Robert Steinmetz
2021-Feb-25 19:26 UTC
[Samba] Samba, Domains, Realms, Workgroups, on an AD DC
Bear with me, I'm trying to get this straight in my mind how all of the parts interrelate. I have an existing NT4 style domain and I am trying to get up to speed on AD domains to convert my existing servers to AD DCs. I've set up a AD DC on a Ubuntu 20.04 computer and have it running but I'm having difficulty understanding the relationships between the old and new terminology. I understand AD does it's name resolution through DNS and that the DNS domain and the AD realm are related to the NetBIOS domain name (aka workgroup). The realm is the uppercase of the DNS domain name. I understand that the NetBIOS domain name is the same as a workgroup name and can be anything but by convention is the leftmost? segment of the Realm, which is in turn the uppercase of the DNS domain Therefore in a DNS domain with the name sub.domain.com The REALM would be SUB.DOMAIN.COM The Netbios Domain would be SUB Is it necessary for the individual member servers and clients to be part of the DNS subdomain? Could computername.domain.com belong to Realm.CITYNAME.DOMAIN.COM and be part of workgroup CITYNAME? Or would it's DNS name be required to be computername.sub.domain.com? At present in our NT style domain the computers are all named computername.domain.com where COMPUTERNAME is also their netbios name. The workgroup is CITYNAME and there is no DNS subdomains.
Rowland penny
2021-Feb-25 19:53 UTC
[Samba] Samba, Domains, Realms, Workgroups, on an AD DC
On 25/02/2021 19:26, Robert Steinmetz via samba wrote:> Bear with me, I'm trying to get this straight in my mind how all of > the parts interrelate. > > I have an existing NT4 style domain and I am trying to get up to speed > on AD domains to convert my existing servers to AD DCs. > I've set up a AD DC on a Ubuntu 20.04 computer and have it running but > I'm having difficulty understanding the relationships between the old > and new terminology. > > I understand AD does it's name resolution through DNS and that the DNS > domain and the AD realm are related to the NetBIOS domain name (aka > workgroup). > > The realm is the uppercase of the DNS domain name. > > I understand that the NetBIOS domain name is the same as a workgroup > name and can be anything but by convention is the leftmost? segment of > the Realm, which is in turn the uppercase of the DNS domain > > Therefore in a DNS domain with the name sub.domain.com > The REALM would be SUB.DOMAIN.COM > The Netbios Domain would be SUB > > Is it necessary for the individual member servers and clients to be > part of the DNS subdomain?Yes> Could computername.domain.com belong to Realm.CITYNAME.DOMAIN.COM and > be part of workgroup CITYNAME?No> Or would it's DNS name be required to be computername.sub.domain.com? > > At present in our NT style domain the computers are all named > computername.domain.com where COMPUTERNAME is also their netbios name.Ah, I see where the confusing is coming from. The workgroup is also known as the Netbios domain name, but this should not be confused with the Netbios name aka hostname in uppercase. You are correct that the realm is the dns domain in uppercase, so if the dns domain is samdom.example.com, the realm would be SAMDOM.EXAMPLE.COM. The netbios domain name is usually the lefthand part of the dns domain (from the example above 'SAMDOM'), though it could be 'ANYTHING' (literally) The netbios name is the hostname in uppercase. Rowland