1. Yes. It is a single forest, all domains within a single
forest have a transitive trust relationship irregardless of child or tree
status.
2. Actually I consider it more confusing to go with
separate trees. Generally you do it when there is some political battle and
someone doesn't want to be a child domain of domain named something they don't
want to be associated with. The forest root is still the forest root though.
Your chances of breaking third party apps increases by using multiple trees as
well.
An example:
You have a forest root of say toyota.com. Lexus doesn't
want toyota in the name so they add a new tree to the forest called lexus.com.
Note however that the forest root is still toyota.com and all queries to
configuration container and schema would be to toyota.com, there would be no
cn=configuration,dc=lexus,dc=com. Like I said, that would break some third party
apps who make assumptions.
3. I believe you should be able to do this with one
organization. However... If this is a large decentralized deployment (with WAN
sites) with a centralized Exchange deployment consider a separate forest for
Exchange.
-------------
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Celone, Mike
Sent: Wednesday, March 17, 2004 11:53 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Multiple Trees questions
I've got a few
questions about using multiple trees in a forest.
- Are there transitive Kerberos trusts across the trees in Win2k? Win2k3?
- What's the advantage/disadvantages of going with 3 seperate trees vs 1 single tree with an empty root and 3 child domains?
- Assuming we implement Exchange 2k3 does having 3 seperate trees mean 3 seperate Exchange organizations?
We have already
implemented AD in our US offices but now our Europe office and Asia-Pacific
offices are looking to join into our AD structures.
Mike Celone
Systems Specialist
Radio Frequency
Systems
v 203-630-3311 x1031
f 203-634-2027
m 203-537-2406
