IT Tech 5 Review

Please complete the following, providing responses in your own words that demonstrate your knowledge of each item. 1. Describe the steps you would take to resolve duplicate IP address conflicts on a DHCP network? 2. Explain, in detail, the basic architecture and components of a PC. 3. Explain how a RAID controller works and what its benefits are. 4. Describe the various features and uses of a hard drive's S.M.A.R.T. feature. 5. You attempt to boot a system via a USB key, but the system just boots to the OS on the HDD. What are some possible problems and solutions? Describe as many as possible. 6. PC-Doctor makes diagnostic software. Describe your understanding of diagnostic software works and the benefits it provides. 7. Sales support specialists work directly with both sales and engineering teams. Scenario: A customer submits a support ticket to convey that our product crashed, and is unhappy to have spent money and time trying to work with our product. Describe how you would respond to this customer, the support ticket you would create, and how you would leverage your sales and engineering contacts to try and win over this customer.

1) To resolve the issue of having a duplicate IP address on a DHCP network, the first step I would take would be to make sure to stop the network usage until the issues is resolved. This step would first be done to make sure it does not affect other machines on the same network. The next possible step would be to attempt to find the duplicate IP address machine that is in use. A method that can help besides having access to a smart switch would be to look up the MAC address of the device. This can be done by checking the system log and finding the DHCP error for conflicting IP addresses, it will then provide the MAC address for the device. After getting the MAC address it will help sort out the device, rather it be a PC or printer and help narrow down the location or tell you which device is the duplicate. If the device is not found yet, a brute force approach can be taken and searching the switches in the network by unplugging different ones it will help track down the device. The last step could be a simple IPCONFIG to release and renew on the device so it could get another IP from the router. Many times, this issue occurs because of using a static IP on a device so releasing the IP should fix the issue but if required the last step would be to reset the router/DHCP server to reassign IP addresses to all devices but this last step could take a longer time then actually tracking down the device causing the issue. 2) The fundamental architecture for the components of a computer system can be describe in four main components. 1. The hardware - This includes CPU, Memory, HDD, I/O devices and the Motherboard. 2. The Operating system - It controls the hardware and gives a user interface to use programs and other features. 3. The application Programs - Examples can be MS office, Games, Internet browsers etc. 4. The users - People that will interact with theses PCs or could be other devices that will use the PC. An example of the structure can be seen in this picture below. It helps demonstrate how the layers of the architecture work together to provide all the services a PC offers. 3) The RAID controller (Redundant Array of Inexpensive Disks) is a hardware device or software program that can connect multiple drives together to simulate a single array. The main goal being to achieve the speed and reliability of disks that are normally more expensive. Separate set ups will allow users to achieve different speeds or to strive for reliability and data redundancy. The reliability comes from saving a lot of time of doing backups and being able to have no down time if a HDD was to fail. There are various levels of RAID that offer different usages. One feature is having access to multiple drives, it helps the speed by allowing the data to write to different drives. There are six levels of RAID starting at Level zero to six. The raids depend on the type of user and feature needed, it can be RAID 1 that allows data redundancy or read speeds and mirrors the disks. RAID five and six are mostly for web servers or high read environments. 4) A few features offered by HDD S.M.A.R.T drives are the ability to monitor its health and help detect and report indicators of the device reliability. This is a helpful feature that can help prevent hardware failures before any data is lost for a user. 5) A few potential problems could start of by not having the correct format for the USB to boot, The PC has legacy or UEFI settings that are preventing an external device to boot and the boot order or device settings require a different process/action to boot to a flash drive. The first step for these solutions will be to check the USB drive on another PC and make sure it's in a ISO bootable format. After figuring out the USB is not the issue, booting to the PCs bios will show the settings being used, boot order established and most importantly making sure the correct process is being used to boot to device. Many devices have f12 or ESC as the boot up initiation before the OS loads to the PC. 6) Diagnostic software can test the hardware on devices and test to see if anything is failing or offer potential fixes. From a simple overview, the diagnostic software runs various stress tests on hardware such as the memory (RAM) or HDD to see if it is at risk for failure. These tests are done by running different patterns that can show failures in the bits used for the HDD. An example can be seen in HDD drives that sometimes have issues such as memory allocation and by running tests that can see the different sectors used on a HDD it can tell if a problem is occurring on the disk usage. The great benefits that come from using the software is being able to address an issue brought up by a client and finding out that it is not software related but because of hardware failure. It's also beneficially in preventing major losses or issues by alerting users that it may experience a failure and can potential give time to fix the issue or save required data. 7) I would first begin by apologizing to the customer for the inconvenience and letting them know that I would like to get started on fixing the issue for them. Next, I would ask for questions that would better help direct what the issue can be. An example could be what is running when you are using our software, did it only occur once and ask if the software has been updated. Once the few simple questions can be answered and the issue is better understood I would submit a support ticket with all the information provided by the customer and maybe a small input of what I believe is occurring from the customers information provided. The support ticket would also contain detailed information as to what device was in use or Operating system and the software version it was running. Since the client is not satisfied with the product I would send a notification to all sales and engineering contacts that are working with the customer or this ticket. This would help let others know if we could go an extra step and make things better for this customer by getting a fast fix for the client or being able to keep them updated on how we are working hard to fix their issue. Being able to communicate with the client and showing them we apricate their business by attempting to find their solution as soon as possible.

Describe how you troubleshoot a problem?

1. Gather information (version, steps, etc) 2. Attempt to reproduce 3. Once able to attempt to zero in on what could be the problem 4. Attempt a fix based on an error code or look up new method to fix it.

disaster recovery plan

A detailed process for recovering information or an IT system in the event of a catastrophic disaster such as a fire or flood

Describe your experience with C# programming language and SQL.

C# is the primary language that was used throughout my career as an undergrad. Many assignments and major projects would utilize C#. For example, my senior project was done using both C# and SQL, to develop an android application. While my previous position did not involve much C# work, I still constantly work with C# to ensure my skills remain the same. Often, I work on side projects at home to continue using my programming skills and learning about new ways to utilize them. I did often use SQL in my previous position as we provided software that includes databases. As such, customers often time needed help querying their database for specific information or to repair to a corrupted database and this would need to be done using SQL.

JAMF

Dealing with your own devices can be tricky; but for a small business, juggling employees' Mac, iPhone and iPad devices can take time away from your primary job. Jamf Now is an affordable, cloud-based solution that makes mobile device management easy, so you can focus on your day job. Getting started is a cinch and doesn't require you to spend hours on the phone or get a degree in MDM. Instead, Jamf Now is intuitive and efficient, giving you on-demand set-up, management and protection for your Apple devices - and all without up-front costs. Get set Jamf Now is all about supporting your users without requiring IT- and in a manner that doesn't steal hours you could otherwise spend on valuable work. The set-up process is suitably streamlined, so you can remotely set up and configure Apple devices in mere minutes. If you're dealing with a group of devices, Blueprints can speed things along, providing templates for deployed apps and settings. Newcomers can enroll devices after being sent a URL, or with device enrollment through Apple Business Manager, users can be up-and-running without needing to manually configure their device. Everything your employees require for their business needs can be dealt with in a snap: configuration of company email accounts; details for a range of secure Wi-Fi networks (no more remembering passwords for anyone!); and app installation - including the means to reassign existing purchases, thereby maximising your investment. You'll manage Setting things up is only half the battle - when you have numerous devices in the wild, they must be kept updated. Also, it's handy to know where they are if they are lost. Fortunately, Jamf Now helps you keep track of them, automatically update apps, and push operating system updates to macOS and iOS devices. This is great for the big picture stuff - you can take inventory of your devices (and export salient information to accounting software), and roll out a new OS update to every single one of them. But Jamf Now lets you drill into the finer details too. Need to know the model, serial number and amount of free storage on a specific device? No problem. Only want to send a brand-new OS update to a single test unit? Go for it. You have complete control, wherever you happen to be. Be secure Jamf Now gives you peace of mind in other ways as well. Not everyone is great at securing their devices but you can help them by enforcing passcodes, setting an auto-lock period, and activating FileVault data encryption on macOS devices. Should iOS devices be specifically for work purposes, they can be secured - and, in the case of kiosks, restricted to a single app. When disaster strikes and a device is lost or stolen, you needn't worry. Invoke Lost Mode on an iOS device to display a custom lock screen message or disable the device until it is recovered. Alternatively, you can remote-wipe a unit to ensure your company's data remains safe. And if your own device goes missing, given that you have the power to manage all the other devices in your care? Your Jamf Now account is covered by way of two-step verification. So from set-up to safety, Jamf Now makes device management simple. Start securing your business today: create your free account now, and set up your first three devices, which will remain free forever.

Describe your experience with the installation, maintenance and repair of network workstation hardware and list your employer where this experience was obtained.

Experience from Best Buy: · Regarding installation, responsibilities would involve installing both software and hardware. Software installations ranged from simple (e.g. MS Office, Anti-Virus software, Adobe suite), to more complicated software that would require additional setup (e.g. Outlook, Dragon Speech software, Tax software). Besides installing software products other software installations would include hardware drivers (e.g. printers or WiFi cards) and operating system installs (Windows, Mac OS, Chrome OS). Hardware installs would range from single components (e.g. Ram, SSDs, Power Supply, CPU, DVD drive, keyboard (laptops), WiFi card, GPU video cards), along with building entire systems by ordering the parts and case needed to build a new PC. · Maintenance involved taking care of all current computers to ensure that they were running to optimum performance. Scanning for Viruses, running hardware diagnostics, and completing all new software updates, this would ensure that the PC is running correctly. · Repair for many PC's would always start off by running hardware diagnostics and scanning for viruses. After the initial scans it would usually be apparent if a hardware component was failing or if a removed virus was causing any issues. Additional steps would involve attempting to reproduce the reported issue and manually fixing the issue based on the results. For example, many times users could have issues connecting to the internet and repairing this issue would require checking the network settings and ensuring we could get it to connect on our network. If a component failed diagnostic, a replacement would be required to repair the issue. If a virus had caused corruption to the operating system (e.g. to the registry or settings), a restore/refresh would be recommended to successfully restore the OS to a stable state. Experience from PC-Doctor: · Installation involved installing all of PC-Doctors diagnostic software to various devices with the following operating systems: Linux, Windows, Android, and Chrome OS. Support for the software would often require troubleshooting specific hardware or specific environments (i.e. a specific operating system or a network that is isolated). As such, maintenance for our in house test bench of hardware (various laptops and desktops, used to troubleshoot issues) would be required. Along with maintaining the virtual machines (e.g. product keys and software) that are used to simulate specific environments. In terms of repair, it was mostly software based. From the issues reported, debug logs would be reviewed, and repairs would often be done for the application (Dells Support Assist or PC-Doctor Toolbox for Windows), factory products (repairs to the database), or a customer's environment (external applications that could conflict with our software).

SCCM

Short for System Center Configuration Manager, SCCM is a software management suite provided by Microsoft that allows users to manage a large number of Windows-based computers. SCCM features remote control, patch management, operating system deployment, network protection and other various services. Users of SCCM can integrate with Microsoft InTune, allowing them to manage computers connected to a business, or corporate, network. SCCM allows users to manage computers running the Windows or macOS, servers using the Linux or Unix, and even mobile devices running the Windows, iOS, and Android operating systems. SCCM is available from Microsoft and can be used on a limited-time trial basis. When the trial period expires, a license needs to be purchased to continue using it. What is the use of SCCM? One Client:The ConfigMgr client controlling all installations on a computer, both software updates and application installations. No more "Another installation is already running errors". When ConfigMgr installs a software update to a c client Software distribution is paused to avoid these situations. When using a standalone WSUS the ConfigMgr client and WSUS client often tries to install software updates at the same time, which results in an error which is a hazard both for the end user and to the IT department. This is the one thing that many don't think about but I think is one of the most important once. Reporting:There are many built-in reports for Software Update Compliance, troubleshooting and details. The reports combined with all the other information ConfigMgr holds about your clients in your environment you can easily create really powerful and customized reports that you need in your environment. Unified Management / One console to rule them all:When using Configuration Manager 2012 for Software Updates as well as all other features in Configuration Manager 2012 like Application Management, OSD, Settings Management, inventory and now also Endpoint Protection you will have a single management console for your environment. Maintenance Windows:Maintenance Windows can be used to control when changes are allowed to be made to a specific system. This means that you deploy the update once and then based on Maintenance Windows the updates are installed and the servers are rebooted according to the deployment. More information about Maintenance Windows. Scheduling:In Configuration Manager 2012 we have much more available options when it comes to scheduling an update and in combination with Maintenance Windows, it is truly powerful. One Infrastructure:The actual software update files are downloaded from the local DP and not the WSUS/SUP server. This means that you will not need a separate WSUS infrastructure and the updates are downloaded from the DP which minimizes the WAN impact for remote sites. Automatic deployment rules:This isn't really a benefit compared to WSUS, but as it is a new feature of Configuration Manager 2012 I will still add it to the list. It is possible to automatically approve updates, download them and distribute them to the DP's automatically, just as you would in WSUS. More Information System Center Updates Publisher:You can use System Center Updates Publisher to both download vendors catalog's with updates like Adobe, HP and Dell and to publish your own updates into the WSUS DB and deploy them as updates in Configuration Manager 2012. More Information OS deployment integration:A built-in task is available and can be used to deploy software updates from Configuration Manager during the OS deployment in the Task Sequence. End-user experience:Software center is used for all end-user interaction, dialogs shown to the user all have the same look, making it easier for the end user to understand what is happening. Targeting:Using query based collections we get really powerful options for targeting. We can dynamically create a collection based on any value that exists in the database, for instance, divide all clients based on the last number in the computer name, and deploy software updates to computers with odd computers on one day and all with even numbers the day after. Spreading the load and the risk automatically. Offline Servicing of Images:If you use ConfigMgr 2012 for managing your Software Updates you can use the built-in feature to do offline servicing on you OS Images, which means that you can install OS related Software Updates in the image without rebuilding the image. This will reduce the number of times you have to rebuild the image. More information. How SCCM Works? Packages are created in the SCCM console which contains the executable files and the command lines for the application to be installed. These packages are then replicated on "Distribution Points". Distribution points are nothing but sort of File Servers which are used to store the content of the packages for a particular region. Therefore, if a bunch of machines are remotely located then they can locally download the application from a Distribution point, rather than connecting all the way to the SCCM Primary Server. All the machines in an SCCM environment will have an SCCM Client agent installed on them, which essentially helps a machine to be able to communicate with the SCCM Servers. Therefore a deployment is created by the SCCM admin where an application is targeted on a bunch of machines. With the help of the SCCM client agent installed on the end users machine, it keeps checking for new policies or deployments. Once the policy has reached the end machine, it will be evaluated and it will reach out to its respective regional Distribution Point for downloading the Content of the package. Once the executable files are downloaded in a temp folder (C:\Windows\ccmcache) they are installed locally and status for the same is sent back to the SCCM Server to be updated in the database. This is a very brief set of steps and there are a lot of other things involved in the background. Also not every infrastructure is the same so for some of them, there can be a lot of additional steps to be taken. But the core components used in Software Distribution (Packages/Application, Programs, Distribution Points, Client Machine) will remain the same. For More Information Download the eBook from Here.

Describe your experience with end-user computer support.

Throughout my career I've had the opportunity to gain experience with different types of end-user support. At Best Buy, the end-user support was mostly in person with various clients that would come by to check in their computer. Best Buy also provided support to it's end-users via phone calls. At PC-Doctor, I've continued to provide support to end-users for all of PC-Doctor's software products, but this was done slightly different. For example, for PC-Doctor's retail products (e.g. Dell SupportAssist, PC-Doctor Toolbox for Windows/Android, Service Center, and Service Center Remote), support was provided via FreeStyle that collected submitted support tickets. All contact was done via email and sometimes a phone call could be done if needed. For our larger customers that would use our software on site, support was provide via email/phone and this often could lead into remoting into their servers to help fix issues or traveling onsite to fix issues and provide training for our software if needed.

Software that used in house, across support team.

Track-IT:is the IT help desk software and asset management solution trusted by small to medium sized businesses worldwide for over 20 years. SharePoint: SharePoint is Microsoft's collaboration platform, similar to Google Drive, yet much more. It's a place where team members can communicate, exchange data, and work together; a shared file repository, blog, web content management system, and an intranet. (Confulence)

What is scope creep?

Unmanaged changes that occur to a project's scope

UAT testing

User Acceptance Testing (UAT), also known as beta or end-user testing, is defined as testing the software by the user or client to determine whether it can be accepted or not. This is the final testing performed once the functional, system and regression testing are completed

Support techniques

agile, cycles, IT desk support, scrum

AD

https://serverfault.com/questions/402580/what-is-active-directory-domain-services-and-how-does-it-work Active Directory Domain Services is Microsoft's Directory Server. It provides authentication and authorization mechanisms as well as a framework within which other related services can be deployed (AD Certificate Services, AD Federated Services, etc). It is an LDAP compliant database that contains objects. The most commonly used objects are users, computers, and groups. These objects can be organized into organizational units (OUs) by any number of logical or business needs. Group Policy Objects (GPOs) can then be linked to OUs to centralize the settings for various users or computers across an organization. When people say "Active Directory" they typically are referring to "Active Directory Domain Services." It is important to note that there are other Active Directory roles/products such as Certificate Services, Federation Services, Lightweight Directory Services, Rights Management Services, etc. This answer refers specifically to Active Directory Domain Services. What is a domain and what is a forest? A forest is a security boundary. Objects in separate forests are not able to interact with each other, unless the administrators of each separate forest create a trust between them. For example, an Enterprise Administrator account for domain1.com, which is normally the most privileged account of a forest, will have, no permissions at all in a second forest named domain2.com, even if those forests exist within the same LAN, unless there is a trust in place. If you have multiple disjoint business units or have the need for separate security boundaries, you need multiple forests. A domain is a management boundary. Domains are part of a forest. The first domain in a forest is known as the forest root domain. In many small and medium organizations (and even some large ones), you will only find a single domain in a single forest. The forest root domain defines the default namespace for the forest. For example, if the first domain in a new forest is named domain1.com, then that is the forest root domain. If you have a business need for a child domain, for example - a branch office in Chicago, you might name the child domain chi. The FQDN of the child domain would be chi.domain1.com. You can see that the child domain's name was prepended forest root domain's name. This is typically how it works. You can have disjoint namespaces in the same forest, but that's a whole separate can of worms for a different time. In most cases, you'll want to try and do everything possible to have a single AD domain. It simplifies management, and modern versions of AD make it very easy to delegate control based on OU, which lessens the need for child domains. I can name my domain whatever I want, right? Not really. dcpromo.exe, the tool that handles the promotion of a server to a DC isn't idiot-proof. It does let you make bad decisions with your naming, so pay attention to this section if you are unsure. (Edit: dcpromo is deprecated in Server 2012. Use the Install-ADDSForest PowerShell cmdlet or install AD DS from Server Manager.) First of all, don't use made up TLDs like .local, .lan, .corp, or any of that other crap. Those TLDs are not reserved. ICANN is selling TLDs now, so your mycompany.corp that you're using today could actually belong to someone tomorrow. If you own mycompany.com, then the smart thing to do is use something like internal.mycompany.com or ad.mycompany.com for your internal AD name. If you use mycompany.com as an externally resolvable website, you should avoid using that as your internal AD name as well, since you'll end up with a split-brain DNS. Domain Controllers and Global Catalogs A server that responds to authentication or authorization requests is a Domain Controller (DC). In most cases, a Domain Controller will hold a copy of the Global Catalog. A Global Catalog (GC) is a partial set of objects in all domains in a forest. It is directly searchable, which means that cross-domain queries can usually be performed on a GC without needing a referral to a DC in the target domain. If a DC is queried on port 3268 (3269 if using SSL), then the GC is being queried. If port 389 (636 if using SSL) is queried, then a standard LDAP query is being used and objects existing in other domains may require a referral. When a user tries to log in to a computer that is joined to AD using their AD credentials, the salted and hashed username and password combination are sent to the DC for both the user account and the computer account that are logging in. Yes, the computer logs in too. This is important, because if something happens to the computer account in AD, like someone resets the account or deletes it, you may get an error that say that a trust relationship doesn't exist between the computer and the domain. Even though your network credentials are fine, the computer is no longer trusted to log into the domain. Domain Controller Availability Concerns I hear "I have a Primary Domain Controller (PDC) and want to install a Backup Domain Controller (BDC)" much more frequently that I would like to believe. The concept of PDCs and BDCs died with Windows NT4. The last bastion for PDCs was in a Windows 2000 transitional mixed mode AD when you still had NT4 DCs around. Basically, unless you're supporting a 15+ year old install that has never been upgraded, you really don't have a PDC or a BDC, you just have two domain controllers. Multiple DCs are capable of answering authentication requests from different users and computers simultaneously. If one fails, then the others will continue to offer authentication services without having to make one "primary" like you would have had to do in the NT4 days. It is best practice to have at least two DCs per domain. These DCs should both hold a copy of the GC and should both be DNS servers that hold a copy of the Active Directory Integrated DNS zones for your domain as well. FSMO Roles "So, if there are no PDCs, why is there a PDC role that only a single DC can have?" I hear this a lot. There is a PDC Emulator role. It's different than being a PDC. In fact, there are 5 Flexible Single Master Operations roles (FSMO). These are also called Operations Master roles as well. The two terms are interchangeable. What are they and what do they do? Good question! The 5 roles and their function are: Domain Naming Master - There is only one Domain Naming Master per forest. The Domain Naming Master makes sure that when a new domain is added to a forest that it is unique. If the server holding this role is offline, you won't be able to make changes to the AD namespace, which includes things like adding new child domains. Schema Master - There is only one Schema Operations Master in a forest. It is responsible for updating the Active Directory Schema. Tasks that require this, such as preparing AD for a new version of Windows Server functioning as a DC or the installation of Exchange, require Schema modifications. These modifications must be done from the Schema Master. Infrastructure Master - There is one Infrastructure Master per domain. If you only have a single domain in your forest, you don't really need to worry about it. If you have multiple forests, then you should make sure that this role is not held by a server that is also a GC holder unless every DC in the forest is a GC. The infrastructure master is responsible for making sure that cross-domain references are handled properly. If a user in one domain is added to a group in another domain, the infrastructure master for the domains in question make sure that it is handled properly. This role will not function correctly if it is on a global catalog. RID Master - The Relative ID Master (RID Master) is responsible for issuing RID pools to DCs. There is one RID master per domain. Any object in an AD domain has a unique Security Identifier (SID). This is made up of a combination of the domain identifier and a relative identifier. Every object in a given domain has the same domain identifier, so the relative identifier is what makes objects unique. Each DC has a pool of relative IDs to use, so when that DC creates a new object, it appends a RID that it hasn't used yet. Since DCs are issued non-overlapping pools, each RID should remain unique for the duration of the life of the domain. When a DC gets to ~100 RIDs left in its pool, it requests a new pool from the RID master. If the RID master is offline for an extended period of time, object creation may fail. PDC Emulator - Finally, we get to the most widely misunderstood role of them all, the PDC Emulator role. There is one PDC Emulator per domain. If there is a failed authentication attempt, it is forwarded to the PDC Emulator. The PDC Emulator functions as the "tie-breaker" if a password was updated on one DC and hasn't yet replicated to the others. The PDC Emulator is also the server that controls time sync across the domain. All other DCs sync their time from the PDC Emulator. All clients sync their time from the DC that they logged in to. It's important that everything remain within 5 minutes of each other, otherwise Kerberos breaks and when that happens, everyone cries. The important thing to remember is that the servers that these roles run on is not set in stone. It's usually trivial to move these roles around, so while some DCs do slightly more than others, if they go down for short periods of time, everything will usually function normally. If they're down for a long time, it's easy to transparently transfer the roles. It's much nicer than the NT4 PDC/BDC days, so please stop calling your DCs by those old names. :) So, um...how do the DCs share information if they can function independently of each other? Replication, of course. By default, DCs belonging to the same domain in the same site will replicate their data to each other at 15 second intervals. This makes sure that everything is relatively up to date. There are some "urgent" events that trigger immediate replication. These events are: An account is locked out for too many failed logins, a change is made to the domain password or lockout policies, the LSA secret is changed, the password is changed on a DC's computer account, or the RID Master role is transferred to a new DC. Any of these events will trigger an immediate replication event. Password changes fall somewhere between urgent and non-urgent and are handled uniquely. If a user's password is changed on DC01 and a user tries to log into a computer that is authenticating against DC02 before replication occurs, you'd expect this to fail, right? Fortunately that doesn't happen. Assume that there is also a third DC here called DC03 that holds the PDC Emulator role. When DC01 is updated with the user's new password, that change is immediately replicated to DC03 also. When thee authentication attempt on DC02 fails, DC02 then forwards that authentication attempt to DC03, which verifies that it is, indeed, good, and the logon is allowed. Let's talk about DNS DNS is critical to a properly functioning AD. The official Microsoft party line is that any DNS server can be used if it is set up properly. If you try and use BIND to host your AD zones, you're high. Seriously. Stick with using AD Integrated DNS zones and use conditional or global forwarders for other zones if you must. Your clients should all be configured to use your AD DNS servers, so it's important to have redundancy here. If you have two DCs, have them both run DNS and configure your clients to use both of them for name resolution. Also, you're going to want to make sure that if you have more than one DC, that they don't list themselves first for DNS resolution. This can lead to a situation where they are on a "replication island" where they are disconnected from the rest of the AD replication topology and cannot recover. If you have two servers DC01 - 10.1.1.1 and DC02 - 10.1.1.2, then their DNS server list should be configured like this: Server: DC01 (10.1.1.1)Primary DNS - 10.1.1.2Secondary DNS - 127.0.0.1 Server: DC02 (10.1.1.2)Primary DNS - 10.1.1.1Secondary DNS - 127.0.0.1 OK, this seems complicated. Why do I want to use AD at all? Because once you know what you're doing, you life becomes infinitely better. AD allows for the centralization of user and computer management, as well as the centralization of resource access and usage. Imagine a situation where you have 50 users in an office. If you wanted each user to have their own login to each computer, you'd have to configure 50 local user accounts on each PC. With AD, you only have to made the user account once and it can log into any PC on the domain by default. If you wanted to harden security, you'd have to do it 50 times. Sort of a nightmare, right? Also imagine that you have a file share that you only want half of those people to get to. If you're not using AD, you'd either need to replicate their username and passwords by hand on the server to give seemless access, or you'd have to make a shared account and give each user the username and password. One way means that you know (and have to constantly update) users' passwords. The other way means that you have no audit trail. Not good, right? You also get the ability to use Group Policy when you have AD set up. Group Policy is a set of objects that are linked to OUs that define settings for users and/or computers in those OUs. For example, if you want to make it so that "Shutdown" isn't on the start menu for 500 lab PCs, you can do that in one setting in Group Policy. Instead of spending hours or days configuring the proper registry entries by hand, you create a Group Policy Object once, link it to the correct OU or OUs, and never have to think about it again. There are hundreds of GPOs that can be configured, and the flexibility of Group Policy is one of the major reasons that Microsoft is so dominant in the enterprise market.