This has been bugging me for a while.
We all know Active Directory is a LDAP database.
We also know that the Windows DNS service, when running on a domain controller, can store its data in AD instead of plain text zone files, thus taking advantage of AD automatic replication and removing the need for primary/secondary DNS servers.
The question: where and how are DNS data actually stored in Active Directory?
Can they be accessed using LDAP tools such as ADSIEdit?
Is any DNS entry an actual LDAP object?
An attribute in an object?
Something entirely different?
Answer
Here is an article I found that may get you started. I can never remember the path to the records off the top of my head.
As it mentions basically you can find your DNS information in the AD at this path.
DC=,cn=MicrosoftDNS,cn=System,,
So if you had a domain example.org you would see it at.
DC=example.org,CN=MicrosoftDNS,CN=System,DC=example,DC=org
Your questions:
Is any DNS entry an actual LDAP object?
Your zones will have a object class of dnsZone. Under the zone there will be all your records stored as the class dnsNode.
Can they be accessed using LDAP tools such as ADSIEdit?
Yes, fire up adsiedit or ldp and browse to the above location.
No comments:
Post a Comment