In-Depth

Team Effort: Integrating Windows 2000 DNS with Unix DNS

Microsoft's new domain name service is enticing but requires significant planning, especially across platforms and operating systems. Perhaps the greatest challenge is interoperability with Unix DNS.

As companies begin to integrate Microsoft’s new operating system with their current Windows NT environments, big obstacles will begin to surface for enterprise IT teams. One of those is the interoperability and integration of Windows 2000’s Active Directory into their directory service infrastructures. Active Directory is Microsoft’s directory services debut. One of the company’s goals for AD is to consolidate directory services through interoperation with other directories. My focus here will be on Windows 2000 and Unix Domain Name System (DNS) interoperability, which can provide a sturdy framework from which to begin to build your AD implementation.

DNS Interoperability

Great challenges and significant planning go into designing an effective directory service. Perhaps the greatest of these challenges in the enterprise is interoperability. Since most enterprises currently host DNS on Unix servers running BIND (which I’ll explore shortly), how do they integrate AD, which relies entirely on DNS, into this environment?

Since clients in a Win2K environment look up SRV resource records in the DNS server to locate their network’s AD and services, it’s important that Unix servers have recent BIND versions installed to perform these functions.

Some of the new DNS requirements of AD are:

  • Support of SRV records (RFC 2782).
  • Recommended support of dynamic updates (RFC 2136).
  • Recommended support of incremental zone transfer (IXFR) (RFC 1995).
  • BIND 8.2.2 or higher will support DNS extensions used by AD.

Win2K clients use DNS for name resolution and for locating domain controllers for logon. Down-level clients (Windows NT 4.0 and earlier and Windows 9x) rely on NetBIOS, which uses WINS, broadcast or LMHOSTS files. WINS is used for domain controller location. Since Win2K DNS is WINS-“aware,” a combination of DNS and WINS can be implemented in a mixed environment. NT 4.0 clients can register in Win2K WINS, and Win2K clients can register in NT 4.0 WINS.

In the Real World

In the real world, many companies running heterogeneous environments maintain DNS domains on Unix servers. There are a number of reasons for this. Most large companies—as well as the World Wide Web—initiated DNS domains on Unix servers. Microsoft didn’t enter the DNS arena until the release of NT 4.0 in 1996. Today, most of the Internet’s primary DNS servers run Unix BIND (Berkeley Internet Name Domain), which is shipped free with most Unix systems. BIND is well understood and stable. Due to shortcomings in Microsoft’s previous release of DNS, companies continue to maintain Unix-based implementations and third-party solutions.

Interoperability Issues

If you get anything out of this article, it should be this: It’s imperative that you coordinate and plan your AD and Unix DNS integration with your current DNS team. While AD may sound quite enticing to the Windows support team of a larger company, if you’re operating in a heterogeneous environment, the debate over directory services may turn into nothing short of a technology holy war.

Many large enterprises have been hosting their DNS domains on Unix servers for a long time. From their perspective, why change something that isn’t broken, especially for an unproven and proprietary Microsoft product? Windows DNS has raised the stakes by being fully compliant with Internet standards and by providing a wider spectrum of features than specified in the current RFC documents. Because of its advanced features, you need to be cautious when planning integration, particularly AD-integrated zones.

When integrating AD into an existing DNS infrastructure, your discussions should focus on whether the AD namespace will join, overlap, or trump your existing DNS namespace. If you’re in a larger company, chances are the AD service you’re designing will need to be integrated into existing DNS infrastructure. Let’s explore in greater detail the three options for integrating Win2K DNS into your current DNS:

  • Implement Microsoft DNS in AD and replace current DNS services.
  • Integrate your Unix DNS structure into the DNS required for Win2K.
  • Maintain your Unix DNS structure with Win2K.

Your choice will depend on a variety of variables, including your current DNS infrastructure and specifications, as well as the many pending political issues.

Understanding Microsoft DNS
The Domain Name System is a distributed and hierarchical database that provides scalability and hostname-to-IP address resolution. The hostname must be a fully qualified domain name (FQDN) or a domain name that resolves to a particular IP address. Windows 2000 uses DNS, rather than WINS, to integrate with the Internet. DNS is composed of domains, name servers, and zones. Top-level domains such as .edu, .com, and .org are subdivided and delegated to other organizations (microsoft.com, stanford.edu) to form subdomains. These subdomains are further split into zones (abc.microsoft.com, for example). A large company will contain many zones, which are maintained by local DNS servers and administrators.

Microsoft DNS features include many recent standards, including:

  • Secure dynamic updates.
  • Incremental zone transfer (IXFR), which allows only changes in the zone table to be replicated, thereby reducing network traffic.
  • Notification-driven zone transfers, which allow the master server to notify secondary servers of an update and prompt them for immediate replication.
  • Record aging.
  • Ability to load server configuration from Directory Service.

Some recent proprietary features include:

  • Unicode Character support (not particularly a much-requested feature, but noteworthy).
  • AD-integrated zones, which allow zones updated by a domain controller (DC) running DNS to be stored in AD. This is proprietary to Windows 2000 DNS.

There’s a significant advantage to storing your Microsoft DNS information in AD. In standard DNS, replication is single master, pulling updates to secondary servers. This leaves a single point of failure, and many companies implement primary and backup DNS servers. However, by implementing AD storage of DNS, replication is multi-master, since AD replicates between the domain controllers running DNS on your network. With AD storage of Microsoft DNS, there’s no need to manage a separate replication structure; transfers are secure (managed by trusts in AD); and there’s no single point of failure. You can also send standard zone transfers to other servers as necessary. With AD storage, DNS data is converted to an object model in which a DNS name becomes the object and the resource record set is the attribute.

Performance and manageability advantages can push you to seriously consider the integration of DNS with AD—with a few caveats. For one, only primary zones can be AD-integrated, so the DNS zone must be running Win2K, not BIND or NetWare NDS. Only domain controllers can host AD-integrated zones, although you can have read/write access from any client loaded with the DNS snap-in. Another is the manual process of importing current zone files into Win2K DNS. The only current method for doing this is to move the pre-created zone file in the systemroot\system32\dns folder and then indicate the use of that zone file when you set up the zone as primary. Then you can convert this zone to an AD-integrated zone.

—Kevin Kocis

Microsoft’s Choice

Option one (see Figure 1), implementing proprietary Microsoft DNS with AD, is Microsoft’s choice for obvious reasons. If your company is committed to redesigning your DNS infrastructure around Win2K AD, this should be your choice. If you have older Unix machines running older versions of BIND (such as 4.x) and feel the upgrade process isn’t worthwhile based on the enterprise shift to AD, consider this option. Migration from NT 4.0 DNS is relatively easy.

Figure 1. Option 1 for DNS integration involves: 1) bringing in Microsoft DNS as a secondary zone; 2) performing a zone transfer; 3) removing Unix DNS services; 4) last, optionally switching to AD integrated zones.

When migrating Unix DNS servers to the Win2K DNS, you should first introduce Win2K DNS servers as secondary servers. Configure a zone transfer from a master to a secondary Win2K DNS server and make sure there are no errors in the zone transfer process. You may receive errors if the Win2K DNS server can’t recognize records sent by the Unix DNS server during the zone transfer. You should either repair or remove the records from the zone in order for the zone transfer to complete successfully. You can also FTP the forward and reverse zone files from your Unix DNS server (db.xxx files located in etc/named.boot or etc/named.conf depending on the BIND version) to the C:\winnt\system32\dns directory on your Win2K DNS server.

After you’ve successfully completed this task, your secondary zones can be upgraded to DNS integrated zones. You should change the State of Authority (SOA) resource record to one of the AD-integrated DNS servers. Then you can terminate your Unix DNS servers (to avoid duplicate SOA records for the same zone) and remove them from the network.

As I mentioned earlier, Microsoft DNS meets and exceeds all Internet DNS server requirements. Microsoft DNS also supports Unicode and full DHCP integration and provides a friendly graphical interface. Standardization is a key to maintaining total cost of ownership and provides a focal point for support (in other words, a less diverse support environment). Another advantage is that conventional zone transfers become obsolete in the presence of AD’s multiple-master replication scheme.

The disadvantage will come in the form of integration. One issue is that AD-integrated zones must be stored on DCs in the same domain. If you need to cross domains, then you must create secondary zones at other DNS servers outside the domain.

Implementing Microsoft DNS in a Unix DNS environment will require additional efforts, including the transferring of resource records. It’s imperative that you work closely with your current DNS administrators regardless of which option you choose. Another caveat to integrating DNS in AD is that if the directory is unavailable—you guessed it—so is DNS. This is a catch-22, since DCs in other domains need DNS to find AD services; if DNS is unavailable, you may experience difficulty reaching the DCs to repair them. As with any DNS implementation, I recommend maintaining a conventional or standard secondary zone; in the event of an emergency, you can grab the necessary zone file and rebuild as necessary.

DNS Requests for Comment
A Request for Comment (RFC) is a draft of a work in progress that can become a standard. You can read a multitude of drafts relevant to Win2K DNS. For more information on these and other RFC and draft documents, visit www.ietf.org.

These standards are important because they affect how your current DNS infrastructure will integrate with Win2K DNS. Based on the current standards and specifications of your DNS environment (I'll assume you're running some Unix DNS domains somewhere in your enterprise), you'll have three integration options, as I discuss in the main article. Here's a short list of standards and proposed standards:

  • 1034: Domain Names—Concepts and Facilities.
  • 1035: Domain Names—Implementation and Specification.
  • 1123: Requirements for Internet Hosts—Application and Support.
  • 1886: DNS Extensions to Support IP Version 6.
  • 1995: Incremental Zone Transfer in DNS.
  • 1996: A Mechanism for Prompt DNS Notification of Zone Changes.
  • 2782: A DNS RR for specifying the location of services (DNS SRV).
  • 2136: Dynamic Updates in the Domain Name System (DNS UPDATE).
  • 2137: Secure Domain Name System Dynamic Update.
  • 2181: Clarifications to the DNS Specification.
  • 2308: Negative Caching of DNS Queries (DNS NCACHE).

—Kevin Kocis

Integrate Current DNS Structure

Option two (see Figure 2) is to integrate your current DNS structure into the DNS required for Win2K. If your current DNS meets the recommended requirements for Win2K (RFC 2782, SRV records; RFC 2136, dynamic updates; and RFC 1995, incremental zone transfer) and you’ve tested dynamic updates, you can integrate it with Win2K AD. This includes BIND 8.2.2 and higher, as well as Novell’s NetWare 5.0. Remember that BIND 4.9.6 and 4.9.7 meet the minimum requirements. However, BIND 8.x supports dynamic updates, and I would strongly recommend updating to this version before integrating with AD.

Figure 2. In option 2, not an optimal approach, you implement Microsoft DNS as a corporate domain root and maintain Unix DNS as a subdomain. This isn't an optimal approach if you're running an AD-compatible version of BIND (version 8.2 or later).

Do note, however, that you would want to test this thoroughly to verify the impact on your current DNS, WINS, as well as DHCP integration. If your Unix servers are running an earlier version than BIND 8.2.2, I recommend updating to interact with the enhanced features of AD, at the time of this writing there are no migration or upgrade tools available. The different versions of BIND have separate directories and different file nomenclature, so you’re essentially involved in a not-so-glamorous copy and paste job.

Integrating your current DNS structure into Win2K DNS requires less administrative effort to implement than straight Win2K DNS. Your company can maintain current equipment and infrastructure. Unix and NT administrators can cohabitate. And you can focus on your Win2K implementation rather than fighting a DNS war.

There are some disadvantages, of course. Many Unix DNS servers are running BIND 4.x, and this may create a crossroads situation, upgrade or convert. Also an issue: the possible increase in future administrative overhead and manual data entry. There will also be a single point of failure for dynamic registrations.

BIND Developments
  • Originally developed by US Defense Advanced Research Projects Administration (DARPA). Versions through 4.8.3 maintained by the Computer Systems Research Group (CSRG) at UC Berkeley.
  • Kevin Dunlap, a Digital Equipment Corp. (DEC) employee worked on BIND from 1985 to 1987.
  • BIND 4.9 and 4.9.1 released by DEC. Paul Vixie, then a DEC employee, became BIND's primary caretaker.
  • BIND 4.9.2 was sponsored by Vixie Enterprises with Vixie acting as BIND's principal architect/programmer.
  • BIND 4.9.3 and later have been developed and maintained by the Internet Software Consortium with support from sponsors. No more development of
  • BIND 4 is planned.
  • BIND 4.9.6 supports SRV records (minimum requirements for Win2K DNS integration).
  • BIND 8 released May 1997. Bind 8.1.1 and 8.1.2 evolved from this version and supported dynamic updates (recommended for Win2K DNS integration).
  • BIND 8.2 released January 1999. BIND 8.2.x supported incremental zone transfers (also recommended for Win2K DNS integration).
  • BIND version 9 is major architectural revision in nearly all aspects of the underlying BIND architecture, necessitated by the expected demands of domain name system growth. Added security and scalability are key components of the new version. Beta 1 is currently available.

—Kevin Kocis

Enterprises currently running Unix DNS at the root level will challenge the “demotion” to a subdomain at Microsoft’s suggestion. Despite maintaining Unix equipment as a budget plus, the process of moving a stable, existing DNS infrastructure to a subdomain will not be viewed as a value-added component of integration. As a result, many organizations running later versions of BIND will elect option 3.

Don’t Fix What Isn’t Broken

Option three (see Figure 3) is to supplement your current DNS structure with Win2K. If your company hasn’t installed and maintained recent BIND versions on your root DNS servers and issues have been minimal, you may decide that there’s no reason to “fix something that’s not broken.” Your Unix administrators may feel that Microsoft’s entry into the directory services arena is a venture warranting caution. With this option, you avoid the replacement of your current DNS, as well as additional effort and political warfare.

Figure 3. Option 3, the approach most companies will take, involves implementing a new namespace from the root domain and setting Win2K DNS as the primary master for the new zone.

You can delegate a new Win2K DNS namespace from the existing DNS structure. When a DNS namespace is delegated from an existing DNS tree, the DNS server that owns the zone file for the newly delegated namespace becomes the primary master for that namespace. The DNS zone name should correspond to the AD root domain. This is recommended if you want the benefits of the Win2K DNS server. You can continue using the existing DNS server without delegating the AD namespace as long as current DNS servers support the SRV records and dynamic updates.

One advantage of this option is that your initial integration efforts will be minimized. Because your current DNS root is Unix-based (say, corp.com), you can configure a subdomain (such as Win2K.corp.com) and create a new zone strictly for your Win2K clients. Another advantage is that you reduce AD’s dependence on your current DNS and avoid any potential incompatibility problems. Again, any integration will demand significant testing and documentation.

A disadvantage to this option is that it requires a separate namespace for Win2K logons. This may increase administrative overhead in the long run, including managing dual DNS services. However, companies running DNS on BIND are familiar with distributed or “localized” DNS support, so hierarchical support of DNS as mentioned in this option is quite common already. As a result, many companies will likely choose this integration solution.

In a BIND
Berkeley Internet Name Domain is the most popular DNS implementation. BIND was written by Kevin Dunlap for the 4.3BSD Unix operating system as an implementation of DNS. Since its early release, BIND has been ported to most versions of Unix as well as NT. Currently, BIND is maintained by the Internet Software Consortium (www.isc.org).

The most recent version of BIND is 8.2.2 (with BIND 9 in beta at the writing of this article). However, its preceding versions (4.9.x) remain the most common. Newer Unix operating systems ship with newer versions of BIND. It’s important to note that since most DNS servers have been maintained for some time, many host companies haven’t completed an upgrade to 8.2.2 (though they should for its dynamic update security features and patches). This is a manual, time-consuming process, given the number of Unix DNS servers in many companies. It’s not impossible though.

The minimum DNS requirement for AD integration is support of SRV resource records. BIND 4.9.6 and later versions meet this requirement. However, I strongly recommend upgrading to at least 8.x to support dynamic updates. Note that BIND 8.2.2 supports integration with AD including dynamic updates, zone transfers, and updating SRV records.

The Dynamic Update Protocol (RFC 2136) allows hosts to register domain names and IP addresses with the name service, which in turn allows for automatic namespace updates and alleviates manual administrative updates—important if you’re using DHCP to assign dynamic IP addresses.

The Incremental Zone Transfer Protocol (RFC 1995) allows for incremental updates in the zone transfer process as opposed to transferring the entire zone file. This protocol alleviates bandwidth demands during zone transfers.

The Service Location Resource Record (RFC 2782) allows services to be to be published in DNS by specifying the location of the server(s) for a specific protocol and domain The SRV record is used to locate AD services such as LDAP at port 389. It doesn’t use round-robin as an A record query would.

To determine if your version of BIND supports dynamic record updates, use the nsupdate tool that ships with BIND. You can create a test domain and its zone file in your DNS server, then turn on dynamic updating using the nsupdate tool to perform manual dynamic updates.

—Kevin Kocis

The Windows Perspective

The simple truth for Unix advocates is that if you design your systems the Microsoft way—implementing only Microsoft DNS servers around your campus or enterprise supporting Win2K clients—it does work.

Unfortunately, the world of DNS isn’t so simple, and non-Microsoft clients may not welcome the new DNS with open arms. You don’t have to implement Microsoft DNS to implement AD, but you’ll miss out on many features of AD by not doing so.

Microsoft believes strongly that the following features of Win2K DNS make it a good choice for enterprises looking to implement a reliable hierarchical distributed network environment:

  • AD integration.
  • Incremental zone transfer.
  • Dynamic update and secure dynamic update.
  • Unicode character support.
  • Enhanced domain locator.
  • Enhanced caching resolver service.
  • Enhanced DNS manager.
  • Record scavenging.

Still, with all its new features, AD-integrated DNS remains to be implemented on any full production level. Therefore, it’s difficult to determine if security or support problems never considered will crop up. Remember, some of the Unix Internet DNS servers in your environment are currently stable and secure. Add to this the fact that many Unix mavens feel that Microsoft tends to “alter” existing technologies and preface them with their name (such as, Microsoft TCP/IP or Microsoft DNS) and you understand their concern. The goal of a standard is to have it apply to as many clients as possible, and Microsoft is forcing itself into cutting-edge territory with its latest release. This may prompt strong arguments from your DNS team. Just be ready.

There’s no doubt you’ll face many challenges in integrating AD and Win2K DNS into your existing DNS structure. Now that you have a better understanding of the pros and cons, you can decide which option will work best. Remember, by implementing later releases of BIND, you can provide a strong, functional DNS infrastructure to plan for your AD implementation.

comments powered by Disqus

Reader Comments:

Thu, Dec 29, 2005 John Houston

I am considering changing careers to an IT profession. I have a Masters degree and I have excellent interpersonal-relations skills. I have worked on a small level with computer purchasing and simple networking. However, after reading some of these comments I wonder if pursuing some of these MS certifications will be worth it. Could someone give some feedback? Thanks

Fri, Dec 23, 2005 Raju Dhamale Aurangabad

i,m raju form A,bad I,m passed the mcs e 7 papers but don't get the best jobs so what should i do plege inform me

Tue, Aug 30, 2005 sujit kumar padhi hyderabad

i need this

Sun, May 29, 2005 Sounder Rajan Thane India

Dear Sir Iam a fresher and I had completed my MCSE 2003 track training. I got one year experience in desktop pc, as a hardware engineer Iam looking for a job on mcse platform so I can enhance my skill and learn more & grow more.
Thanks
Rajan

Mon, Mar 21, 2005 sonia india

if i clear my exam will i be easily placed in a corporate in uk and what will be the salary i will be drawing in uk per anum

Thu, Dec 23, 2004 Anonymous Anonymous

This is a well written. You should read this article before starting migrating your clients to your new AD domain. It will save you a great deal in troubshooting. I was there and have done that. I came accross this when everything had been strainghten out.

Sun, Aug 29, 2004 Mr.Kyaw Kyaw Myanmar

Dear Sir,
I've been working in the networking fields at local company for 4 years.And I can capable as well as,such a kind of peer-to peer and server based networking.And sometime I fixed domain and others networking trouble shooting involving in my job.However, I'ven't sit for mcse exam such a kind of my country. And Is it possible for me going to sit in Bankok through out both of my experience and MCSE training kit.
I really will be appreciated you excellent advice in this matter. And Please send me some address where I can take this exam in Bankok.
Yours sincerely,
Kyaw Kyaw

Sun, Dec 21, 2003 SWAPAN BHOWMIK FENI

get mcse, certificate

Thu, Dec 11, 2003 Amol pune-india

I Completed my two years Diploma in Hardware & Networking. I am plan fo MCSE CAN I get a good job in the Network field

Fri, Nov 7, 2003 farooq mumbai (India)

i want to know average salary in India

Wed, Oct 22, 2003 kamlesh kumar Delhi

pls given me job i passad last monthso .pls faind my job

Mon, Sep 29, 2003 usman pakistan

MCSE, MCP ,MCDBA , MCSA HAVE NOW

Mon, Sep 22, 2003 ansarichandbabu mumbai

dear sir i have clear my mcp exam windows nt 4 iam searching the job in computer field. i have done hardware diploma.

Fri, Aug 1, 2003 sundarkanna chennai

Dear all, i am very much interest to learn MCSE. If i finish the MCSE, Can i get a job in aborad?

Tue, Jun 24, 2003 Anonymous Detroit

I just saw that Dell moved their entire tech center to India. What is up with that? You want to talk about the American economy going down the drain, it's companys like Dell that are fueling the fire. People in India will work for peanuts just like in China, so the American companys are taking their business to foreign countries. Boycot Dell!

Sat, Jun 21, 2003 Anil V India

Sir u r talking a lot abt salaries. Would u plz give me some contact addresses who wants MCSE Pros.

Mon, Jun 16, 2003 Bob Sydney

I just want to ask you two questions...
What do you do first - complete your bachelor degree or certificates?

Wed, Jun 4, 2003 Azhar Siddiqui Karachi-Pakistan

Currently IT is not much developed here in Pakistan. There are many MCSEs & CCNAs including me who are searching for a job but cant get one till now. Please do something to help students like us to make our future bright.

Tue, Jun 3, 2003 Frank Dallas

I am reading these postings regarding opportunities in the IT field after certification. I am 41 yrs old and changed careers in 99 from aviation when a hand injury prevented me from continuing in that field.
No matter how good or bad the economy is, if you want work you have to pound pavement.
Now agreed the economy is awful and Dallas is an awful place to be newly certified looking for work, lots of layoffs and intense competition here.
So what am I going to do?
I will be MCSA Monday 06/09 after I pass one more exam and I am going to continue to work toward my MCSE.
In the best of times nobody hands anyone anything on a silver platter and certification does not equal entitlement.
People are not just going to hand over god knows how money in data to just anyone.
It's about trust, and to get a job nowadays you have to establish a dialog with people and earn their trust. It is a laborious and gruelling process in the current environment. But trust will get you places certification and knowledge won't. They just make it easier to trust you.
So while you're writing letters complaining about how much you're worth compared to how much you make....
I wish I could get paid what I think I am worth like about everyone out there.
But my perception ain't what payroll's looking for.
Certification is an opportunity, not an entitlement, if you want entitlement, I'm sure Enron can use you.
Frank

Tue, May 27, 2003 ram pravesh delhi

i,m doing mcse,ccna , linux . i have done bca and doing mca . plz serach job for me

Tue, May 27, 2003 hemant udaipur india

In india mcse is a costly certification , and the candidates preparing for it cant afford to fail...so they generally study from examination point of view.They leave the basic concepts that are essential for troubleshooting.I think this may be the probable cause for low salary as compared to other countries but as india is developing scope will continue to increase same the case with salary.

Tue, May 27, 2003 HEMANT JOSHI india

as india is a developing country mcse here has a great future.candidates preparing for it must concentrate on basic concepts.just passing it out doesnot gaurantee a career but a good hand on implementing and troubleshooting might make way easy.microsoft certification can make employed or even self employed.

Fri, May 16, 2003 NOUNIHAL SINGH KANDA punjab(bagha purana)

sir
i'm compleated MCSE and MCDBA and i am also master's in information technology my concepts r very much clear ,and i have good knowleage about database hendlingand networking so , iwant the good job pleaseconsider my request ....

Wed, May 7, 2003 Anonymous Anonymous

In Holland you couldnot make some money with MCSE WK2000

Fri, Apr 25, 2003 Muriel Houston, TX

MCSE, CNA, MCP(Exchange2000) 8 years in network - 5 years in a Multinational company - Right now UNEMPLOYED !!!!!

Fri, Apr 18, 2003 Alan NC

To get and keep a job in the IT field you need (in my opinion) - real IT experience, a degree (preferably IT related, but not required), certs, good social skills, and contacts. Work on the ones you don't have, and improve the ones you do. It's all about being more valuable to the company than the next person...Bottom line.

Tue, Apr 15, 2003 akejay Los Angeles, CA

Additional: Studying for your certification can help you learn new a technology and help fill in some knowledge gaps. Although I am not anything certified, I do read and practice to stay up on the lastest MS server software. Everyone in the IT field must do this to successfully continue their career.

Tue, Apr 15, 2003 akejay Los Angeles, CA

I'm 27 years old with no certifications or degree, but aparently, as I have been told by several head hunters, I'm overqualified for positions $55k and below. My last ADMIN position for 2.5 years paid $70k/yr. Before that, 2 years at $55k/yr. An impressive resume and great interview skills got me these positions. I am now consistantly turned down for possitions $55k and below unless I cover-up my salary history. IMO, experience and communication skills far outweigh certification. If your experience is low, you may need certification to help win an interview. That's it.

Tue, Apr 8, 2003 arvind nagpur

last year i am comlpeted MCSE200 .i am searching jobs in w2k base,i have experience but i cant get any job.pls give me suggestion and gaidence

Fri, Apr 4, 2003 Jim K New Jersey

I'm starting to believe that certifications of any kind are important not only for getting a job, but also for keeping your job. I've been in the same company for the last 7 years and have always resisted the urge to become certified. My salary has slowly increased to a level far above the current going rate for someone in my postion.

My current company seems to have major layoffs every six months. I'm sure that employees with the highest salaries are also scrutinized the most when executives have to decide who to get rid of based on bang for the buck. If the layoff decision is between two talented professionals - one of whom has an empty "Education" section on the resume while the other is loaded with certifications... I'm afraid the former would likely become a former employee while the latter would continue on the corporate ladder.

Fri, Apr 4, 2003 tofreaku Australia

well said, i totally agree with you. i have just started studying for mcse. just passed the first two exams. these messages have put me down. and i'm not sure whether to continue with my study! is it really gonna help me get a job? ofcourse i dont have much tech exp.. wat u guys reckon?

Tue, Mar 18, 2003 Ian W London

I am deeply concerned about the state of our economy and with lots of overseas certified workers coming into the country the rates are being dropped substantially. To be honest I don't think an MCSE is worth anything in a monetary way, only in a way of proving knowledge. It is a shame but there are also a lot of paper MCSE's out there tht give the rest of us a bad name. It's time to stop importing cheap labour and let the UK WORKERS earn a living. Why not make the MCSE regional? Sorry if I offend anyone. I have been looking around a jobs and find that a job I was doing myself 9 years ago is now paying half of what I was earning. It's not suprising that companies are losing faith in IT personel. Pay peanuts, get monkeys!

Fri, Feb 28, 2003 didocus Pittsburgh

I think that MCSE 2000 is very very far for measuring your real life experience and skills. I don't know how the new exams for windows 2003 are going to be but if they are the same way as the MCSE 2000 I am never going to start on that track. According to me the MCSE title once earned should be defended by a refreshing exam each 6 or 12 months. That's what's going to make this title valuable. It will make these guys which pass on cram without ever installing and setting a real network think twice before spending money on something that is going to be worthless for them in 6 months for example.

Tue, Feb 25, 2003 Albe North Miami Beach, Florida

You made a very good point that everyone should read over and over. A language is a way of communicating. IT(MCSE, MCDBA, A+, CCNA, ...) is not a major like journalism, philosophy, literature, or linguistics. Employers are looking for qualified candidates. However, your good communication skills makes you more markatable.Telling jobs seekers that they could find a job because they do nt have "good command of english language" is not right. Hope all the MCP use the english language in their best way possible and the posters stop being so negative about them. PEACE !!!!!

Mon, Feb 17, 2003 Anonymous MD

Why don't you all just bite the bullet and get a BS in Computer Science. Use these certifications as a way to get promotions, not as your only means to finding a job. Anyone who wants to waste thousands of dollars can get certified. It seems like you are trying to find a shortcut or a "get-rich-quick" kind of deal. That's not how it works. You need to get out there and make it happen. It isn't easy, but it is definately worth it. For all of you who cannot find a job, if you don't like my idea of getting a real degree, why don't you make it your full-time job to look for a full-time job and quit playing on the internet. Also, don't think that begging for a job on this website is going to get you anywhere. No one is going to hold your hand and do all of the work for you. Get off your butt. The jobs are out there, I have a great one, but I have worked hard to get where I am. Good Luck.

p.s. Who cares if no everyone can speak perfect English. I'd like to see you guys learn to speak Arabic or Chinese perfectly. The world does not revolve around the U.S. and there is no prerequisite that everyone has to speak our language perfectly. Your hard work and knowledge is what makes you marketable.

Thu, Feb 13, 2003 J Daggs Charlotte, NC

I am not so much new to the IT industry, but new to the requirements of certifications for my 'know-how'. I must agree that proper communication skills are a 'must'. I am currently A+,Net+, and about to complete my MCSA. I live in a city that is thriving in IT, and e-commerce careers. The other half of the coin, so to speak is knowing where to look. Jobs DO NOT fall into your lap. Present yourselves in a proffessional manner, and be willing to 'pound the pavement'. In short, get your certifications. They are required to prove to prospective employers that you can DO the work, but also that you can COMPLETE something. The IT industry is thriving, but like everything else, you have to remember that it's competition. If I present myself as more of a proffessional, than someone else, who do you think is going to get hired first? Just food for thought.

Mon, Feb 3, 2003 guoxiaomin china

MCP,MCDBA,MCSE,MCSA

Sun, Feb 2, 2003 Tushar Tandulkar Nagpur (M.S) India

I have done MCSE NT4 in 2000 but still I did not get a job even fresher , please kindly help me. I need a job very much.

Thank You

Fri, Jan 31, 2003 Craig CA

I am a 1982 high school graduate with over 15 years of IT experience. My approach to the IT fields is to stay current with the latest technological trends and register for training as needed. The IT field is nothing more than supply and demand. Get out and network, stay current and sell yourself really well. I've managed to obtain a six figure salary with only a high school diploma and what I believe to be good communication skills.

FYI....A Project Management certification may be another avenue to pursue.

Fri, Jan 24, 2003 Anonymous Anonymous

KID from San Francisco, CA 94102 needs to stop fronting. He does not help run a business, because he can barely write. His english is slightly better than chetan from gujarat who has a good reason for not being good at english. It is his second language. What's your excuse KID?

Fri, Jan 24, 2003 Zsa Zsa New York

That guy who has been in the business 15+ years knows what he is talking about. How can you expect to get work when it does not even seem as if you would be able to communicate with your employers? Try this! Before you invest in computer courses, look into some english speaking and writing courses.

Wed, Jan 22, 2003 Jack Austin TX

TWO FISHES, TWO DOLLARS! Thank you for visiting abduls lucky fish store. Would you like a slurpy? I am from New Dehli Bankok India and think posting here will bring me much luck as a standard of income.

Wed, Jan 22, 2003 Rhenier South-Africa

There is no more money left in IT. It seems that the only country where it is still worthwhile to pursue the MCSE cert. is in the U.S. It's useless to get MCSE certified unless you have a LOT of experience. There are a lot of qualified and experienced IT professionals including myself that are out of work now. Check out some of the UK and other countries job sites for ex. reed.co.uk. monster.co.uk etc. Don't waste your time and money.... Then again, just my 2 cents

Tue, Jan 21, 2003 chetan gujarat

hello I am chetan patel I am recenly clear my mcse 2000 examination and I am finding a job please help me for searching a job thanking you.

Mon, Jan 20, 2003 MCSE New Jersey

To: KID from San Francisco, CA:
One thing is certain: You'll get exactly what you pay for. It is patently clear from your own poor English - "avoid to hire some one who has a very good command and english proficiency, years of qualified working experience, well certified and..." - that you don't value communications skills. Your poor, sad, "businesss"-man!

Mon, Jan 20, 2003 bou Anonymous

some mmuch talk about it for nothing!

Thu, Jan 9, 2003 Nader Egypt

Hello, I'm MCSE, CCNA, Network + Certified, I hold a Business Degree & a Diploma in Electronics.
I have 8+ years of experience in IT and still can't find a Job. I'm also a veteran C/C++ progrmmer. I can work occasionally but most of the time I'm jobless.

Thu, Jan 9, 2003 Luis Mexico

i have a mcse in w2k an mcdba, i live and qork in mexico, in this country the salary is around to 1000 american dollars y won that, now, im cosiderig migrate from canada or australia, if you have a coment please send to me, in mexico i work 6 days att week and 12 hours per day and i recive only 250 dollars per week,

Thu, Jan 2, 2003 phil mccracken houston

hey Joey.....i am looking to get out of construction, and into computers....from what I have read here, i beter stay where i am.........$30 an hour with full medical and dental and vision isn't all that bad after all!

Thu, Jan 2, 2003 mike Olympia, WA

Does anyone here speak English? Trying to read through some of these comments is terrible. Maybe THAT is why you can not get a job in the USA??? Learn to speak, read and write English, and MANY more doors will open to you.

Thu, Dec 26, 2002 Shawn OH

I feel that most of you are missing the point. A piece of paper is only as good as what you have to back it up with. If I obtain my ABCDEFG certification what will I earn? Who knows what you will earn??? The one thing I see in this article is that they really don't have a clue what you will earn. The way to generally make more is based on each person (certs, experience, education, drive, contacts, etc.).

Tue, Dec 24, 2002 Jando Kyan England

I am a CCIE, MCSE and im only 18.5 years old, i spent only around 90 hours prep for each exam and now im earning 51K, SWEET NIGGAZ

Tue, Dec 17, 2002 KID San Francisco, CA 94102

As a businessman I would like to hire
some one who has knowledge,willing to hard work and offcourse the important thing is willing to be paid under ( at least
for certain amount of time). Why ?
Because working hard is the only reliable
factor I can trust.

And as a businessman I will avoid to hire some one who has a very good command and english proficiency, years
of qualified working experience, well
certified and educated(4.0GPA).
Why ? Because they are usually so pricy. There is nothing personal, it just my budget is so tight. :-)
and I have to hire techy.

Sat, Dec 14, 2002 Hazem Syria

I want to work at america but i live in saudi arabia I take mcse+mcsa before 7 month . Can i go to there and work ?How?
please help me ....
thanks

Thu, Dec 5, 2002 joey Anonymous

i think i'm going to hang it up and go into construction!!!

Sun, Dec 1, 2002 Stephen UK

Come on guy's can you make this forum a little bit more interesting, presently it only appears to be a lesson in English grammar.

Sat, Nov 16, 2002 michael huntington,wv

im in the IT program at marshall university and im currently in my 5th semester of cisco networking academy. i have my ccna and am gonna take my ccnp a+ and mcse......does this mean ill make moe money than just having a msce?......thanx

Sun, Nov 10, 2002 Anonymous CA

This certification business has gotten a bit crazy. From reading these posts, it seems a lot of people believe they deserve a high paying job for simply passing some tests. This simply isn't (and shouldn't) be the case. There's a joke that MCSE stands for "Must Consult Someone Experienced". I'm beginning to think that its not so funny. Don't believe the hype people. The IT field is not fun and money. It's hard work, and in many cases you're paid next to nothing (especialy when you look at what a typical salary works out hourly). You have to be willing to start at the bottom, gain experience, and work your way up. Just like with everything else.

Fri, Nov 8, 2002 Becky Detroit, Michigan

I am currently entertaining the thought of going back to school to obtain an Associate of Applied Science in Computer Programming. I have arrived at this board (after researching this field of study on the internet) hoping to find some USEFUL information. I have read all of the comments on this board and I felt compelled to commend DAVID F FROM ARIZONA for being so frank in his comments on COMMON SENSE. His post was "RIGHT ON THE MARK"! LOL :)

Fri, Nov 8, 2002 Fred L Calif

Can somebody tell me if in todays market the MCSE will help in securing employment. Even though I have 10+ years experience in the Networking field, I am finding it difficult to land a job let alone an interview. $7000 is alot of money and since I'm not working, that money can help get me buy vs. getting the MCSE and getting a job. Would appreciate any comments. Thank You.

Thu, Nov 7, 2002 L Norfolk

thank you Sheri ;-) also Johnz "Bruce's comment have", no agreement between the subject and verb ... I love it!

Mon, Nov 4, 2002 Sheri San Diego

People in glass houses....
Johnz from San Jose your comment "Your lucky to have found..." should have been "You're lucky to have found..."
and
David F from Arizona your comment "...what their talking about." should have been "... what they're talking about."

Fri, Nov 1, 2002 David F Arizona

Dear Ericca from California,
1st, if people are using this post to find work as you claim, would you hire someone who's Resume says "Most of people" or "managed land a position". I'm sure you would since you can't distinguish bad from good. Why do you think its more common for Job ads to say "must have good command of the English language", seen that lately? Obviously not. Listen, its a hard world and the competition is tough. Its better they find out here than in an interview. Maybe you think some of these comments are nasty because you lack some of the same of what their talking about. I have nothing against you or anybody else on this board but having an MCSE, MCSA and Cisco certifications without the ability to communicate effectively may get you a job....until you have to tell your boss "router had broken, switch no work". 2nd, its better they find out they are competing against people with good communication skills which lack of a better word...they can read and write English. In todays environment, having technical skills alone doesn't guarantee you'll land a job...except in your case..which I question..For your information, I'm a hiring Manager for a large firm and I want associates I hire to be able to communicate in proper English to my Customers. As small as you think it is, on a larger scale it important. Good luck to all...including you Ericca from CA.

Fri, Nov 1, 2002 Johnz san jose

Hmmm, maybe Bruce's comment have merit. I mean, Ericca from California, Its obvious English is a second language from your post. Your lucky to have found a job and I don't hear you whimpering about not finding work. You say people are hoping that their information will help someone. Who are you kidding! Have you seen some of these posts? I hope your job doesn't require any technical writing as "Most of people" is terrible and its a reflection of your skills. Remember, critics exist because we have "Free Speech", remember the 5th amendment or maybe your not familiar with it! Good ruck in job...you'll need it.

Thu, Oct 31, 2002 Ericca California

First of all Bruce you are so rude. Most of people who have posted comments on this site have done so hoping that their information will help someone. I recently received MCSE,MCSA and Cisco certifications with no prior work experience and managed land a position. So keep your nasty comments to yourself. Who needs another critic!!!!!!!!!!!

Wed, Oct 30, 2002 Bruce Himebauch Morgan Hill, CA

I can't believe what I'm reading in these posts. You people are really pathetic! First of all, you need a good command of the English language. Instead of taking the MCSE maybe you should take an English class. Secondly, certifications do not guarantee anything. You think just because your certified, an employer should hire you...not! If you know how to apply yourself, have good communication skills, and of course, knowledge in the area of your job search, you should be successful. Quit uttering distressed high pitch cries and stop blaming other people or certifications for your ignorance. My god people, learn to apply yourself.

Thu, Oct 24, 2002 Yvonne California

I am geting ready to invest in my MCSE, MCSA and A+certs. This will be a career change for me. I will let you all know what happens. Good luck...

Thu, Oct 24, 2002 Yvonne California

I am geting ready to invest in my MCSE, MCSA and A+certs. This will be a career change for me. I will let you all know what happens. Good luck...

Tue, Oct 22, 2002 tony mi

hi hello ,i am happy to be part of this forum of opinion but i am not that amused because i fail to understand why in the midwest region there is no consideration for a pay for people with mcse certification , with age average of 18-23 where i happen to fall. status mcp,mcse,mcdba.

Tue, Oct 22, 2002 John R NSB Florida

Today is my first day in class, working towards my MSCE 2K. Networking Essentials is the name of this class. I will keep you guys update as time move on.
John r PS stop whining and get a JOB!

Mon, Oct 21, 2002 Tariiq Dusmohamud Anonymous

hi i'm From Australia and i'm 18. i"ve got an MCSE and inquiring how much can i earn without a degree. Thanks

Sun, Oct 20, 2002 NLLANO COLOMBIA

COMO ES LA SITUACION EN PAISES DIFERENTES A USA?

Wed, Oct 16, 2002 moncho madrid

Sorry, I´m MCSE one month ago, but I still searching work, somebody have work for me? Thank you

Mon, Oct 14, 2002 sheila from Philly

I've just competed my MCSE coursework. I haven't taken any of test but am currently preparing for them. From the comments already posted, I wonder if I'll find what I'm looking for after becoming certified. Where are the MCSE's in the Mid-Atlantic region? What's really available?

Thu, Oct 3, 2002 sam Lenanon

hi iam (MCSE,CCNA,MCDBA,MCSA),there is no jobs here in lebanon, for those certs,i think i must leave this country,but i'll complete my studies .. be happy ,syria here in our country ... stupid people ,i mean US

Thu, Sep 26, 2002 nel nyc

im a high school grad. who wants computer programming as a career. i want to know what kind of degree would work best for me or will a ass. degree in programming from katherine gibbs school do me justice. If i want to become a programmer would it be to my advantage if i become an computer engineer

Wed, Sep 25, 2002 yUck Anonymous

Seeing as half of you guys can hardly speak a word of understandable english - good luck...
I have MCP in windows 2k and am going for MCSE, Win2k. L8r

Fri, Sep 13, 2002 Shanthakumar Chennai

Sir, I want to do my MCSE, try to help me in what way and where I could I do this

Fri, Sep 6, 2002 zev dallas, tx

my earlier inquiry on funding refers to a loan to pay for MCSE classes.

Fri, Sep 6, 2002 Sumit Khurana Faridabad, India

dear sir, i am a mcse, please search a good job for me i am very thankful to u

Thu, Sep 5, 2002 gaoshu_ming Anonymous

mcse

Thu, Sep 5, 2002 zev dallas, tx

Could anybody please let me know if they have obtained funding when they had a couple of glitches (6+) on their credit. And could you be kind enough as to refer me to the lending institution.

Sat, Aug 31, 2002 robol singh india

i going to do mcse please suggest me

Sat, Aug 24, 2002 kapil india

hello sir ,
i have passed my 12th .
one year hardware diploma.i have done
mcse.

Tue, Aug 20, 2002 Anonymous Anonymous

I agree with you 100%.
I am contemplating getting MCSE certified. Is this the best certification to start with, or does it matter? Also, where is the most $$$ at in the industry?

Sun, Aug 18, 2002 Anonymous Anonymous

Gracious! It's clear why many people posting to this page are having trouble. Having hired many techs in the past, and with 15 years in the industry, I have to say that strong communication skills are important to getting work. If your command of English is poor, or if native speakers can't write a simple command without serious grammatical and spelling errors, you will be at a disadvantage competing with others who are not similarly weak.

Fri, Aug 16, 2002 sudhir new delhi

i'm the fresher one and completed mcse 2000 , but my concepts r very much clear ,so , iwant the good job pleaseconsider my request ....

Wed, Aug 14, 2002 Who Montreal, Canada

All this Certification effort is good for some as it will open doors previously closed to them. However, it can also CLOSE doors to opportunities as well. I spent the time to do some research on various courses in order to determine which combination of courses would allow me to obtain the most certifications as quickly as possible. After already being in the IT field for 10+ years, I found that the high-salary jobs where non-existant for those without paperwork. Well, the flip side of the coin can also be true. In a 1 year period, I obtained the following certifications (I was unemployed so, I went back to school so to speak)

A+, Network +, MCSE 2K (Included Exchange, IIS 5, SQL, Proxy), CCNP, CNA, Redhat 7.0.

Of course with Microsoft, when you certify the Cores and certain electives you get MCP, MCP+I somewhere in there as well.

You'd think that with all those certifications and 10+ years exeprience in the IT Field at companies like IBM (2 years no less) doing to work for less $$$ that a job (ANY Job) would be easier to get right?

Wrong. I am constantly told that I cannot be remunerated comensurately with my experience. Sorry, have a nice day. The translation: We don't want to pay you what you're worth so, the job is not open to you.

I have since had to remove certifications from my CV in order to find work period. While doing this did land me a job at a higher salary rate, it has caused me a great deal of problems during job searches. Realistically, my salary expectations were not extreme regarding the positions either, I would have been happy with 55-65K Cdn to start but I was told that companies did not want to put out the 100k+ I should expect for the level of certification that I have.

For the most part, I have come to the conclusion that MORE money is made over the certification process itself (The training of IT people to be unemployable ...er I mean more employable)is where the money is now at. I've been investigation the Education side and let me tell you, there's money to be made there and anyone certified can train others. I'm also lead to beleive that an ATEC is not that hard to achieve so long as you meet the criteria (Again, I'm looking into this). For everyone here, Good luck with the job hunt and don't shoot yourselves in the foot like I did... bring up additonal training with an employer (even if it is at your own expense) and see where they stand. Getting additional certs while employed might get you kudos and a raise, or it might get you downsized and replaced for someone with less salary requirements...

Tue, Aug 13, 2002 GB houston,tx

This is for microsoft open your doors and let the certified individuals work for you this will boost the economy and the unemployment rate will be ruduced dramactically.

Tue, Aug 13, 2002 GB houston,tx

We talk all day and night about getting certified but, the way the economy is going the future doesn't look to bright.

Please if you want to assist the loyal ones who is sticking by microsoft then invest in your product. Help those who are certified to find a job in these troublesome times.

We are loyal to the game but the game is not loyal to the participants.

Sat, Aug 10, 2002 Anonymous Anonymous

Will a person with very little prior experience in IT have a use for a MCSE cert? ,Ant.

Thu, Aug 8, 2002 vijay kumar india

dear sir the average you are saying in india is around 4000 permonth and when measured in dollars it goes to $1000 per annum do u think that it is a justice with the students of india and who are working hard for this certificate and paying huge amounts to the centers then what is the use of getting such a degree.

sincerly yours
vijay kumar

Thu, Aug 8, 2002 krishanmurari jha mumbai

pls given me job i passad last 7th monthso .pls faind my job

Thu, Dec 27, 2001 Paul Mauriks Australia

Well Thought out, concise and clearly communicated. Recommend this article to others looking into AD DNS and integration with BIND

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.