RE: [ActiveDir] Root Place Holder justification

[Almeida Pinto, Jorge de]

i think he meant..... joseph  ;-)
 
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
 
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
(   Tel     : +31-(0)40-29.57.777
(   Mobile : +31-(0)6-26.26.62.80
*   E-mail : <see sender address>

________________________________

From: [EMAIL PROTECTED] on behalf of joe
Sent: Thu 2006-04-27 01:23
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Root Place Holder justification



Who?


--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
Sent: Wednesday, April 26, 2006 6:20 PM
To: ActiveDir.org
Subject: Re: [ActiveDir] Root Place Holder justification


Dean/Joseph

Anything to add?

Mark

-----Original Message-----
From: "Jef Kazimer" <[EMAIL PROTECTED]>
Date: Wed, 26 Apr 2006 16:15:09
To:<ActiveDir@mail.activedir.org>
Subject: RE: [ActiveDir] Root Place Holder justification

RH,



It comes in the management issues.   I currently deal with people creating a 
secondary account in the peer domain because they do not want to bother (or 
understand that they can) to use the existing account.   I think alot of this 
stems from lack of centralized policy and process that was not capable due to 
process.


Also a common problem is multiple partitions.   I deal with many 3rd party 
applications that can only bind to a SINGLE directory partition and cannot 
chase referrals.    We had to implement an MIIS system to aggregate the active 
users from 3 domains into a single ADAM instance so that a very popular 3 
letter application could utilize them for authentication.  This brings into 
it's own problems of duplicate account names since without a secondary process 
AD does not enforce uniqueness on samaccountname in a forest.  So which account 
wins when you have a duplicate and flow it into an aggregation directory?



If we had a single domain, this would not be an issue.



I suppose I am going to give you more gripes than hard facts as to why I think 
it causes problems right now though. :(



Jef














----------------
 From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Root Place Holder justification
Date: Wed, 26 Apr 2006 15:03:06 -0400

  .ExternalClass .shape {;}  .ExternalClass p.MsoNormal, .ExternalClass 
li.MsoNormal, .ExternalClass div.MsoNormal 
{margin-bottom:.0001pt;font-size:12.0pt;font-family:'Times New Roman';} 
.ExternalClass a:link, .ExternalClass span.MsoHyperlink 
{color:blue;text-decoration:underline;} .ExternalClass a:visited, 
.ExternalClass span.MsoHyperlinkFollowed 
{color:blue;text-decoration:underline;} .ExternalClass p 
{margin-bottom:.0001pt;font-size:12.0pt;font-family:'Times New Roman';} 
.ExternalClass span.EmailStyle18 {font-family:Arial;color:navy;} @page Section1 
{size:8.5in 11.0in;} .ExternalClass div.Section1 {page:Section1;} "Where's the 
harm?"
Don't tell me about economics or overhead or other things.
Tell me where the "harm" is.
Please.
 
RH
_________________________________
 
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, April 26, 2006 2:49 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Root Place Holder justification



Jef,



We don't have a root domain because somebody smarter than I made that decision 
before I took over.  I was convinced at the time we had made a mistake, but 
like you have come to the opposite conclusion.

J



AL




Al Maurer
Service Manager, Naming and Authentication Services IT | Information Technology 
Agilent Technologies
(719) 590-2639; Telnet 590-2639
http://activedirectory.it.agilent.com: <http://activedirectory.it.agilent.com/> 



----------------

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer
Sent: Wednesday, April 26, 2006 9:51 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Root Place Holder justification



Al,



If you had asked me in the year 2000, I could see issues that would drive a 
root domain to anchor multiple domains.  I would caution against it now.  I 
believe MS had the same stance, and now thinks it may not make as much sense as 
it once did.



Maybe they should re-evaluate their service offerings. :)  I admit I was wrong 
:)



Jef


----------------

> Subject: RE: [ActiveDir] Root Place Holder justification
> Date: Wed, 26 Apr 2006 08:03:19 -0600
> From: [EMAIL PROTECTED]
> To: ActiveDir@mail.activedir.org
>
> Mark,
>
> I'm in the same place you are: single forest, single domain, but 30 DCs in a 
> global deployment with 45k users and 37k computers.  Ran that way for 6 years.
>
> Now we've sold off a business unit of a couple thousand users and they 
> outsourced to a big 3rd party service provider who insisted they go with an 
> empty root.  I recommended against it, but the sourcer (whose initials are 
> E.D.S.) claimed the configuration was supported by Microsoft and they that 
> had run it by Microsoft for "approval."
>
> I think what it boils down to is that this is their standard service and 
> that's that.  The guys I'm working with are quite knowledgeable and good at 
> what they do, but they're the front line people and not the deep-thinking 
> architects we find at DEC.
>
> AL
>
> Al Maurer
> Service Manager, Naming and Authentication Services IT | Information
> Technology Agilent Technologies
> (719) 590-2639; Telnet 590-2639
> http://activedirectory.it.agilent.com
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Mark Parris
> Sent: Wednesday, April 26, 2006 7:37 AM
> To: ActiveDir.org
> Subject: [ActiveDir] Root Place Holder justification
>
> Does anyone have any official documentation as to the justification for a 
> root place holder, pro's and con's ?
>
> Where I am - I have started at one domain and can see no reason to expand on 
> that - they only have 6 DC's now in a single domain - yet the partner they 
> have chosen is recomending a root place holder with 5 DC's and then 8 in the 
> child domain (they are NOT even supplying the tin) and I wanted some decent 
> amo - a little bit stronger than schema and Ent admin separation.
>
> I know at DEC the concensus was the desire to eliminate and I believe
> Guido and Wook have stated this for the past two DEC's
>
> I have searched this list and can find no relevant articles.
>
> Many thanks
>
> Regards
>
> Mark
> List info   : http://www.activedir.org/List.aspx
> List FAQ    : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info   : http://www.activedir.org/List.aspx
> List FAQ    : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/




----------------

Join the next generation of Hotmail and you could win the adventure of a 
lifetime Learn More.


----------------
Upgrade for free to Windows Live Mail beta and you could win an African Safari 
Learn more [EMAIL PROTECTED]     sSV«r¯yÊ&ý§-S÷S¾4(tm)¨¥iËb½çb®Sà

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/




This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.

<<winmail.dat>>