Validating resources located at non public ip addresses
Well over 70 percent of all support calls that come to Microsoft support services that start out as Active Directory or Exchange calls end up being DNS calls.
An internal root server doesn’t need to waste energy or cause security problems by chasing referrals.You let DCPromo configure a zone file that matches the DNS name you selected for AD. Once you enter the correct DNS entries in TCP/IP settings at the DC, populate the zone with SRV records by stopping and starting the Netlogon service.You’re so pleased with the ease of the upgrade that you forget to reconfigure the TCP/IP settings of the newly upgraded DC to point at itself for DNS. (If you’ve installed the Support Tools, you can run Netdiag /fix.) Now change the DHCP scope option to point clients at the new DC for DNS, then chase down any statically mapped servers and desktops and correct their DNS entries.The other computers get no group policies, so you can forget about any carefully-orchestrated centralized management scheme. Imagine what would happen if you asked your users to type Fully Qualified Domain Names (FQDNs) rather than simple flat names to connect to internal servers. Users are willing to type com to buy a used wristwatch, but they don’t want to type \w2k3s102school.edu\ freshman_zclass to map a drive. The domain to which the desktop or server belongs has a DNS name as well as a flat name.DNS servers, however, stubbornly insist that every query specify a target domain. You can see this suffix in the Properties of the local system (Figure 1).