We are considering expanding the scope our Active Directory to include a sister company. And with the doubling of our user population and sites, we are considering a multiple domain scenario.
Beyond the security, risk mitigation and bandwidth control benefits, I am trying to get a handle on what would be lost from a user standpoint when roaming from a site where they have a DC in their home domain, to a site that has DC's that belong to another domain in the forest. If you know of any reading that would help clarify the points on the issue please send me a link or recommendation. The logon process should use DNS to find a DC, but it will find that no DC's for that domain exist in the site the client is in. So a non optimal DC will be chosen, unless I configure DNS records for a preferred DC for that domain for that site (seems like a hideous administration load unless automated). The user will authenticate to the non optimal DC, and run GPO's, logon scripts, and roaming profiles from that DC. (Am I missing anything?). Profiles have a slow link control, that can manage that part of the user experience. Are there any other caveat's? Thanks in advance for responses to such a trivial question. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
