to have an empty forest root domain or not... (things I just thought of) POSSIBLES FOR "TO HAVE":
*
Large, complex and dynamic organizations
*
Organization with independent departments and decentralized IT
departments (because of this one or more IT departments does not accept the
other as being the forest root domain)
*
Wish to have a forest root domain that is department/region/location
independent (incl. its name) (better possibilities to transfer ownership and
better resistent to organizational changes)
*
Stronger security policies for admin accounts
POSSIBLES FOR "NOT TO HAVE":
*
Organization with a centralized IT department
*
Static organizations
*
Additional costs and hardware
You could have a look at the Windows Server System Reference Architecture -->
http://www.microsoft.com/technet/itsolutions/wssra/raguide/default.mspx
Directory Services Guide -->
http://www.microsoft.com/technet/itsolutions/wssra/raguide/DirectoryServices/igdrbp.mspx?mfr=true
(search for section called "Forest Root Design")
my 2 cents
cheers,
jorge
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>
________________________________
From: [EMAIL PROTECTED] on behalf of Mark Parris
Sent: Wed 2006-04-26 15:36
To: ActiveDir.org
Subject: [ActiveDir] Root Place Holder justification
Does anyone have any official documentation as to the justification for a root
place holder, pro's and con's ?
Where I am - I have started at one domain and can see no reason to expand on
that - they only have 6 DC's now in a single domain - yet the partner they have
chosen is recomending a root place holder with 5 DC's and then 8 in the child
domain (they are NOT even supplying the tin) and I wanted some decent amo - a
little bit stronger than schema and Ent admin separation.
I know at DEC the concensus was the desire to eliminate and I believe Guido and
Wook have stated this for the past two DEC's
I have searched this list and can find no relevant articles.
Many thanks
Regards
Mark
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an intended
recipient then please promptly delete this e-mail and any attachment and all
copies and inform the sender. Thank you.
<<winmail.dat>>
