Integrating Address Manager into Active Directory - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

DNS/DHCP Server and Address Manager fully support Active Directory DNS integration. This section describes how to integrate Address Manager into Active Directory.

Both the forward and reverse zones for a namespace should integrate with Active Directory. Active Directory depends upon the use of Host (A), Service (SRV), and Reverse Pointer (PTR) records for functionality.

To integrate Active Directory using Address Manager:

  1. If you haven't already done so, add the managed DNS Server(s) you will use with Active Directory.
  2. Select the DNS tab and create a zone that matches the name of the AD domain. Make sure to select the Deployable check box. Once the zone is added, the selected Deployable option will be inherited for the sub-zones. Consider adding the sub-zone that begins with _msdcs to match the similarly named sub-zone on Windows.
  3. Create the necessary Deployment Roles. Since DNS servers don't support the AD Integrated deployment role, you will typically assign the Primary and Secondary roles.
  4. From the Zone level, add the Allow Dynamic Updates DNS options, set the Type to BlueCat DNS/DHCP, and enter the IP addresses of all Domain Controllers.
  5. For Reverse Space, select the IP Space tab and complete the following:
    1. Create the network(s) containing the IP address of the AD domain controllers.
    2. Statically assign the IP address of the domain controller.
    3. In the Host Name field enter the name of the domain controller. For example, if the Domain Controller is named dc01, then you would create the record dc01.example.com.
  6. Deploy DNS to managed DNS Servers.

After deployment, it takes time for the domain controllers to register their records. The amount of time taken depends on the DCs’ registration settings and can be changed to suit your organization's needs. DCs usually inspect their records after the interval has expired. After the DCs have registered their records, a refresh of the primary server's configuration shows the Active Directory records.

Modern Windows clients are able to register their own Address (A) and Pointer (PTR) records with the DNS server. In most cases, organizations use DHCP servers to register directly with the DNS server on the client's behalf. To allow DHCP servers and or clients to dynamically update the zone in managed DNS/DHCP Servers, you must add the IP addresses of the DHCP servers or the client devices IP networks.