RE: [ActiveDir] Multiple Domain Trees in a Single Forest

[Peter Johnson]

I’m partial to a dedicated, empty root as it allows for more flexible pruning and grafting and has they added advantage of extra schema security etc as you will never need to log in to the empty root except for schema updates etc.   Regards Peter Johnson   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 28 July 2005 13:25 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Multiple Domain Trees in a Single Forest   Hello All,     Looking to decide on an AD domain structure in a single forest. The options on the table are; 1.      Dedicated root domain (x.com) and child domains (i.e. a.x.com, b.x.com etc.) based on the regions. 2.      Dedicated root domain (x.com) and other domains (i.e. a.com and b.com etc.) based on the regions. The potential risk for the second option that has been identified is that the deep LDAP search against a regular DC instead of a GC in one domain for a resource in the another domain may not return any results. However, the client intends to take the risk and mitigate it by deploying enough Global Catalogs (GC). In a nutshell, we would like to go with a disjointed namespace for the multiple domains within the forest.  However, I need pro\cons to this approach.  In addition, does the introduction of conditional forwarding and stub zones mitigate many of the issues that plauged disjointed namespaces?   Thanks!   Rob