I can empathize with being set in your ways. That aside, do you still prefer the empty root for technical reasons? -lc
>________________________________ > From: William Robbins <[email protected]> >To: NT System Admin Issues <[email protected]> >Sent: Thursday, April 12, 2012 6:41 PM >Subject: Re: Domain local vs. global vs. universal > > >Yeah, that's me. I was referring to a faux pas of my own on this list though. > No losers in either discussion, I do try to be reasonable and open to other's >perspectives. Like I said it depends on the situation and requirements for >where you are. I still prefer an empty root, most do not. > > >But I'm old and set in my ways. :P > > - Will > > > > > > >On Thu, Apr 12, 2012 at 17:20, Lora Cates <[email protected]> wrote: > >Ah, found you. >> >> >>http://www.activedir.org/ListArchives/tabid/55/forumid/1/postid/43510/view/topic/Default.aspx >> >> >>-lc >> >> >>>________________________________ >>> From: Lora Cates <[email protected]> >>> >>>To: NT System Admin Issues <[email protected]> >>>Sent: Thursday, April 12, 2012 4:40 PM >>> >>>Subject: Re: Domain local vs. global vs. universal >>> >>> >>> >>>So I take it you lost? :) What, dare I ask, was your position on said >>>matter in the arena? >>> >>>-lc >>> >>> >>>>________________________________ >>>> From: William Robbins <[email protected]> >>>>To: NT System Admin Issues <[email protected]> >>>>Sent: Thursday, April 12, 2012 3:45 PM >>>>Subject: Re: Domain local vs. global vs. universal >>>> >>>> >>>>I'm not entering into the "empty root" arena again. :) I will answer the >>>>last query. He is that Brian Desmond...which is why I shan't enter that >>>>arena again. >>>> >>>> - Will >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>On Thu, Apr 12, 2012 at 15:08, Lora Cates <[email protected]> wrote: >>>> >>>>Well I've inherited what I'll kindly refer to as a "mess." I'm still in >>>>the information gathering phase myself as I haven't quite been here 12 days >>>>yet, and only found this list recently. So I'll apologize in advance for >>>>my faux pas. >>>>> >>>>> >>>>>Basically I was hired to consolidate a plethora of disparate AD >>>>>domains/forests in several geographically dispersed hospital groups into a >>>>>single forest. I still haven't met with the networking folks, so I don't >>>>>know what shape the WAN is in. My predecessor went so far as to set up >>>>>the CompanyX.com parent domain and it's empty save the defaults, there is >>>>>also a child domain of US.companyX.com with what appears to be the users >>>>>from corporate. I've read several debates regarding an empty root. Is >>>>>there a consensus on yea vs. nay? >>>>> >>>>> >>>>>Speaking of reading, and apologies for any offense, are you this Brian >>>>>Desmond? Active Directory: Designing, Deploying, and Running Active >>>>>Directory, Fourth Edition >>>>>-lc >>>>> >>>>> >>>>>>________________________________ >>>>>> From: Brian Desmond <[email protected]> >>>>>> >>>>>>To: NT System Admin Issues <[email protected]> >>>>>>Sent: Thursday, April 12, 2012 2:16 PM >>>>>> >>>>>>Subject: RE: Domain local vs. global vs. universal >>>>>> >>>>>> >>>>>>Well the impact is that all uni group membership changes replicate to >>>>>>every GC. If you’ve got concerns around WAN utilization, availability, >>>>>>latency, etc., then this could be worth looking at. In quite a lot of >>>>>>scenarios, the WAN issues that existed circa Windows 2000 don’t exist >>>>>>anymore which makes this a less interesting discussion point. Without >>>>>>knowing about your customer’s environment and scale it’s hard to say. >>>>>> >>>>>>I would say that it’s highly unlikely that I would design a new >>>>>>multi-domain forest except for some pretty isolated and specific design >>>>>>requirements these days. >>>>>> >>>>>>Thanks, >>>>>>Brian Desmond >>>>>>[email protected] >>>>>> >>>>>>w – 312.625.1438 | c – 312.731.3132 >>>>>> >>>>>>From:Lora Cates [mailto:[email protected]] >>>>>>Sent: Thursday, April 12, 2012 1:05 PM >>>>>> >>>>>>To: NT System Admin Issues >>>>>> >>>>>>Subject: Re: Domain local vs. global vs. universal >>>>>> >>>>>>I too am looking into this for a coming migration I've been asked to >>>>>>design for a customer. What's the impact to GC's by making everything >>>>>>Universal Groups? Especially in a multi domain, multi forest environment? >>>>>> >>>>>>-lc >>>>>> >>>>>>________________________________ >>>>>> >>>>>>From:Brian Desmond <[email protected]> >>>>>> >>>>>>To: NT System Admin Issues <[email protected]> >>>>>>Sent: Thursday, April 12, 2012 12:02 PM >>>>>> >>>>>>Subject: RE: Domain local vs. global vs. universal >>>>>> >>>>>> >>>>>> >>>>>>In a single domain forest (or even many multi-domain domain forests >>>>>>today), I would just do all uni groups. >>>>>> >>>>>>Thanks, >>>>>>Brian Desmond >>>>>>[email protected] >>>>>> >>>>>>w – 312.625.1438 | c – 312.731.3132 >>>>>> >>>>>>From:David Lum [mailto:[email protected]] >>>>>>Sent: Thursday, April 12, 2012 11:28 AM >>>>>>To: NT System Admin Issues >>>>>>Subject: Domain local vs. global vs. universal >>>>>> >>>>>>Today I found a global group in my AD (created by an SE that wasn’t me), >>>>>>but for this function I needed to add a domain local group to it and for >>>>>>course, that’s not possible. Someplace I heard in AD pretty much every >>>>>>group you use should be domain local unless it’s used for Exchange in >>>>>>which case you use Universal. All groups I create are domain local and >>>>>>it simply works, but I know that doesn’t mean it’s right. >>>>>> >>>>>>Before sending a note to the SE team on this I wanted to get a consensus >>>>>>from you guys. Comments? >>>>>>David Lum >>>>>>Systems Engineer //NWEATM >>>>>>Office 503.548.5229//Cell (voice/text) 503.267.9764 >>>>>> >>>>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>>> >>>>>>--- >>>>>>To manage subscriptions click here: >>>>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>>>or send an email to [email protected] >>>>>>with the body: unsubscribe ntsysadmin >>>>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>>> >>>>>>--- >>>>>>To manage subscriptions click here: >>>>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>>>or send an email to [email protected] >>>>>>with the body: unsubscribe ntsysadmin >>>>>> >>>>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>>> >>>>>>--- >>>>>>To manage subscriptions click here: >>>>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>>>or send an email to [email protected] >>>>>>with the body: unsubscribe ntsysadmin >>>>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>>> >>>>>>--- >>>>>>To manage subscriptions click here: >>>>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>>>or send an email to [email protected] >>>>>>with the body: unsubscribe ntsysadmin >>>>>> >>>>>> >>>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>>> >>>>>--- >>>>>To manage subscriptions click here: >>>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>>or send an email to [email protected] >>>>>with the body: unsubscribe ntsysadmin >>>> >>>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>>> >>>>--- >>>>To manage subscriptions click here: >>>>http://lyris.sunbelt-software.com/read/my_forums/ >>>>or send an email to [email protected] >>>>with the body: unsubscribe ntsysadmin >>>> >>>> >>> >>> >>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>--- >>To manage subscriptions click here: >>http://lyris.sunbelt-software.com/read/my_forums/ >>or send an email to [email protected] >>with the body: unsubscribe ntsysadmin > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
