Dynamic Groups Is Not Supported in DSfW

13.4.1 User Samification Fails On Moving Users into a DSfW Domain

When you move a user into a DSfW domain, the user samification fails. This means that AD attributes will not be generated for this user and hence the user will not be a part of the domain. This issue occurs when master replica of the domain partition is present on a non-DSfW server.

13.4.2 Moving User Objects Across Containers

When you move objects across containers through MMC, even though the move operation is successful, you might get an error message saying that Windows cannot move that object because there is no such object on the server. You can use MMC to connect to the domain controller that holds the master replica and retry the operation.

13.4.3 Primary Group Appears Twice in the memberOf Properties Page

DSfW explicitly adds users to the primary group. This causes MMC to display the group twice in the memberOf property page.

13.4.4 Adding Newly Created Users to a Group gives Error Message

You cannot add users by using MMC to Domain Local, Global and Universal Groups who do not have the Last Name property. Though an error message is displayed, the users are added to the groups.

The error message can be avoided if the user is created with the Last Name property.

13.4.5 Dynamic Groups Is Not Supported in DSfW

DSfW server does not support Dynamic Groups. However if applications are connected to plain eDirectory servers, dynamic groups will function as expected.

162 OES 2015: Domain Services for Windows Administration Guide

14

Understanding DNS in Relation to DSfW

The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the network. DNS stores information in a distributed, coherent, reliable, autonomous, and hierarchical database.

DSfW uses the Novell DNS service as its location service, enabling users or computers to find the location of network resources. It maps hostnames to IP addresses and locates the services provided by the domain, such as LDAP, Kerberos and Global Catalog.

Novell DNS Services in Open Enterprise Server (OES) integrates the Domain Name System (DNS) service into eDirectory. Integrating this service into eDirectory provides centralized administration and enterprise-wide management of DNS by using the Java Management Console. The Novell DNS configuration information is replicated just like any other data in eDirectory.

NOTE: A Novell DNS server can only be managed by using the Java Management Console utility.

The DNS YaST plug-in or the DNS plug-in of Microsoft Management Console (MMC) do not support managing a Novell DNS server.

14.1 DSfW and DNS

DSfW uses the Novell DNS service that is included with OES. The DNS server that gets installed when you choose the DSfW pattern for installation is configured with DSfW-specific configuration.

While installing the first domain controller of a domain, you can configure a new DNS server or use an existing parent domain DNS server to host the new domain information. By default, the first domain controller in the forest root domain is automatically configured to be the DNS server. This is done for both name-mapped and non-name-mapped installations, if the Configure this server as a Primary DNS server option in YaST is selected while configuring the first domain controller of the forest root domain.

When a domain controller is added to a forest, the DNS zone hosted on a DNS server is updated with the DNS Locator object, the Address (A) record and the Service (SRV) record. To find domain controllers in a domain or forest, a client queries DNS for the SRV and A resource records of the domain controller. These records help in domain name resolution and service identification. For more information about A and SRV resource records, see “Types of Resource Records” in the OES 2015:

Novell DNS/DHCP Services for Linux Administration Guide.

While provisioning the DSfW server, secure dynamic updates are enabled as part of the Update Service Configuration task. Dynamic updates enable DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur.

An existing DSfW DNS server can be migrated to Active Directory DNS in order to facilitate

management of DNS data from the MMC DNS plug-in. However, migration of DNS does not provide Active Directory's inherent storage and replication benefits. For information about how to migrate DSfW DNS to Active Directory DNS, see Setting Up a Windows DNS Server for DSfW.

164 OES 2015: Domain Services for Windows Administration Guide

14.1.1 Limitations

 It is not possible to use an existing Novell DNS server configured on a local or remote server to work with DSfW.

 Third-party DNS servers are also not supported, with the exception of the Windows DNS, which can later be used by transferring the DNS data from an existing DSfW DNS to the Windows DNS. For more details, see Section 14.2.3, “Configuring a Domain Controller by Using an Existing DNS Server,” on page 165.

 DSfW cannot be configured with an existing Windows DNS. However, an existing DSfW DNS server can be migrated to a Windows DNS server. For details, see Setting Up a Windows DNS Server for DSfW

14.2 Understanding DNS Settings in the DSfW