Hi,
We need to restructure our AD domains from scratch and are wondering
what other districts are doing. Our primary DNS servers will stay on
Linux so they control the nsd.org domain and the. Currently we have
separate domains and forests (staff.nsd.org, academic.nsd.org,
proxydomain.nsd.org) with trusts between staff <=> proxydomain and
academic <=> proxydomain. We need to move to a single forest with a
toplevel and child domains (or just a single toplevel domain) for AD.
Our ideas are:
1. ad.nsd.org
Single top level domain for staff and students. We are concerned
because this will allow students to log into staff computers and see
resources in the entire domain. If you have a setup like this, have you
seen problems with students getting into machines/resources they should not?
2. ad.nsd.org with child domains sta.ad.nsd.org and stu.ad.nsd.org
This will separate out the staff and students to resolve the concerns of
option #1. We put the shared resources in the top level ad.nsd.org
domain. We just do not like the length of the path (e.g. sta.ad.nsd.org).
3. nsd top level domain with child domains sta.nsd and stu.nsd
We like the idea of a short path, but are concerned with how this would
affect DNS as now the AD domains are not subdomains of the main DNS
server. Anyone try something like this?
If you have any other ideas, comments, experiences, I would love to hear
about them.
cheers,
ski
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, [email protected], 206-501-9803
or ski98033 on most IM services
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
