doh! :)
I have got to pay closer attention to the terminology in
some of these.
In that case, it's not so tough. Multiple domains
(trees) are not too tough to implement. I'd have to say that a separate
domain doesn't seem neccessary unless you meet one of the five criteria for new
domains (two important ones off the top of my head: password policy and domain
level policies). If those don't meet the business requirements, then you
need multiple domains. If they can be met with a single domain, that's a
simple and easy way to do this as long as you pay close attention to the site
build out.
Sorry about that confusion.
Al
From: Celone, Mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 1:03 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Multiple Trees questions
Thanks for the reply Al. When I said 3 seperate trees
I meant 3 trees within the same forest. There would be no empty root
domain but we would all be part of the same forest. We are definetly not
looking to go with 3 seperate forests. I'm wondering how much
adminsitration overhead we would be adding to by having 3 trees within the same
forest.
Mike
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 12:48 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Multiple Trees questions
Thoughts inline
From: Celone, Mike [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 11:53 AM
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] Multiple Trees questions
I've got a few
questions about using multiple trees in a forest.
- Are there
transitive Kerberos trusts across the trees in Win2k?
Win2k3?
[Mulnick, Al] You can set up trusts, but do you need them to be transitive? What's the end requirement that you need if you go this route? - What's the
advantage/disadvantages of going with 3 seperate trees vs 1 single tree with
an empty root and 3 child domains?
[Mulnick, Al] The only reason to go with separate forests is the way you manage your environment and security. If you have to have three separate trees, it can be done, but it's much more complex and administratively a burden if you use multiple trees for everything from upgrades to administrivia. It does have the advantage of allowing you to implement schema changing apps with less risk however which should count for something. However, if you're a company that allows people to move betwen countries, the migration process could be a PITA. - Assuming we
implement Exchange 2k3 does having 3 seperate trees mean 3 seperate Exchange
organizations?
[Mulnick, Al] have you read the Planning an Exchange 2003 document on www.microsoft.com/exchange/library ? It talks about the pros and cons of a multi-org Exchange deployment and how Microsoft sees it working. It's worth your time to read it to help answer this and many more questions about the app.
We have already
implemented AD in our US offices but now our Europe office and Asia-Pacific
offices are looking to join into our AD structures.
