RE: [ActiveDir] Multiple Trees questions

Wed, 17 Mar 2004 10:23:19 -0800

D'OH. Nothing like using a contradictory example to illustrate my point. Should have been "sub3.domainA.com"

From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 11:12 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Multiple Trees questions

I read the question differently, coming from the standpoint of everything within a single forest.

If that's correct, then my thoughts:

a) Yes

b) Trees are all about DNS namespaces. If you need domainA.com and domainB.com and domainC.com within the same forest, then you are forced into multiple trees. On the other hand, if you can have domainA.com and sub1.domainA.com, sub2.domainA.com, and sub3.domain.com, then a single tree is your answer.

c) Should be workable with a single Exchange organization, as Exchange is forest-wide in scope, not restriced to tree-wide.


From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 10:48 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Multiple Trees questions

Thoughts inline


From: Celone, Mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 11:53 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Multiple Trees questions

I've got a few questions about using multiple trees in a forest. 

  1. Are there transitive Kerberos trusts across the trees in Win2k?  Win2k3?
    [Mulnick, Al] You can set up trusts, but do you need them to be transitive?  What's the end requirement that you need if you go this route? 
  2. What's the advantage/disadvantages of going with 3 seperate trees vs 1 single tree with an empty root and 3 child domains?
    [Mulnick, Al] The only reason to go with separate forests is the way you manage your environment and security.  If you have to have three separate trees, it can be done, but it's much more complex and administratively a burden if you use multiple trees for everything from upgrades to administrivia.  It does have the advantage of allowing you to implement schema changing apps with less risk however which should count for something.  However, if you're a company that allows people to move betwen countries, the migration process could be a PITA.
  3. Assuming we implement Exchange 2k3 does having 3 seperate trees mean 3 seperate Exchange organizations?
    [Mulnick, Al] have you read the Planning an Exchange 2003 document on www.microsoft.com/exchange/library ?  It talks about the pros and cons of a multi-org Exchange deployment and how Microsoft sees it working.  It's worth your time to read it to help answer this and many more questions about the app. 

We have already implemented AD in our US offices but now our Europe office and Asia-Pacific offices are looking to join into our AD structures. 

Mike Celone

Systems Specialist

Radio Frequency Systems

v 203-630-3311 x1031

f 203-634-2027

m 203-537-2406

Reply via email to