understanding DNS 478
Domain Namespace 479
Domain Naming Conventions 480
Host and Domain Names 480
Host Names 481
Fully Qualified Domain Names 481
Zones 482
Using Zones 482
Reverse Lookup Zones 483
Zone Transfer 484
Methods of Zone Transfer 485
The Retry Interval 485
Compatibility of DNS Server Versions 485
Incremental Zone Transfers 485
DDNS Dynamic Updates 486
Understanding Name Resolution 487

Recursive Queries 487
Iterative Queries 487
Looking Up an Address from a Name 488
Looking Up a Name from an Address 489
Active Directory and DNS Integration 490
Using Active Directory to Replicate and
Synchronize DNS 491
RFC 2137 Secure DNS Updates 491
Changing Zone Types 491
Integration with DHCP 492
Registration of Server in DNS Using the SRV Record 493
Installing DNS Server Service 494
DNS Server Roles and Security Topology 494
Primary DNS Server 494
Secondary DNS Server 496
Caching-Only Servers 496
DNS Forwarders and Slave Servers 498
Security Considerations and DNS Server Location 499
Configuring DNS Server Options 500
113_toc 8/21/00 3:48 PM Page xxiii
xxiv Contents
Configuring DNS Services 503
Creating Forward Lookup Zones 503
Creating Reverse Lookup Zones 507
Record Types 508
Manually Adding Records 510
Configuring the DNS Client 511
Manually 511
Using DHCP 512
DNS Walkthroughs 513

Installation of a DNS Server 513
Creating a Forward Lookup Zone 514
Creating a Reverse Lookup Zone 514
Testing the DNS Server 516
Summary 517
FAQs 518
Chapter 14: Managing Windows 2000 WINS Server 521
Introduction 522
WINS Functional Description 522
NetBIOS Name Resolution 523
B-Node 524
P-Node 524
M-Node 524
H-Node 525
What Does WINS Do? 526
Broadcasting vs. WINS 527
LMHosts vs. WINS 528
NetBIOS Name Registration Request 528
Name Renewal 529
NetBIOS Name Release 531
NetBIOS Name Query Request 532
WINS Configuration 532
Configuring Static Entries 532
Connecting WINS Servers through Replication 535
Designing a Network of Multiple WINS Servers 538
Backing Up WINS Databases 540
New Features in Windows 2000 WINS 541
Persistent Connections 541
Manual Tombstoning 542
Improved Management Tools 544

Higher Performance 546
Enhanced Filtering and Record Searching 547
Dynamic Record Deletion and Multiselect 548
Increased Fault Tolerance 548
113_toc 8/21/00 3:48 PM Page xxiv