http://briandesmond.com/
On Thu, Apr 12, 2012 at 4:08 PM, Lora Cates <[email protected]>wrote: > Well I've inherited what I'll kindly refer to as a "mess." I'm still in > the information gathering phase myself as I haven't quite been here 12 days > yet, and only found this list recently. So I'll apologize in advance for > my faux pas. > > Basically I was hired to consolidate a plethora of disparate AD > domains/forests in several geographically dispersed hospital groups into a > single forest. I still haven't met with the networking folks, so I don't > know what shape the WAN is in. My predecessor went so far as to set up the > CompanyX.com parent domain and it's empty save the defaults, there is > also a child domain of US.companyX.com <http://us.companyx.com/> with > what appears to be the users from corporate. I've read several debates > regarding an empty root. Is there a consensus on yea vs. nay? > > Speaking of reading, and apologies for any offense, are you this Brian > Desmond? Active Directory: Designing, Deploying, and Running Active > Directory, Fourth Edition > -lc > > ------------------------------ > *From:* Brian Desmond <[email protected]> > *To:* NT System Admin Issues <[email protected]> > *Sent:* Thursday, April 12, 2012 2:16 PM > > *Subject:* RE: Domain local vs. global vs. universal > > *Well the impact is that all uni group membership changes replicate to > every GC. If you’ve got concerns around WAN utilization, availability, > latency, etc., then this could be worth looking at. In quite a lot of > scenarios, the WAN issues that existed circa Windows 2000 don’t exist > anymore which makes this a less interesting discussion point. Without > knowing about your customer’s environment and scale it’s hard to say.* > * * > *I would say that it’s highly unlikely that I would design a new > multi-domain forest except for some pretty isolated and specific design > requirements these days. * > * * > *Thanks,* > *Brian Desmond* > *[email protected]* > * * > *w – 312.625.1438 | c – 312.731.3132* > * * > *From:* Lora Cates [mailto:[email protected]] > *Sent:* Thursday, April 12, 2012 1:05 PM > > *To:* NT System Admin Issues > *Subject:* Re: Domain local vs. global vs. universal > > I too am looking into this for a coming migration I've been asked to > design for a customer. What's the impact to GC's by making everything > Universal Groups? Especially in a multi domain, multi forest environment? > > -lc > ------------------------------ > *From:* Brian Desmond <[email protected]> > > *To:* NT System Admin Issues <[email protected]> > *Sent:* Thursday, April 12, 2012 12:02 PM > > *Subject:* RE: Domain local vs. global vs. universal > > > *In a single domain forest (or even many multi-domain domain forests > today), I would just do all uni groups. * > * * > *Thanks,* > *Brian Desmond* > *[email protected]* > * * > *w – 312.625.1438 | c – 312.731.3132* > * * > *From:* David Lum [mailto:[email protected] <[email protected]>] > *Sent:* Thursday, April 12, 2012 11:28 AM > *To:* NT System Admin Issues > *Subject:* Domain local vs. global vs. universal > > Today I found a global group in my AD (created by an SE that wasn’t me), > but for this function I needed to add a domain local group to it and for > course, that’s not possible. Someplace I heard in AD pretty much every > group you use should be domain local unless it’s used for Exchange in which > case you use Universal. All groups I create are domain local and it simply > works, but I know that doesn’t mean it’s right. > > Before sending a note to the SE team on this I wanted to get a consensus > from you guys. Comments? > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
