I would tend to agree that a single domain is optimal with the current AD and infrastructure that is available. Other than security, legacy, and most importantly political issues, for most a single domain should be considered.
Where I am, we have 3 domains in a single forest, with one being a root domain. I believe many of our headaches stem from this past decision (in place before I was here) and often ponder making the bold statement of considering collapsing them all into a single domain. Though I suspect I would be lynched. :(
We have over 160 sites, and around 150k users within 2 domains, with the slowest link today around 256k link to departmental sites (50< users).
The security requirements are the same throughout all domains, and I believe the 2 domains exist for political reasons that fortunately are fading away. Many bad policies and practices grew from one decision to keep things seperate.
Of course your companies policies and practices for managing the domain globally go a huge way into that consideration. Issues such as account provisioning, group management, and replication convergence times could impact the business if the infrastructure impact is not understood.
If I had a magic wand....I'd wish for a single domain. :)
Jef
> Subject: RE: [ActiveDir] Root Place Holder justification
> Date: Wed, 26 Apr 2006 09:56:04 -0400
> From: [EMAIL PROTECTED]
> To: [email protected]
>
>
> Your subject is your answer. They need to justify a root domain. Is
> there an actual reason for it?
>
> There are only three reasons to have one, imho....(cut and pasted from a
> google search)
>
> 1. Security requirements are different (password, lockout, and Kerberos
> policies must be applied at the domain level).
> 2. To control/limit replication (but note the recommendations for number
> of
> objects in a domain with slow links - if the slowest link is 56 kbps,
> the
> domain should have no more than 100,000 users).
> 3. Because you inherit a multiple domain setup.
>
> I question number three myself. I would rather clean it up than continue
> with a past decision but I guess that depends upon the impact to
> operations and the complexity of consolidation.
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
> > Sent: Wednesday, April 26, 2006 9:37 AM
> > To: ActiveDir.org
> > Subject: [ActiveDir] Root Place Holder justification
> >
> > Does anyone have any official documentation as to the
> > justification for a root place holder, pro's and con's ?
> >
> > Where I am - I have started at one domain and can see no
> > reason to expand on that - they only have 6 DC's now in a
> > single domain - yet the partner they have chosen is
> > recomending a root place holder with 5 DC's and then 8 in the
> > child domain (they are NOT even supplying the tin) and I
> > wanted some decent amo - a little bit stronger than schema
> > and Ent admin separation.
> >
> > I know at DEC the concensus was the desire to eliminate and I
> > believe Guido and Wook have stated this for the past two DEC's
> >
> > I have searched this list and can find no relevant articles.
> >
> > Many thanks
> >
> > Regards
> >
> > Mark
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive:
> > http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Join the next generation of Hotmail and you could win the adventure of a lifetime Learn More.
