|
Rich,
Maybe I didn't describe the *proposed* structure well
enough - one forest (and one exch org).
There are 4 forests today but the plan is to 'collapse'
into 1 forest.
I've
also been here many times before - believe me I've argued the political battle
over and over and expressed concerns regarding admin costs and issues etc etc.
However, when people are used to managing a whole forest, they don't want to
have to migrate to an OU and lose all their rights over night. I'm with you and
others and don't feel comfortable with this but that's the
compromise.
Sometimes an architect has to bite his/her lip and allow the political
argument to trump the technical argument - especially if that is the only
way to find a compromise and hence solution :)
Thanks,
neil
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: 04 October 2005 15:05 To: [email protected] Subject: RE: [ActiveDir] Multiple forests with a common DNS parent zone Neil –
I’ve been there, for
sure (probably many here on this list have). What kind of Exchange
structure are they looking at? You’re really complicating things with
multiple forests, as you know I’m sure, but I’m also sure the political factors
do not understand the administrative costs related to it. As far as the
DNS domain name goes, I would put money on it that they think their email
address is dependent upon the domain address – a lot of people have difficulty
with that common misconception. Maybe some people here
who have overcome those political objections can share how they convinced their
people? It would be worth some work to avoid the mess you described… good
luck J Rich --------------------------------------------------------------------------- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of
[EMAIL PROTECTED] * What
is/are the reasons of existance for the multiple forests? -
political reasons * Why
do you want to create one forest with multiple child domains? What is the
purpose of the child domains? Why not create a single domain
forest? -
political reasons. As an architect I suggested one domain in one
forest. * Do
you trust everyone within the new forest that is a domain
admin? -
to be worked on :) Trust is a dirty word right now :) * Why
do you feel uncomfortable with the proposal? -
I never liked the idea of re-using the external DNS name for an internal AD and
was concerned that re-using the same 'root' could cause issues. I would
prefer a clean break from .com and ideally from xxx too. Maybe a compromise
would be to use xxx.net... My
concerns were not based upon anything concrete and hence my question to the
list. neil From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Almeida Pinto, Jorge
de For the
information you have posted I don't feel uncomfortable re-using the XXX.COM DNS
name and building a new forest root called GLOBAL.XXX.COM (assuming your
internet presence is XXX.COM). Isn't XXX the company's
name? In my
opinion it is OK to use: *
COMPANY.LOCAL for the forest root if external is
COMPANY.COM *
something like AD.COMPANY.COM or GLOBAL.COMPANY.COM for the forest root if
external is COMPANY.COM *
something like <COMMON-NAME>.<TLD> if external is
COMPANY.COM It all
depends on your DNS and name resolution
requirements Well....
a few questions come up.. * What
is/are the reasons of existance for the multiple
forests? * Why
do you want to create one forest with multiple child domains? What is the
purpose of the child domains? Why not create a single domain
forest? * Do
you trust everyone within the new forest that is a domain
admin? * Why
do you feel uncomfortable with the proposal? my EUR
0,02 Cheers Jorge From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of
[EMAIL PROTECTED] I
have encountered a situation where 4 forests exist today, all of which have a
common DNS parent zone - let's call it xxx.com. Forest 1 has root domain named
xxx.com with multiple child domains DNS
resolution between the 4 forests works fine. Xxx.com is hosted on UNIX BIND
servers with all child zones delegated to Windows DNS servers. All child zone
DNS servers forward to the servers hosting xxx.com. Existing forests are w2k
native and no trusts exist between these forests. There is a proposal to build a new,
fifth forest and to migrate all objects from the 4 forests above into this new
forest. Does anyone have any concerns over
the re-use of the same DNS name - xxx.com? I feel uncomfortable with this
proposal but don't have any technical reasons to block
it. Any
comments? Thanks, ___________________________
PLEASE READ: The information
contained in this email is confidential and intended for the named recipient(s)
only. If you are not an intended recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further action in reliance on it. Email is
not a secure method of communication and Nomura International plc ('NIplc')
will not, to the extent permitted by law, accept responsibility or liability
for (a) the accuracy or completeness of, or (b) the presence of any virus,
worm or similar malicious or disabling code in, this message or any
attachment(s) to it. If verification of this email is sought then please request
a hard copy. Unless otherwise stated this email: (1) is not, and should
not be treated or relied upon as, investment research; (2) contains
views or opinions that are solely those of the author and do not necessarily
represent those of NIplc; (3) is intended for informational purposes only and
is not a recommendation, solicitation or offer to buy or sell securities or
related financial instruments. NIplc does not provide investment services
to private customers. Authorised and regulated by the Financial Services
Authority. Registered in no. 1550505 VAT No. 447 2492 35.
Registered Office: 1 This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete
this e-mail and any attachment and all copies and inform the sender. Thank
you. PLEASE READ: The information
contained in this email is confidential and intended for the named recipient(s)
only. If you are not an intended recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further action in reliance on it. Email is
not a secure method of communication and Nomura International plc ('NIplc')
will not, to the extent permitted by law, accept responsibility or liability
for (a) the accuracy or completeness of, or (b) the presence of any virus,
worm or similar malicious or disabling code in, this message or any
attachment(s) to it. If verification of this email is sought then please request
a hard copy. Unless otherwise stated this email: (1) is not, and should
not be treated or relied upon as, investment research; (2) contains
views or opinions that are solely those of the author and do not necessarily
represent those of NIplc; (3) is intended for informational purposes only and
is not a recommendation, solicitation or offer to buy or sell securities or
related financial instruments. NIplc does not provide investment services
to private customers. Authorised and regulated by the Financial Services
Authority. Registered in no. 1550505 VAT No. 447 2492 35.
Registered Office: 1
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
|
Title: Multiple forests with a common DNS parent zone
- RE: [ActiveDir] Multiple forests with a common DNS parent ... neil.ruston
- RE: [ActiveDir] Multiple forests with a common DNS pa... ActiveDirectory
