Making Ready for Active Directory

Parts of our campus have been using Microsoft Active Directory
for a year or so, but we will soon have more emphasis on AD because
our administration is pushing in that direction.

So far, I have learned that each Microsoft domain needs the
4 _xx.newmsdomain.tld zones and, in our case, I have been allowing the
domain controllers update privileges for their _xx zones.

Also, if the domain controller thinks it should be known by
some other name than what it is officially known by in its A record,
the only thing that seems to work is a redundant forward and reverse A
record mapping that name to its IP address. Cnames won't cut it. So
as not to confuse anyone, these controllers can update the _xx zones,
but usually are not allowed to update their A record because that
would let all of them update the TLD and the reverse map which is
just asking for trouble.

Can anybody think of any other issues that I need to learn
about, hopefully before they just hit me one day and I am wondering
what to do or that ominous rumbling starts in the hills in which some people
say that maybe we need a different name server, etc. Normally, that
talk comes from those who understand things the least, but there is
nothing like preparedness to quell any concerns.

So far, bind has been like the proverbial Timex watch that can
take a lickin' and keep on tickin'.

Martin McCormick WB5AGZ Stillwater, OK
OSU Information Technology Division Network Operations Group