I would tend to agree except in the case of Exchange, I am
ALL FOR Exchange being run in a separate single domain forest, it solves an
incredible number of problems such as the GC/NSPI problems as well as
administrative isolation, etc. The exception there is if Exchange is deployed in
a decentralized fashion out to all of the sites you already have DCs at, at
that point, you probably want to fight with the issues with it in the main
forest.
The biggest complaint I have seen for running a separate
Single Domain Forest for Exchange is around provisioning and quite frankly, that
really isn't all that involved and doesn't necessarily need a full blown
MIIS/IIFP solution. It depends on what data is needed where. If you
need all of the GAL info in the main NOS forest as well as the Exchange forest
then you looking more into metadat sync tools unless your provisioning is all
being handled through a centralized mechanism and then that can be used to send
the info in both directions and actual tie between the domains for syncing isn't
necessarily required.
But if this isn't Exchange, I would be curious to hear the
details of the app and why they want a separate forest. Most vendors if they
told me they did it in a stupid way that had that requirement I would beat and
tell them to fix it. With MSFT and Exchange, that only works a little bit.
:)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Thursday, July 20, 2006 2:32 PM
To: [email protected]
Subject: RE: [ActiveDir] Vendor Domain
I think everyone would be conceptually opposed - would be
good to hear the vendor's reasoning for this.
What does the app do?
What benefit do you have from running their app in a
speparate (single domain) forest?
I can think of many downsides, but if the app is supposed
to protect really sensitive data (isolation scenario), this may potentially be
the reason for them to demand a separate forest. Certainly not, if the same
folks manage both forests though... So pls. aks them for more details -
doesn't hurt to understand their thinking.
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny
Sent: Wednesday, July 19, 2006 8:09 PM
To: [email protected]
Subject: [ActiveDir] Vendor Domain
We are a 2003 Forest
with an empty root domain and a single child domain. We have a vendor looking to
bring in a product that utilizes its own domain and has a one way trust to our
domain.
I do not know
anything about the product yet but I am almost conceptually opposed to these
vendor domains. I am looking for pros and cons... really ammunition to say
no.
Thanks
Johnny Figueroa
Supervisor Network Operations & Support
Network Services
Banner Health
Voice (602) 747-4195
Fax (602) 747-4406
WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately
Supervisor Network Operations & Support
Network Services
Banner Health
Voice (602) 747-4195
Fax (602) 747-4406
WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately
