-----Original Message-----
From: Strand, Ted [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 1:16 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Introductions...
Here are the points we used Had to copy to this e mail Was in PowerPoint
format. This is for using separate forests (User accounts in one forest,
resources in separate forests) There may be some things that have been left
out.
Pros
Public Key Infrastructure
Auto enrollment
Single source for certificates
Essential in secure e-commerce transactions between businesses
Certificate Revocation List (CRL)
Lower cost to support and maintain a single forest
Case Studies and Gartner Report
Indicate averages of 17% reduction in TCO
$300-$600 per desktop savings in administration costs per year
Common Schema
Definition and extensibility of object classes are maintained centrally
by committee
Reduces risk of catastrophic failure, since group administrative
membership for modifying the schema is smaller (some schema changes are
permanent)
Management of objects within an OU are easier to maintain and administer in
a single forest
Business Unit Administrators still maintain control of resources
Common userid with permissions to multiple objects
Supports single sign on from anywhere in the forest
Easier search capabilities in AD
Promotes single, one company view of the enterprise
Increased collaboration thru a common global catalog
Lower costs of performing audits to validate that separate forests are
following corporate policies
Less complex and more efficient use of bandwidth for replication and
synchronization across the enterprise
Allows common visible distribution lists, meeting requests, calendaring,
instant messaging, presence notification, and a shared community of user
throughout the forest
Easier to find users and resources throughout the organization in a single
forest (The AD Structure is transparent to user)
Information and processes are consolidated
Terminal Server management tools only recognize one forest
Lower admin costs
Distribution of administration is easier to delegate
OU's are the new units of administration
Local and centralized
Cons
Separate Exchange Organizations
Increased network traffic
Complicated Logons
Users have to log on using UPN
Logon time increased by 30 - 40 %
TCO is higher
More Labor
Higher Maintenance
Increased machine (server) needs
Introduces complexity
Synchronization of objects between forests isn't (natively) supported
Requires very expensive Metadirectory services from Microsoft or 3rd party
Vendor ( Can cost over one million dollars)
Increased points of failure
Duplication of efforts across the organization
Multiple Schemas to maintain
Duplication of Backup and Recovery processes
Multiple DNS designs
Complex navigation (Users will have to navigate AD Structure)
Promotes separate company views of the enterprise
Only NT4 style non-transitive trust are supported between forests
Higher cost of managing the trusts (manual setup)
Higher propensity for failure (due to human error - manual setup)
----Original Message-----
From: Ellis, Debbie [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 9:57 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Introductions...
K
Can you forward a copy of the pro's/con's list that you presented? We are
about to embark on the same battle. Any information (documentation) that
anyone has would be very beneficial.
-Ted Strand-
Tech Data Corporation
-
Cheers,
Paul
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
