RE: [ActiveDir] Multiple Domain Trees in a Single Forest

Thu, 28 Jul 2005 13:06:14 -0700

Hi Robert,
 
Jorge wrote on Sunday "The only different is politics and feelings" and I mostly agree with him.
 
In addition, I list three non-reasons to have multiple forests:
 
- A client once showed me a book that suggested a "peer-root" domain model. In the model, the forest root domain (FRD) could be called shifjeee.hidden, for example, so that "an unpopulated forest root domain that exists solely to segregate the schema master function from the rest of the network" would have a hidden name. However, rootDSE info reveals the name of the FRD anonymously to anyone, so there is not much point in "hiding" the FRD name.
 
- By using multiple trees, the admins, would need to type slightly shorter DNs.
 
- By using multiple trees, different parts of the organization could have more "independent" names, such as companyA.com instead of companyA.something.com (as Jorge writes). But so what...
 
So I'm not sure if there are any real pros in multiple trees. The (quite slight) cons are what you already mentioned, LDAP searches, and DNS configuration.
 
Yours, Sakari
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, July 28, 2005 2:25 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Multiple Domain Trees in a Single Forest

Hello All,
 
 
Looking to decide on an AD domain structure
in a single forest. The options on the table are;



1.      Dedicated root domain (x.com) and child domains (i.e. a.x.com,
b.x.com etc.) based on the regions.
2.      Dedicated root domain (x.com) and other domains (i.e. a.com and
b.com etc.) based on the regions.



The potential risk for the second option that has been identified is
that the deep LDAP search against a regular DC instead of a GC in one
domain for a resource in the another domain may not return any results.
However, the client intends to take the risk and mitigate it by
deploying enough Global Catalogs (GC). In a nutshell, we would like to go with a disjointed namespace for the multiple domains within the forest.  However, I need pro\cons to this approach.  In addition, does the introduction of conditional forwarding and stub zones mitigate many of the issues that plauged disjointed namespaces?
 
Thanks!
 
Rob
 

Reply via email to