DNS Hierarchy and Active Directory

Every Windows 2000 domain has a DNS name (for example, reskit.com), and every Windows 2000–based computer has a DNS name (for example, win2kserver.reskit.com). Thus, domains and computers are represented both as objects in Active Directory and as nodes in DNS.

Because DNS domains and Active Directory domains share identical domain names, it is easy to confuse their roles. The difference is that the two namespaces, although sharing an identical domain structure, store different data and, therefore, manage different objects: DNS stores zones and resource records, and Active Directory stores domains and domain objects. Both systems use a database to resolve names.

• DNS resolves domain names and computer names to resource records through requests received by DNS servers as DNS queries to the DNS database.
• Active Directory resolves domain object names to object records through requests that are received by domain controllers as LDAP search requests or as modify requests to the Active Directory database.

Thus, the Active Directory domain computer account object is in a different namespace from the DNS host record that represents the same computer in the DNS zone. For more information about using Windows 2000 DNS server, see "Windows 2000 DNS" in the TCP/IP Core Networking Guide.

© 1985-2000 Microsoft Corporation. All rights reserved.