The Importance of a Domain - Joining a Domain
(Page 3 of 11 )
In a workgroup, machines were able to make themselves members by setting their workgroup value name; there was no central control or a selection committee on who could join. This is very different from a domain. Since you now have a central administration point and database, you have to be granted permission to join the domain because not everyone can be in a domain.
Unlike a workgroup, a domain is considered a corporate concept and so the "home user" versions of Windows do not support the ability to join a domain. They may access resources in a domain but are not considered part of the domain. (In fact if your workgroup account has the same name and password as a domain account then you can access resources in the domain without having to manually supply credentials!)
The table below shows the common operation systems and their domain compatibility:
| Operating System | Domain Compatible? |
| Windows 95 | No |
| Windows 98/98se | No |
| Windows Me | No |
| Windows NT 4 Workstation | Yes |
| Windows NT 4 Server | Yes |
| Windows 2000 Professional | Yes |
| Windows 2000 Server (all versions) | Yes |
| Windows XP Home Edition | No |
| Windows XP Professional | Yes |
| Windows 2003 Server (all versions) | Yes |
Notice that only the NT-based operating systems can operate in a domain (except for XP Home Edition). It is not just the workstation brands of Windows but also the server versions, which can operate as members of a domain. They do not have to be domain controllers to be in a domain, they can also take advantage of the central account database and are known as "member servers".
Once your client operating system is capable of being in a domain it has to be joined to the domain by an Administrator of the domain (an Administrator is like a super-user with the ability to modify the accounts database). Normal domain users cannot add computers (although this changes with the Active Directory). The computer actually has an account in the domain, just like a user, and this account can be created in advance by joining the domain via the Server Manager application or by specifying an Administrator's credentials when performing the domain-joining action, which results in the computer's account being created on demand.
The exact method of joining a domain varies slightly between the operating systems (and these are discussed later in Chapter 2) but the result will be a notification of the successful join and a prompt to restart your computer.
Once a computer is a member of the domain upon startup the user will be prompted to enter the secure-attention sequence (or Ctrl+Alt+Del as it is commonly known) which then allows the account and password to be specified.
In the logon screen shown, we see more than just one domain listed as an option to log on to. This is because of various trust relationships in place and an option to log on using the local SAM database, which we can use if we do not wish to use a domain account. Of course, in any corporate environment, users would not have any local accounts and would have to use the domain options.
Notice the format of the domain names, CHILD1, CHILD2, and SAVILLTECH. With the domain implementations prior to the Active Directory all domain names were NetBIOS names having a maximum length of 16 characters. NetBIOS stands for Network Basic Input/Output System, which separates the details of the network from an application by enabling the application to specify a destination for a request. NetBIOS is network independent and while originally running over NetBEUI, it was modified to also run over TCP/IP.
Since NetBIOS names can be up to 16 characters the maximum length for a domain name is actually 15 characters as the final character is used to specify the type of resource; for example <1C> is used to specify that the resource is a domain controller. A full list of the NetBIOS suffixes can be found in Knowledge Base article Q163409 that can be accessed via http://support.microsoft.com.
When you create a domain during the installation of Windows NT Server, you must enter a domain name of 15 characters or less and while some other characters are allowed you should stick to using characters A-Z, 1-9, and the hyphen character. Other legal characters are ! @ # $ % ^ & ( ) -_ ' { } . ~ although these can cause complications.
We know the domain controllers have a NetBIOS resource entry of type 1C but how will the clients actually find the domain controllers? There are three methods. The order in which they are used depends on the configuration of the client, and the options enabled on your network and clients:
- WINS Request: If WINS is enabled on the network when servers and clients startup they register their NetBIOS name to IP address mappings dynamically. When a client needs to resolve a NetBIOS name, such as a domain name, it sends a request to the WINS server, which will send back a list of up to 25 matching entries. WINS is mandatory in any medium-size company.
- Broadcast: With broadcast the client will just send out a request to its local subnet asking if anyone owns the destination name. Due to the amount of traffic created by the broadcasts and the fact that NetBIOS broadcasts are not routable, this method is only useful for small non-routed networks.
- LMHOSTS Entry: Each computer can have a lmhosts file, which resides in the %systemroot%system32driversetc folder (%systemroot% is an environment variable that points to the root of your Windows installation, for example, C:Windows). This file can have NetBIOS entries and one type can be for domain controllers. For example, 10.0.0.1 omega #PRE #DOM:savilltech #savilltech domain controller. This sets up IP address 10.0.0.1 to be host Omega, which is the domain controller for savilltech and instructs the machine that this entry is to be preloaded into the cache, where it would be used before any WINS lookup or broadcast.
The actual order in which a WINS request or broadcast occurs depends on the configuration node type of the client and this will be explored further in future chapters. For now, we just need to understand that the methods of finding a domain controller vary but are all based around NetBIOS domain names.
Next: What do I Need the Active Directory For? >>
More IIS Articles
More By PACKT Publishing
|
 This article is taken from chapter one of the book Windows Server 2003 Active Directory Design and Implementation: Creating, Migrating, and Merging Networks by John Savill (PACKT Publishing, 2005; ISBN: 1904811086). Check it out at your favorite bookstore. Buy this book now.
|
|
