RE: [ActiveDir] Root Place Holder justification

[joe]

Who? 


--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 
 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Wednesday, April 26, 2006 6:20 PM
To: ActiveDir.org
Subject: Re: [ActiveDir] Root Place Holder justification


Dean/Joseph

Anything to add?

Mark

-----Original Message-----
From: "Jef Kazimer" <[EMAIL PROTECTED]>
Date: Wed, 26 Apr 2006 16:15:09
To:<ActiveDir@mail.activedir.org>
Subject: RE: [ActiveDir] Root Place Holder justification

RH,
 
 
 
It comes in the management issues.   I currently deal with people creating a 
secondary account in the peer domain because they do not want to bother (or 
understand that they can) to use the existing account.   I think alot of this 
stems from lack of centralized policy and process that was not capable due to 
process. 

 
Also a common problem is multiple partitions.   I deal with many 3rd party 
applications that can only bind to a SINGLE directory partition and cannot 
chase referrals.    We had to implement an MIIS system to aggregate the active 
users from 3 domains into a single ADAM instance so that a very popular 3 
letter application could utilize them for authentication.  This brings into 
it's own problems of duplicate account names since without a secondary process 
AD does not enforce uniqueness on samaccountname in a forest.  So which account 
wins when you have a duplicate and flow it into an aggregation directory?
 
 
 
If we had a single domain, this would not be an issue.
 
 
 
I suppose I am going to give you more gripes than hard facts as to why I think 
it causes problems right now though. :(
 
 
 
Jef
 
 
 
 
 
 
 
 
 
 
 

 
 
----------------
 From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Root Place Holder justification
Date: Wed, 26 Apr 2006 15:03:06 -0400

  .ExternalClass .shape {;}  .ExternalClass p.MsoNormal, .ExternalClass 
li.MsoNormal, .ExternalClass div.MsoNormal 
{margin-bottom:.0001pt;font-size:12.0pt;font-family:'Times New Roman';} 
.ExternalClass a:link, .ExternalClass span.MsoHyperlink 
{color:blue;text-decoration:underline;} .ExternalClass a:visited, 
.ExternalClass span.MsoHyperlinkFollowed 
{color:blue;text-decoration:underline;} .ExternalClass p 
{margin-bottom:.0001pt;font-size:12.0pt;font-family:'Times New Roman';} 
.ExternalClass span.EmailStyle18 {font-family:Arial;color:navy;} @page Section1 
{size:8.5in 11.0in;} .ExternalClass div.Section1 {page:Section1;} "Where's the 
harm?" 
Don't tell me about economics or overhead or other things. 
Tell me where the "harm" is. 
Please. 
  
RH
_________________________________ 
  
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, April 26, 2006 2:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Root Place Holder justification

 
 
Jef,
 
 
 
We don’t have a root domain because somebody smarter than I made that decision 
before I took over.  I was convinced at the time we had made a mistake, but 
like you have come to the opposite conclusion.
 
J
 
 
 
AL
 
 
 
 
Al Maurer
Service Manager, Naming and Authentication Services IT | Information Technology 
Agilent Technologies
(719) 590-2639; Telnet 590-2639
http://activedirectory.it.agilent.com: <http://activedirectory.it.agilent.com/> 
 
 
 
 
----------------
 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer
Sent: Wednesday, April 26, 2006 9:51 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Root Place Holder justification
 
 
 
Al,
 
 
 
If you had asked me in the year 2000, I could see issues that would drive a 
root domain to anchor multiple domains.  I would caution against it now.  I 
believe MS had the same stance, and now thinks it may not make as much sense as 
it once did.
 
 
 
Maybe they should re-evaluate their service offerings. :)  I admit I was wrong 
:)
 
 
 
Jef
 
 
----------------
 
> Subject: RE: [ActiveDir] Root Place Holder justification
> Date: Wed, 26 Apr 2006 08:03:19 -0600
> From: [EMAIL PROTECTED]
> To: ActiveDir@mail.activedir.org
> 
> Mark,
> 
> I'm in the same place you are: single forest, single domain, but 30 DCs in a 
> global deployment with 45k users and 37k computers.  Ran that way for 6 years.
> 
> Now we've sold off a business unit of a couple thousand users and they 
> outsourced to a big 3rd party service provider who insisted they go with an 
> empty root.  I recommended against it, but the sourcer (whose initials are 
> E.D.S.) claimed the configuration was supported by Microsoft and they that 
> had run it by Microsoft for "approval."
> 
> I think what it boils down to is that this is their standard service and 
> that's that.  The guys I'm working with are quite knowledgeable and good at 
> what they do, but they're the front line people and not the deep-thinking 
> architects we find at DEC.
> 
> AL
> 
> Al Maurer
> Service Manager, Naming and Authentication Services IT | Information 
> Technology Agilent Technologies
> (719) 590-2639; Telnet 590-2639
> http://activedirectory.it.agilent.com
> 
> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
> Sent: Wednesday, April 26, 2006 7:37 AM
> To: ActiveDir.org
> Subject: [ActiveDir] Root Place Holder justification
> 
> Does anyone have any official documentation as to the justification for a 
> root place holder, pro's and con's ?
> 
> Where I am - I have started at one domain and can see no reason to expand on 
> that - they only have 6 DC's now in a single domain - yet the partner they 
> have chosen is recomending a root place holder with 5 DC's and then 8 in the 
> child domain (they are NOT even supplying the tin) and I wanted some decent 
> amo - a little bit stronger than schema and Ent admin separation.
> 
> I know at DEC the concensus was the desire to eliminate and I believe 
> Guido and Wook have stated this for the past two DEC's
> 
> I have searched this list and can find no relevant articles.
> 
> Many thanks
> 
> Regards
> 
> Mark
> List info   : http://www.activedir.org/List.aspx
> List FAQ    : http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ    : http://www.activedir.org/ListFAQ.aspx
> List archive: 
> http://www.mail-archive.com/activedir%40mail.activedir.org/
 
 
 
 
----------------
 
Join the next generation of Hotmail and you could win the adventure of a 
lifetime Learn More.


----------------
Upgrade for free to Windows Live Mail beta and you could win an African Safari 
Learn more [EMAIL PROTECTED]     šŠV«r¯yÊ&ý§-Š÷Š¾4™¨¥iËb½çb®Šà

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/