Roger, Do you - Or anyone reading this have any good documentation on the empty root concept?
Joe Pelle Systems Administrator Information Technology Valassis / Targeted Print & Media Solutions 35955 Schoolcraft Rd. Livonia, MI 48150 Tel 734.632.3753 Fax 734.632.6240 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 11, 2002 9:00 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Back to Basics - Design Pros and Cons You're really looking at what I'd call a consulting question - there are too many factors to be able to give this any sort of justice via an email forum. That being said, here are some thoughts. Start with defining the levels of separation and security between your different classes of users, as well as determining what (if any) resources are expected to be available, and which classes of users need access to them (ie computer labs, etc). Define the administration policies for the different classes of users - are the student accounts managed by different people than staff, etc? Unless you have very serious issues with the trustworthiness (or they're just plain unruly) of the administrators for student accounts, I don't see a lot of reason to create a multiple forest design, especially if there are many resources that have to be shared between the students and faculty. The design will flow from how well you define your user classes. The better you understand the requirements for interaction and administration, the easier it will be to develop a design that will suit your institution. After all that, my first idea would be a 3 domain forest - empty root, faculty domain and student domain. Multiple forests are possible, and in some cases preferable, but they are a significant overhead, IMO. Roger ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Wohlgehagen, Max W > [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 10, 2002 8:20 PM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Back to Basics - Design Pros and Cons > > > There is so much material out there on AD now it is almost > scary [in many ways it is not too dissimilar to NDS 'cepting > the DNS component] My problem is design for a new network, > being in a school we have the luxury of starting from scratch > without business fallout problems. We are multi-campus and > have a fairly substantial network with an 11MB "Spread > Spectrum" Microwave link between campuses. I am a big fan of > the KISS principle but am stuck in deciding between multiple > trees or a single tree with many sites, both concepts have > advantages. We do not need to implement a Forrest structure > as our DNS is set in concrete. We have the following > elements: Campus1, Campus2, Students1, Students2, Staff1, > Staff2 ... or OrganisationAll, StaffAll, StudentsAll. > Obviously there are sub components of these elements as well. > The main concern is to have the most useful GPO structure > without too much complexity. Does anyone have any experience > in setting up this type of AD. Any ideas on multiple domains > versus single domain many sites?? Help, opinions, comments, > ideas all welcome. Thanks. > > Max Wohlgehagen > TSI - Rowville > "Of all the things I've lost, it's my mind I miss the most." > <<Wohlgehagen, Max (E-mail).vcf>> > > > > ************************************************************** > ***************** > Important - This email and any attachments may be > confidential. If received in error, please contact us and > delete all copies. Before opening or using attachments check > them for viruses and defects. Regardless of any loss, damage > or consequence, whether caused by the negligence of the > sender or not, resulting directly or indirectly from the use > of any attached files our liability is limited to resupplying > any affected attachments. Any representations or opinions > expressed are those of the individual sender, and not > necessarily those of the Department of Education & Training. > > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
