I am not sure I follow what you are saying. I have absolutely run in this configuration in a very large widget manufacturer. Hundreds of thousands of hosts. It works fine for the Base OS. Issues tend to crop up from poorly written/tested applications like the ones I mentioned.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sergio Fonseca Sent: Tuesday, March 29, 2005 10:56 AM To: [email protected] Subject: Re: [ActiveDir] Compelling arguments? Hi, Interesting perspective Joe. One thing that I notice every day is that not all code are prepared to the new features, for example the Domain Controllers location process is followed by many processes but not all. For example when you set permissions on a file to a user of other domain the info is first get from the DC�s in the root domain not the ones where you are logged. If you do not use the same FQDN suffixes you will have some thing working but other will suffer from slowness. On Tue, 29 Mar 2005 10:29:11 -0500, joe <[EMAIL PROTECTED]> wrote: > Ah you mean DNS disjoint namespace. I know of a couple of large orgs > that do this either because Bind Based DNS is full deployed to a very > large base and they don't want to change it and/or they feel a machine > in California shouldn't have the same DNS Suffix as a machine in New > York (I tend to be in that category as well - I like geographic based > DNS names). It is supported from an OS standpoint however it requires > some additional perms on the computer objects so the computers can > properly update their SPNs and dNSHostNames (though these aren't > needed for DCs obviously). I don't think it would be very fun to have > some 100,000+ machines all in a DNS zone called ad.company.com. It > almost seemed an attempt to get away from WINS by making DNS act like WINS on a domain by domain basis. > > The biggest downside to doing this is Microsoft and other software > vendors keep forgetting it is a supported configuration with > applications. Check out MOM2005, the latest SMS whatever that is, some > of the EMC NAS solutions, etc. If you do this, every application that > goes through testing, integration, certification needs to be tested > for disjoint namespace capability. I have seen a couple of occasions > where someone was really bright and set up a disjoint production > namespace but their test environment wasn't disjoint so they would > spend all of this time in test to say something works great and deploy > to production and watch it blow up immediately. > > The other major downside I can think of is around name resolution. If > you aren't using WINS, you better like specifying FQDNs for machines. > This also applies to multidomain forest environments as well as > environments using disjoint namespace though. Personally, I like WINS > (or should I say NBNS as the RFC calls them). I think it got a bum rap > from people who used it and didn't understand how to keep it running > well or those that didn't want, for some, reason, to have unique host > names like those folks who think you need a machine named www to host > a website called www.company.com. There have been times I have > actually considered implementing an NBNS in case MS decides to drop > WINS Server from support. Mine would be a little different though, > accepting dynamic updates would be configurable, I see great value in > an NBNS that does not accept client registrations but instead only gives out info put in by an admin. > > > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Brent > Westmoreland > Sent: Tuesday, March 29, 2005 10:06 AM > To: [email protected] > Subject: [ActiveDir] Compelling arguments? > > > Are there compelling arguments to use the DNS Domain name of your AD > Domain as the primary DNS Suffix versus a different DNS extension from > a client functionality perspective? > > Clients are still able to resolve the AD DNS Domain but most do not > use it as their primary suffix. > > Any thoughts welcome. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
