I think Al is reading your question as multiple forests vs
single forest. Please clarify since I understand your Q to be about one forest
with a single tree vs multiple trees.
If you want/need a security boundary you will end up in a multiple forest environment, but that's due to laws etc if applicable since the forest is the only security boundary today. If you have multiple trees in one forest you can have separate namespaces for each tree etc.. But before digging into the details please confirm is you're talking about singel forest or not.
If you want/need a security boundary you will end up in a multiple forest environment, but that's due to laws etc if applicable since the forest is the only security boundary today. If you have multiple trees in one forest you can have separate namespaces for each tree etc.. But before digging into the details please confirm is you're talking about singel forest or not.
Regards,
/Jimmy
-------------------------------------
Jimmy Andersson, Q Advice
AB
Principal Advisor
Microsoft MVP - Directory
Services
---------- www.qadvice.com ----------
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al
Sent: Wednesday, March 17, 2004 6:48 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Multiple Trees questions
Thoughts inline
From: Celone, Mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 11:53 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Multiple Trees questions
I've got a few
questions about using multiple trees in a forest.
- Are there
transitive Kerberos trusts across the trees in Win2k?
Win2k3?
[Mulnick, Al] You can set up trusts, but do you need them to be transitive? What's the end requirement that you need if you go this route? - What's the
advantage/disadvantages of going with 3 seperate trees vs 1 single tree with
an empty root and 3 child domains?
[Mulnick, Al] The only reason to go with separate forests is the way you manage your environment and security. If you have to have three separate trees, it can be done, but it's much more complex and administratively a burden if you use multiple trees for everything from upgrades to administrivia. It does have the advantage of allowing you to implement schema changing apps with less risk however which should count for something. However, if you're a company that allows people to move betwen countries, the migration process could be a PITA. - Assuming we
implement Exchange 2k3 does having 3 seperate trees mean 3 seperate Exchange
organizations?
[Mulnick, Al] have you read the Planning an Exchange 2003 document on www.microsoft.com/exchange/library ? It talks about the pros and cons of a multi-org Exchange deployment and how Microsoft sees it working. It's worth your time to read it to help answer this and many more questions about the app.
We have already
implemented AD in our US offices but now our Europe office and Asia-Pacific
offices are looking to join into our AD structures.
Mike Celone
Systems Specialist
Radio Frequency
Systems
v 203-630-3311 x1031
f 203-634-2027
m 203-537-2406
