Ah, found you. http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/43510/view/topic/Default.aspx
-lc >________________________________ > From: Lora Cates <[email protected]> >To: NT System Admin Issues <[email protected]> >Sent: Thursday, April 12, 2012 4:40 PM >Subject: Re: Domain local vs. global vs. universal > > >So I take it you lost? :) What, dare I ask, was your position on said matter >in the arena? > >-lc > > >>________________________________ >> From: William Robbins <[email protected]> >>To: NT System Admin Issues <[email protected]> >>Sent: Thursday, April 12, 2012 3:45 PM >>Subject: Re: Domain local vs. global vs. universal >> >> >>I'm not entering into the "empty root" arena again. :) I will answer the >>last query. He is that Brian Desmond...which is why I shan't enter that >>arena again. >> >> - Will >> >> >> >> >> >> >> >> >>On Thu, Apr 12, 2012 at 15:08, Lora Cates <[email protected]> wrote: >> >>Well I've inherited what I'll kindly refer to as a "mess." I'm still in the >>information gathering phase myself as I haven't quite been here 12 days yet, >>and only found this list recently. So I'll apologize in advance for my faux >>pas. >>> >>> >>>Basically I was hired to consolidate a plethora of disparate AD >>>domains/forests in several geographically dispersed hospital groups into a >>>single forest. I still haven't met with the networking folks, so I don't >>>know what shape the WAN is in. My predecessor went so far as to set up the >>>CompanyX.com parent domain and it's empty save the defaults, there is also a >>>child domain of US.companyX.com with what appears to be the users from >>>corporate. I've read several debates regarding an empty root. Is there a >>>consensus on yea vs. nay? >>> >>> >>>Speaking of reading, and apologies for any offense, are you this Brian >>>Desmond? Active Directory: Designing, Deploying, and Running Active >>>Directory, Fourth Edition >>>-lc >>> >>> >>>>________________________________ >>>> From: Brian Desmond <[email protected]> >>>> >>>>To: NT System Admin Issues <[email protected]> >>>>Sent: Thursday, April 12, 2012 2:16 PM >>>> >>>>Subject: RE: Domain local vs. global vs. universal >>>> >>>> >>>>Well the impact is that all uni group membership changes replicate to every >>>>GC. If you’ve got concerns around WAN utilization, availability, latency, >>>>etc., then this could be worth looking at. In quite a lot of scenarios, the >>>>WAN issues that existed circa Windows 2000 don’t exist anymore which makes >>>>this a less interesting discussion point. Without knowing about your >>>>customer’s environment and scale it’s hard to say. >>>> >>>>I would say that it’s highly unlikely that I would design a new >>>>multi-domain forest except for some pretty isolated and specific design >>>>requirements these days. >>>> >>>>Thanks, >>>>Brian Desmond >>>>[email protected] >>>> >>>>w – 312.625.1438 | c – 312.731.3132 >>>> >>>>From:Lora Cates [mailto:[email protected]] >>>>Sent: Thursday, April 12, 2012 1:05 PM >>>> >>>>To: NT System Admin Issues >>>> >>>>Subject: Re: Domain local vs. global vs. universal >>>> >>>>I too am looking into this for a coming migration I've been asked to design >>>>for a customer. What's the impact to GC's by making everything Universal >>>>Groups? Especially in a multi domain, multi forest environment? >>>> >>>>-lc >>>> >>>>________________________________ >>>> >>>>From:Brian Desmond <[email protected]> >>>> >>>>To: NT System Admin Issues <[email protected]> >>>>Sent: Thursday, April 12, 2012 12:02 PM >>>> >>>>Subject: RE: Domain local vs. global vs. universal >>>> >>>> >>>> >>>>In a single domain forest (or even many multi-domain domain forests today), >>>>I would just do all uni groups. >>>> >>>>Thanks, >>>>Brian Desmond >>>>[email protected] >>>> >>>>w – 312.625.1438 | c – 312.731.3132 >>>> >>>>From:David Lum [mailto:[email protected]] >>>>Sent: Thursday, April 12, 2012 11:28 AM >>>>To: NT System Admin Issues >>>>Subject: Domain local vs. global vs. universal >>>> >>>>Today I found a global group in my AD (created by an SE that wasn’t me), >>>>but for this function I needed to add a domain local group to it and for >>>>course, that’s not possible. Someplace I heard in AD pretty much every >>>>group you use should be domain local unless it’s used for Exchange in which >>>>case you use Universal. All groups I create are domain local and it simply >>>>works, but I know that doesn’t mean it’s right. >>>> >>>>Before sending a note to the SE team on this I wanted to get a consensus >>>>from you guys. Comments? >>>>David Lum >>>>Systems Engineer //NWEATM >>>>Office 503.548.5229//Cell (voice/text) 503.267.9764 >>>> >>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>>--- >>>>To manage subscriptions click here: >>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>or send an email to [email protected] >>>>with the body: unsubscribe ntsysadmin >>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>>--- >>>>To manage subscriptions click here: >>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>or send an email to [email protected] >>>>with the body: unsubscribe ntsysadmin >>>> >>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>>--- >>>>To manage subscriptions click here: >>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>or send an email to [email protected] >>>>with the body: unsubscribe ntsysadmin >>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>>--- >>>>To manage subscriptions click here: >>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>or send an email to [email protected] >>>>with the body: unsubscribe ntsysadmin >>>> >>>> >>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>>--- >>>To manage subscriptions click here: >>>http://lyris.sunbelt-software.com/read/my_forums/ >>>or send an email to [email protected] >>>with the body: unsubscribe ntsysadmin >> >>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>--- >>To manage subscriptions click here: >>http://lyris.sunbelt-software.com/read/my_forums/ >>or send an email to [email protected] >>with the body: unsubscribe ntsysadmin >> >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
