She's a quick study. John W. Cook Systems Administrator Partnership for Strong Families
From: William Robbins [mailto:[email protected]] Sent: Thursday, April 12, 2012 06:54 PM To: NT System Admin Issues <[email protected]> Subject: Re: Domain local vs. global vs. universal Wow... First you don't read the articles I send, now you infer I'm a loser? Harsh. :) - Will On Thu, Apr 12, 2012 at 16:40, Lora Cates <[email protected]<mailto:[email protected]>> wrote: So I take it you lost? :) What, dare I ask, was your position on said matter in the arena? -lc ________________________________ From: William Robbins <[email protected]<mailto:[email protected]>> To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Sent: Thursday, April 12, 2012 3:45 PM Subject: Re: Domain local vs. global vs. universal I'm not entering into the "empty root" arena again. :) I will answer the last query. He is that Brian Desmond...which is why I shan't enter that arena again. - Will On Thu, Apr 12, 2012 at 15:08, Lora Cates <[email protected]<mailto:[email protected]>> wrote: Well I've inherited what I'll kindly refer to as a "mess." I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.com<http://CompanyX.com> parent domain and it's empty save the defaults, there is also a child domain of US.companyX.com<http://US.companyX.com> with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc ________________________________ From: Brian Desmond <[email protected]<mailto:[email protected]>> To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you’ve got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don’t exist anymore which makes this a less interesting discussion point. Without knowing about your customer’s environment and scale it’s hard to say. I would say that it’s highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond [email protected]<mailto:[email protected]> w – 312.625.1438 | c – 312.731.3132 From: Lora Cates [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc ________________________________ From: Brian Desmond <[email protected]<mailto:[email protected]>> To: NT System Admin Issues <[email protected]<mailto:[email protected]>> Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond [email protected]<mailto:[email protected]> w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:[email protected]] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ________________________________ CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
