What's the collective wisdom these days regarding the justification of deploying multiple domains as a means of limiting replication traffic? I have an instance here where every part of me wants to suggest a single forest/domain as the optimum solution, but a couple of other admins are pushing for multiple domains purely with the justification of controlling AD object replication. The AD will be a completely new implementation based on Win 2008 R2, there are about 8 countries in scope, but all have extremely good/fast MPLS WAN links between them. There are currently only about 1200 users in total, and Exchange 2010 will be going in as well.
I'm proposing a single domain, with multiple AD sites, as there's no other good reason for over-complicating the design with additional domains, i.e. none of the traditional justifications for adding additional domains apply in this case.. Plus I believe at least some of the traditional justifications no longer apply in W2008 anyway do they? - things like needing domains for the purpose of applying differing password policies for example, now that we have the new granular password policy ... Can anyone point me in the direction of some best practice design guidelines that would cast some light on these questions? - it's been a few years since I was last "properly" involved in AD design, so I'm conscious that things have moved on in the AD world, and I probably need to take up-to-date information into consideration.. Many thanks. Paul Gordon ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
