Well I've inherited what I'll kindly refer to as a "mess." I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas.
Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.com parent domain and it's empty save the defaults, there is also a child domain of US.companyX.com with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc >________________________________ > From: Brian Desmond <[email protected]> >To: NT System Admin Issues <[email protected]> >Sent: Thursday, April 12, 2012 2:16 PM >Subject: RE: Domain local vs. global vs. universal > > > >Well the impact is that all uni group membership changes replicate to every >GC. If you’ve got concerns around WAN utilization, availability, latency, >etc., then this could be worth looking at. In quite a lot of scenarios, the >WAN issues that existed circa Windows 2000 don’t exist anymore which makes >this a less interesting discussion point. Without knowing about your >customer’s environment and scale it’s hard to say. > >I would say that it’s highly unlikely that I would design a new multi-domain >forest except for some pretty isolated and specific design requirements these >days. > >Thanks, >Brian Desmond >[email protected] > >w – 312.625.1438 | c – 312.731.3132 > >From:Lora Cates [mailto:[email protected]] >Sent: Thursday, April 12, 2012 1:05 PM >To: NT System Admin Issues >Subject: Re: Domain local vs. global vs. universal > >I too am looking into this for a coming migration I've been asked to design >for a customer. What's the impact to GC's by making everything Universal >Groups? Especially in a multi domain, multi forest environment? > >-lc > >________________________________ > >From:Brian Desmond <[email protected]> >To: NT System Admin Issues <[email protected]> >Sent: Thursday, April 12, 2012 12:02 PM >Subject: RE: Domain local vs. global vs. universal > > > >In a single domain forest (or even many multi-domain domain forests today), I >would just do all uni groups. > >Thanks, >Brian Desmond >[email protected] > >w – 312.625.1438 | c – 312.731.3132 > >From:David Lum [mailto:[email protected]] >Sent: Thursday, April 12, 2012 11:28 AM >To: NT System Admin Issues >Subject: Domain local vs. global vs. universal > >Today I found a global group in my AD (created by an SE that wasn’t me), but >for this function I needed to add a domain local group to it and for course, >that’s not possible. Someplace I heard in AD pretty much every group you use >should be domain local unless it’s used for Exchange in which case you use >Universal. All groups I create are domain local and it simply works, but I >know that doesn’t mean it’s right. > >Before sending a note to the SE team on this I wanted to get a consensus from >you guys. Comments? >David Lum >Systems Engineer //NWEATM >Office 503.548.5229//Cell (voice/text) 503.267.9764 > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
