In this blog post on IPv6, I’m going to cover Active Directory support for IPv6.
This is the fourth technical blog post on configuring IPv6 in a Windows networking environment. My previous posts include:http://www.networkworld.com/community/blog/ipv6-addressing-subnets-private-addresseshttp://www.networkworld.com/community/node/71252 http://www.networkworld.com/community/blog/setting-dhcpv6-dynamically-issue-ipv6-address
Basic understanding of IPv6 addressing, and acquiring an IPv6 address block
Configuring Static IPv6 addresses on Windows 2008 R2 servers, Windows 7 workstations, and configuring DNS
Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network
From these previous blog posts, I’ve provided step by step guidance on how to setup IPv6 in a Windows networking environment, and basically ensure the infrastructure is working to communicate from IPv6 system to system. For now, I haven’t really covered Active Directory in an IPv6 environment, so I’m going to cover it here…
IPv6 has for the most part been available since Windows 2000 / Windows 2003, however the versions of IPv6 in the earlier releases (including Windows 2003) didn’t include the current IPv6 standards. While you could get IPv6 to work for your Active Directory 2003 forest/domain, I would advise organizations to migrate their Active Directory to AD/2008 or all the way to AD/2008 R2. Not only will you get the latest support for IPv6, but there are a number of other benefits and improvements in AD/2008 R2 specific to support around DirectAccess (a VPN-less remote access technology built in to Windows 7 that actually uses IPv6 as the routing and IP security technology (which requires at least one AD/2008 R2 global catalog server in the environment to run)), as well as improved group policies that will help you better manage and administrator AD group policies that are very helpful in implementing an IPv6 environment. I actually led a 2-hour workshop on What’s New in Windows 2008 R2 SP1 where I cover all of the news things in Active Directory 2008 / 2008 R2 / 2008 R2 SP1. The slides and a video of that session are up on http://www.cco.com/online.htm (scroll down to the “Whats New in SP1 of Windows 2008 R2” session). I also did a blog post on some of the new stuff in AD/2008 and AD/2008 R2 some time ago, the blog post is at http://www.networkworld.com/community/node/49712
Back to AD and IPv6. So to get to an IPv6 supported Active Directory, you just need to make sure your Global Catalog servers are running IPv6 off the base operating system of the servers, that’s it! Even if you didn’t statically address your global catalog servers with IPv6 addresses before, you can just go into your network adapaters of the GCs and DCs of your network, give them real IPv6 addresses, and that is it.
That’s why I didn’t address Active Directory support for IPv6 earlier as you really need to just have the basic static IPv6 addressing / DNS / DHCP stuff working, and AD is just another server with IPv6 configured.
For those looking to migrate from AD/2003 to AD/2008 R2, again, the workshop I did covers the step by step process of upgrading to AD/2008 R2. It’s effectively joining a Windows 2008 R2 member server to the domain, run DCPromo to promote that “server” to become a domain controller of the domain (which the first server will also extend the schema), and then going into AD Sites and Services and making the Domain Controller into a Global Catalog Server. I actually covered the step by step migration process to AD/2008 R2 in a previous blog post, see http://www.networkworld.com/community/node/56345
In my next blog post on IPv6, I will cover:
Configuring IPv6 Routing through IPv4. So this topic is pretty important as you setup IPv6 in your internal network environment as well as your client systems, but now your IPv6 configured clients plug their computers into WiFi Hotspots that ONLY issues them IPv4 address, their systems can communicate IPv4, but they can’t get to any of the IPv6 servers in your environment. Of course you will likely be on both IPv6 and IPv4 for a while so that your users will just communicate over IPv4 back to the office, but then why did you spend all the time to get to IPv6? Oh, that’s right, IPv4 is running out of addresses and we all need to migrate to IPv6. So what the next blog post will cover is the step by step process of setting up “transitional technologies” that’ll allow you to have IPv6 clients, that’ll route their traffic through an IPv4 network, back to your office that is running IPv6. I’ll also give a very good example of a valuable Windows 7 feature (DirectAccess) that’ll allow your remote endpoints to connect using IPv6 (over IPv4 networks) with encrypted and policy-based security controls back to your office…