AD uses DNS to keep track of where computers are and what services are
offered on the network. If a workstation needs to print to a network
printer, it searches the AD for the printer. The AD uses DNS to find the
location of the printer. This is the same for finding shared resources.
Chances are that your ISP's DNS server doesn't have each and every host on
your network mapped out in its lookup tables. And if they do, then you will
have large security problems. Windows 2000 DNS also has the benefit of
allowing dynamic updates, so your DHCP clients will be able to register with
and be found by the DNS server.
AD needs DNS to do its thing. You can use third party DNS servers with AD,
instead of using 2000's DNS service. These servers must comply with the
standards that 2000's DNS uses. Since it's not that easy to get an ISP who
can or will provide all of this, the best practice is to run your own DNS
for your internal namespace and have that server forward requests which it
can't answer to your ISP's DNS server.
Hope this helps
> I'm setting up our Active Directory and Mail server (on the same box) to
> hosted at our ISP. The ISP takes care of the DNS for our domain. Do I need
> to install and configure the DNS server on the AD machine or can I just
> the ISP's DNS?