AD does many things, many of them quite badly. If you need an drop-in authentication server, you might consider if y9ou really need AD, or if Samba 4.1.x will do the job. I've got RPM building tools for that at https://github.com/nkadel/samba4repo, and they work well on Scientific Linux 6 with the necessary RPM's built up from scratch. AD is handy for easy integration with Microsoft servers, such as Exchange and SQL, and for providing Windows trained personnel familiar tools. But its DNS is.... not good. It allows multiple PTR records for the same IP address, configuring DNS views is a nightmare, its "export" tool is a proprietary format that looks vaguely like valid DNS but isn't, It does not understand that "foor.bar.com" may hve *nothing to do* in any logical sense with "bar.com" DNS If you need it for things like the authenticated dynamic DNS for your laptops and wi-fi, and don't want to spend the time building up Samba or similar tools, cool. But keep it the heck away from your server DNS. If you need chroot cages and good source control managed configurations backups consider looking up my presentation at SVNday in Berlin a few years: "How to Subvert Masters and Slaves, BIND Them, and Make Them Report Names and Addresses". On Thu, Jan 9, 2014 at 9:37 PM, Jeremy Wellner <[log in to unmask]> wrote: > That's a resounding stay the course and I don't mind that one bit. It's > been rock solid and I've been happy with it. > > So as a secondary question, we are planning on adding Active Directory in to > our network and I know that it is very particular about it's DNS. Will AD > be happy with being given a delegate domain to have as it's sandbox or does > that throw my BIND install out the window? > > Thank you all for the advise!! :)