Jim, if you do decide to add an additional domain, the logon process for a roaming user will be a little different than you described.
Using an AutoSiteCoverage algorithm AD will cause site-specific SRV records to be registered for every site that does not have a DC for a given domain. Daces in the next closest site based on your replication topology will automatically register SRV records for the site without a DC for that domain. You can influence the behavior of AutoSiteCoverage through the registry. For example, you can cause a DC to register SRV records for a specific site even if it is not in the closest site. Chapter 2 of the Branch Office Planning Guide has some information on AutoSiteCoverage. http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/ad/windows2000/deploy/adguide/adplan/default.asp -Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 11:09 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] User experience roaming Multiple Domains in a single forest We are considering expanding the scope our Active Directory to include a sister company. And with the doubling of our user population and sites, we are considering a multiple domain scenario. Beyond the security, risk mitigation and bandwidth control benefits, I am trying to get a handle on what would be lost from a user standpoint when roaming from a site where they have a DC in their home domain, to a site that has DC's that belong to another domain in the forest. If you know of any reading that would help clarify the points on the issue please send me a link or recommendation. The logon process should use DNS to find a DC, but it will find that no DC's for that domain exist in the site the client is in. So a non optimal DC will be chosen, unless I configure DNS records for a preferred DC for that domain for that site (seems like a hideous administration load unless automated). The user will authenticate to the non optimal DC, and run GPO's, logon scripts, and roaming profiles from that DC. (Am I missing anything?). Profiles have a slow link control, that can manage that part of the user experience. Are there any other caveat's? Thanks in advance for responses to such a trivial question. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
