Microsoft's official enterprise support blog for AD DS and more
Hi folks, Ned here again. We’ve released another wave of Best Practices Analyzer rules for Windows Server 2008 / R2, and if you care about Directory Services you care about these:
AD DS rules update Info: Update for the AD DS Best Practices Analyzer rules in Windows Server 2008 R2 Download: Rules Update for Active Directory Domain Services Best Practice Analyzer for Windows Server 2008 R2 x64 Editions (KB980360)
AD DS rules update
Info: Update for the AD DS Best Practices Analyzer rules in Windows Server 2008 R2 Download: Rules Update for Active Directory Domain Services Best Practice Analyzer for Windows Server 2008 R2 x64 Editions (KB980360)
This update BPA for Active Directory Domain Services include seven rules changes and updates, some of which are well known but a few that are not.
DNS Analyzer 2.0 Operation Info: Best Practices Analyzer for Domain Name System – Ops Configuration info: Best Practices Analyzer for Domain Name System - Config Download: Microsoft DNS (Domain Name System) Model for Microsoft Baseline Configuration Analyzer 2.0
DNS Analyzer 2.0
Operation Info: Best Practices Analyzer for Domain Name System – Ops Configuration info: Best Practices Analyzer for Domain Name System - Config Download: Microsoft DNS (Domain Name System) Model for Microsoft Baseline Configuration Analyzer 2.0
Remember when – a few weeks back – I wrote about recommended DNS configuration and I promised more info? Well here it is, in all its glory. Despite what you might have heard, misheard, remembered, or argued about, this is the official recommended list, written by the Product Group and appended/vetted/munged by Support. Which includes:
Awww yeaaaahhh… just memorize that and you’ll win any "Microsoft recommended DNS" bar bets you can imagine. That’s the cool thing about this ongoing BPA project: not only do you get a tool that will check your work in later OS versions, but the valid documentation gets centralized.
- Ned “Arren hates cowboys” Pyle
Oh, I missed the word “WILL” in your post. So, currently we DO NEED the MBCA-based BPA for DNS on R2. But eventually this will change. Thanks for the info.
BTW, AFAIK you can safely delete the “domain-nested” _msdcs zone. And re-create it as a separate (root-based) zone. And if everything goes right it will be filled up automatically. I didn't do this for a long time, but hope I remember it correctly. Right?
The MBCA tool should work on Windows Server 2008 Standard Edition,
Thanks for your feedback Evren, We have updated the download page with additional build information.
Thanks for the feedback Evren.
Updated the download site with the list of supported supported WS08 OS versions.
www.microsoft.com/.../details.aspx
I had the same issue as sgrinker, and a hell of a time figuring it out. Maybe the BPA could link support.microsoft.com/.../817470 for those who are thick like me?
Also, I'm really curious about something. I recall once upon a time, the best practice for DNS resolution settings on the (single) NIC of a DC/DNS server was: point DNS at your own address. So for a DC/DNS server at 10.0.0.3, it should have as its *only* DNS server, the address 10.0.0.3. As I recall, the reasoning for this was, it was best to have the netlogon service register all those SRV records with the local DNS server which would then replicate them out to other DNS servers. In this way the DC would always be able to locate itself via its own DNS server.
So, do I remember that right? And if I do, when did the thinking on this change, and why?
Thanks!