| Author | Messages | |
AD000001290
Posts:0
 | | 10/03/2005 1:25 AM |
| I have encountered a situation where 4 forests exist today, all of which have a common DNS parent zone - let's call it xxx.com.
Forest 1 has root domain named xxx.com with multiple child domains
Forest 2 has root domain named ap.xxx.com with multiple child domains
Forest 3 has root domain named am.xxx.com with multiple child domains
Forest 4 has root domain named jp.xxx.com with no children
DNS resolution between the 4 forests works fine. Xxx.com is hosted on UNIX BIND servers with all child zones delegated to Windows DNS servers. All child zone DNS servers forward to the servers hosting xxx.com. Existing forests are w2k native and no trusts exist between these forests.
There is a proposal to build a new, fifth forest and to migrate all objects from the 4 forests above into this new forest.
Forest 5 will have root domain named global.xxx.com and 4 children - representing the 4 forests above.
Does anyone have any concerns over the re-use of the same DNS name - xxx.com? I feel uncomfortable with this proposal but don't have any technical reasons to block it.
Any comments?
Thanks,
neil
___________________________
Neil Ruston
Global Technology Infrastructure
Nomura International plc
Telephone: +44 (0) 20 7521 3481
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies. | | | |
| aricbernard
Posts:2
| | 10/03/2005 8:39 AM |
| Based on the configuration explained below,
there should be no problem.
Aric
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of neil.ruston@xxxxxxxxxxxxx
Sent: Monday, October 03, 2005
2:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multiple
forests with a common DNS parent zone
I
have encountered a situation where 4 forests exist today, all of which have a
common DNS parent zone - let's call it xxx.com.
Forest
1 has root domain named xxx.com with multiple child domains
Forest
2 has root domain named ap.xxx.com with multiple child domains
Forest
3 has root domain named am.xxx.com with multiple child domains
Forest
4 has root domain named jp.xxx.com with no children
DNS
resolution between the 4 forests works fine. Xxx.com is hosted on UNIX BIND
servers with all child zones delegated to Windows DNS servers. All child zone
DNS servers forward to the servers hosting xxx.com. Existing forests are w2k
native and no trusts exist between these forests.
There
is a proposal to build a new, fifth forest and to migrate all objects from the
4 forests above into this new forest.
Forest 5 will have root domain named
global.xxx.com and 4 children - representing the 4 forests above.
Does
anyone have any concerns over the re-use of the same DNS name - xxx.com? I feel
uncomfortable with this proposal but don't have any technical reasons to block
it.
Any
comments?
Thanks,
neil
___________________________
Neil Ruston
Global Technology Infrastructure
Nomura International plc
Telephone: +44 (0) 20 7521 3481
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an
intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless otherwise
stated
this email: (1) is not, and should not be treated or relied
upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc;
(3) is intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial
instruments. NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in
England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the
Nomura group of companies. | | | |
| ZJORZ
Posts:129
| | 10/03/2005 8:49 AM |
| For the information you have
posted I don't feel uncomfortable re-using the XXX.COM DNS name and building a
new forest root called GLOBAL.XXX.COM (assuming your internet presence is
XXX.COM). Isn't XXX the company's name?
In my opinion it is OK to
use:
* COMPANY.LOCAL for the forest
root if external is COMPANY.COM
* something like AD.COMPANY.COM
or GLOBAL.COMPANY.COM for the forest root if external is
COMPANY.COM
* something like
. if external is COMPANY.COM
It all depends on your DNS and
name resolution requirements
Well.... a few questions come up..
* What is/are the reasons of
existance for the multiple forests?
* Why do you want to create one
forest with multiple child domains? What is the purpose of the child
domains? Why not create a single domain forest?
* Do you trust everyone within
the new forest that is a domain admin?
* Why do you feel uncomfortable
with the proposal?
my EUR 0,02
Cheers
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
neil.ruston@xxxxxxxxxxxxxSent: Monday, October 03, 2005
11:30To: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir]
Multiple forests with a common DNS parent zone
I have encountered a situation where 4 forests exist
today, all of which have a common DNS parent zone - let's call it
xxx.com.
Forest 1 has root domain named xxx.com with multiple
child domains Forest 2 has root domain named
ap.xxx.com with multiple child domains Forest
3 has root domain named am.xxx.com with multiple child domains Forest 4 has root domain named jp.xxx.com with no
children
DNS resolution between the 4 forests works fine.
Xxx.com is hosted on UNIX BIND servers with all child zones delegated to Windows
DNS servers. All child zone DNS servers forward to the servers hosting xxx.com.
Existing forests are w2k native and no trusts exist between these
forests.
There is a proposal to build a new, fifth forest and
to migrate all objects from the 4 forests above into this new forest.
Forest 5 will have root domain named global.xxx.com
and 4 children - representing the 4 forests above.
Does anyone have any concerns over the re-use of the
same DNS name - xxx.com? I feel uncomfortable with this proposal but don't have
any technical reasons to block it.
Any comments?
Thanks, neil
___________________________ Neil Ruston Global Technology Infrastructure Nomura International plc Telephone: +44 (0) 20 7521 3481
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura International
plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence
of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought then
please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment research;
(2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or sell
securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT No.
447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
member of the Nomura group of companies.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. | | | |
| deji
Posts:150
| | 10/03/2005 10:35 AM |
| IF the NetBIOS names of the new root will NOT be the same as the old root, I
can not make a technical case against your migration plans. It should work.
But, if the NetBIOS names are going to be the same (maybe because your users
are too attached to that name, and you don't want to introduce too much
changes), then you can't do it the way you described it.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of
neil.ruston@xxxxxxxxxxxxx
Sent: Mon 10/3/2005 2:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multiple forests with a common DNS parent zone
I have encountered a situation where 4 forests exist today, all of which have
a common DNS parent zone - let's call it xxx.com.
Forest 1 has root domain named xxx.com with multiple child domains
Forest 2 has root domain named ap.xxx.com with multiple child domains
Forest 3 has root domain named am.xxx.com with multiple child domains
Forest 4 has root domain named jp.xxx.com with no children
DNS resolution between the 4 forests works fine. Xxx.com is hosted on UNIX
BIND servers with all child zones delegated to Windows DNS servers. All child
zone DNS servers forward to the servers hosting xxx.com. Existing forests are
w2k native and no trusts exist between these forests.
There is a proposal to build a new, fifth forest and to migrate all objects
from the 4 forests above into this new forest.
Forest 5 will have root domain named global.xxx.com and 4 children -
representing the 4 forests above.
Does anyone have any concerns over the re-use of the same DNS name - xxx.com?
I feel uncomfortable with this proposal but don't have any technical reasons
to block it.
Any comments?
Thanks,
neil
___________________________
Neil Ruston
Global Technology Infrastructure
Nomura International plc
Telephone: +44 (0) 20 7521 3481
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| milburnr
Posts:0
| | 10/04/2005 2:23 AM |
| Neil “
I™ve been there, for sure (probably
many here on this list have). What kind of Exchange structure are they
looking at? You™re really complicating things with multiple forests,
as you know I™m sure, but I™m also sure the political factors do
not understand the administrative costs related to it. As far as the DNS
domain name goes, I would put money on it that they think their email address
is dependent upon the domain address “ a lot of people have difficulty
with that common misconception.
Maybe some people here who have overcome
those political objections can share how they convinced their people? It
would be worth some work to avoid the mess you described¦ good luck J
Rich
---------------------------------------------------------------------------
Rich Milburn
MCSE, Microsoft MVP -
Directory Services
Sr Network Analyst, Field
Platform Development
Applebee's International,
Inc.
4551 W. 107th St
Overland Park, KS 66207
913-967-2819
---------------------------------------------------------------------------
"I am always doing
that which I can not do, in order that I may learn how to do it." - Pablo
Picasso
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of neil.ruston@xxxxxxxxxxxxx
Sent: Tuesday, October 04, 2005
2:41 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Multiple
forests with a common DNS parent zone
* What
is/are the reasons of existance for the multiple forests?
-
political reasons
* Why do
you want to create one forest with multiple child domains? What is the
purpose of the child domains? Why not create a single domain forest?
-
political reasons. As an architect I suggested one domain in one forest.
* Do you
trust everyone within the new forest that is a domain admin?
-
to be worked on :) Trust is a dirty word right now :)
* Why do
you feel uncomfortable with the proposal?
- I
never liked the idea of re-using the external DNS name for an internal AD and
was concerned that re-using the same 'root' could cause issues. I would
prefer a clean break from .com and ideally from xxx too. Maybe a compromise
would be to use xxx.net...
My
concerns were not based upon anything concrete and hence my question to the
list.
neil
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto, Jorge de
Sent: 03 October 2005 16:53
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Multiple
forests with a common DNS parent zone
For the
information you have posted I don't feel uncomfortable re-using the XXX.COM DNS
name and building a new forest root called GLOBAL.XXX.COM (assuming your
internet presence is XXX.COM). Isn't XXX the company's name?
In my
opinion it is OK to use:
*
COMPANY.LOCAL for the forest root if external is COMPANY.COM
*
something like AD.COMPANY.COM or GLOBAL.COMPANY.COM for the forest root
if external is COMPANY.COM
*
something like . if external is COMPANY.COM
It all
depends on your DNS and name resolution requirements
Well....
a few questions come up..
* What
is/are the reasons of existance for the multiple forests?
* Why do
you want to create one forest with multiple child domains? What is the
purpose of the child domains? Why not create a single domain forest?
* Do you
trust everyone within the new forest that is a domain admin?
* Why do
you feel uncomfortable with the proposal?
my EUR
0,02
Cheers
Jorge
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of neil.ruston@xxxxxxxxxxxxx
Sent: Monday, October 03, 2005
11:30
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multiple
forests with a common DNS parent zone
I
have encountered a situation where 4 forests exist today, all of which have a
common DNS parent zone - let's call it xxx.com.
Forest
1 has root domain named xxx.com with multiple child domains
Forest
2 has root domain named ap.xxx.com with multiple child domains
Forest
3 has root domain named am.xxx.com with multiple child domains
Forest
4 has root domain named jp.xxx.com with no children
DNS
resolution between the 4 forests works fine. Xxx.com is hosted on UNIX BIND
servers with all child zones delegated to Windows DNS servers. All child zone
DNS servers forward to the servers hosting xxx.com. Existing forests are w2k
native and no trusts exist between these forests.
There
is a proposal to build a new, fifth forest and to migrate all objects from the
4 forests above into this new forest.
Forest 5 will have root domain named
global.xxx.com and 4 children - representing the 4 forests above.
Does
anyone have any concerns over the re-use of the same DNS name - xxx.com? I feel
uncomfortable with this proposal but don't have any technical reasons to block
it.
Any
comments?
Thanks,
neil
___________________________
Neil Ruston
Global Technology Infrastructure
Nomura International plc
Telephone: +44 (0) 20 7521 3481
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an
intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless
otherwise stated
this email: (1) is not, and should not be treated or relied
upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc;
(3) is intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial
instruments. NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in
England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the
Nomura group of companies.
This e-mail and any attachment is for
authorised use by the intended recipient(s) only. It may contain proprietary
material, confidential information and/or be subject to legal privilege. It
should not be copied, disclosed to, retained or used by, any other party. If
you are not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
PLEASE READ: The information contained in this email is
confidential and
intended for the named recipient(s) only. If you are not an
intended
recipient of this email please notify the sender immediately
and delete your
copy from your system. You must not copy, distribute or take
any further
action in reliance on it. Email is not a secure method of
communication and
Nomura International plc ('NIplc') will not, to the extent
permitted by law,
accept responsibility or liability for (a) the accuracy or
completeness of,
or (b) the presence of any virus, worm or similar malicious
or disabling
code in, this message or any attachment(s) to it. If
verification of this
email is sought then please request a hard copy. Unless
otherwise stated
this email: (1) is not, and should not be treated or relied
upon as,
investment research; (2) contains views or opinions that are
solely those of
the author and do not necessarily represent those of NIplc;
(3) is intended
for informational purposes only and is not a recommendation,
solicitation or
offer to buy or sell securities or related financial
instruments. NIplc
does not provide investment services to private customers.
Authorised and
regulated by the Financial Services Authority. Registered in
England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the
Nomura group of companies.
-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------
PRIVILEGED /
CONFIDENTIAL INFORMATION may be contained in this message or any attachments.
This information is strictly confidential and may be subject to attorney-client
privilege. This message is intended only for the use of the named addressee. If
you are not the intended recipient of this message, unauthorized forwarding,
printing, copying, distribution, or using such information is strictly
prohibited and may be unlawful. If you have received this in error, you should
kindly notify the sender by reply e-mail and immediately destroy this message.
Unauthorized interception of this e-mail is a violation of federal criminal law.
Applebee's International, Inc. reserves the right to monitor and review the
content of all messages sent to and from this e-mail address. Messages sent to
or from this e-mail address may be stored on the Applebee's International, Inc.
e-mail system. | | | |
| AD000001290
Posts:0
| | 10/04/2005 2:53 AM |
| Rich,
Maybe I didn't describe the *proposed* structure well
enough - one forest (and one exch org).
There are 4 forests today but the plan is to 'collapse'
into 1 forest.
I've
also been here many times before - believe me I've argued the political battle
over and over and expressed concerns regarding admin costs and issues etc etc.
However, when people are used to managing a whole forest, they don't want to
have to migrate to an OU and lose all their rights over night. I'm with you and
others and don't feel comfortable with this but that's the
compromise.
Sometimes an architect has to bite his/her lip and allow the political
argument to trump the technical argument - especially if that is the only
way to find a compromise and hence solution :)
Thanks,
neil
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Rich
MilburnSent: 04 October 2005 15:05To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Multiple forests
with a common DNS parent zone
Neil “
I™ve been there, for
sure (probably many here on this list have). What kind of Exchange
structure are they looking at? You™re really complicating things with
multiple forests, as you know I™m sure, but I™m also sure the political factors
do not understand the administrative costs related to it. As far as the
DNS domain name goes, I would put money on it that they think their email
address is dependent upon the domain address “ a lot of people have difficulty
with that common misconception.
Maybe some people here
who have overcome those political objections can share how they convinced their
people? It would be worth some work to avoid the mess you described¦ good
luck J
Rich
---------------------------------------------------------------------------Rich
MilburnMCSE, Microsoft MVP -
Directory ServicesSr
Network Analyst, Field Platform DevelopmentApplebee's
International, Inc.4551
W. 107th
StOverland
Park,
KS 66207913-967-2819---------------------------------------------------------------------------"I am always doing
that which I can not do, in order that I may learn how to do it." - Pablo
Picasso
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of
neil.ruston@xxxxxxxxxxxxxSent: Tuesday, October 04, 2005 2:41
AMTo: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Multiple forests
with a common DNS parent zone
* What
is/are the reasons of existance for the multiple forests?
-
political reasons
* Why
do you want to create one forest with multiple child domains? What is the
purpose of the child domains? Why not create a single domain
forest?
-
political reasons. As an architect I suggested one domain in one
forest.
* Do
you trust everyone within the new forest that is a domain
admin?
-
to be worked on :) Trust is a dirty word right now :)
* Why
do you feel uncomfortable with the proposal?
-
I never liked the idea of re-using the external DNS name for an internal AD and
was concerned that re-using the same 'root' could cause issues. I would
prefer a clean break from .com and ideally from xxx too. Maybe a compromise
would be to use xxx.net...
My
concerns were not based upon anything concrete and hence my question to the
list.
neil
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Almeida Pinto, Jorge
deSent: 03 October 2005
16:53To: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Multiple forests
with a common DNS parent zone
For the
information you have posted I don't feel uncomfortable re-using the XXX.COM DNS
name and building a new forest root called GLOBAL.XXX.COM (assuming your
internet presence is XXX.COM). Isn't XXX the company's
name?
In my
opinion it is OK to use:
*
COMPANY.LOCAL for the forest root if external is
COMPANY.COM
*
something like AD.COMPANY.COM or GLOBAL.COMPANY.COM for the forest root if
external is COMPANY.COM
*
something like . if external is
COMPANY.COM
It all
depends on your DNS and name resolution
requirements
Well....
a few questions come up..
* What
is/are the reasons of existance for the multiple
forests?
* Why
do you want to create one forest with multiple child domains? What is the
purpose of the child domains? Why not create a single domain
forest?
* Do
you trust everyone within the new forest that is a domain
admin?
* Why
do you feel uncomfortable with the proposal?
my EUR
0,02
Cheers
Jorge
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of
neil.ruston@xxxxxxxxxxxxxSent: Monday, October 03, 2005
11:30To: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir] Multiple forests with
a common DNS parent zone
I
have encountered a situation where 4 forests exist today, all of which have a
common DNS parent zone - let's call it xxx.com.
Forest 1 has root domain named
xxx.com with multiple child domains Forest 2 has root
domain named ap.xxx.com with multiple child domains Forest 3 has
root domain named am.xxx.com with multiple child domains Forest 4 has
root domain named jp.xxx.com with no children
DNS
resolution between the 4 forests works fine. Xxx.com is hosted on UNIX BIND
servers with all child zones delegated to Windows DNS servers. All child zone
DNS servers forward to the servers hosting xxx.com. Existing forests are w2k
native and no trusts exist between these forests.
There is a proposal to build a new,
fifth forest and to migrate all objects from the 4 forests above into this new
forest.
Forest 5 will have
root domain named global.xxx.com and 4 children - representing the 4 forests
above.
Does anyone have any concerns over
the re-use of the same DNS name - xxx.com? I feel uncomfortable with this
proposal but don't have any technical reasons to block
it.
Any
comments?
Thanks, neil
___________________________
Neil
Ruston Global Technology
Infrastructure Nomura International
plc Telephone: +44 (0) 20
7521 3481
PLEASE READ: The information
contained in this email is confidential and
intended for the named recipient(s)
only. If you are not an intended
recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further
action in reliance on it. Email is
not a secure method of communication and
Nomura International plc ('NIplc')
will not, to the extent permitted by law,
accept responsibility or liability
for (a) the accuracy or completeness of,
or (b) the presence of any virus,
worm or similar malicious or disabling
code in, this message or any
attachment(s) to it. If verification of this
email is sought then please request
a hard copy. Unless otherwise stated
this email: (1) is not, and should
not be treated or relied upon as,
investment research; (2) contains
views or opinions that are solely those of
the author and do not necessarily
represent those of NIplc; (3) is intended
for informational purposes only and
is not a recommendation, solicitation or
offer to buy or sell securities or
related financial instruments. NIplc
does not provide investment services
to private customers. Authorised and
regulated by the Financial Services
Authority. Registered in England
no. 1550505 VAT No. 447 2492 35.
Registered Office: 1 St Martin's-le-Grand,
London,
EC1A
4NP. A member of the Nomura group of
companies.
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete
this e-mail and any attachment and all copies and inform the sender. Thank
you.
PLEASE READ: The information
contained in this email is confidential and
intended for the named recipient(s)
only. If you are not an intended
recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further
action in reliance on it. Email is
not a secure method of communication and
Nomura International plc ('NIplc')
will not, to the extent permitted by law,
accept responsibility or liability
for (a) the accuracy or completeness of,
or (b) the presence of any virus,
worm or similar malicious or disabling
code in, this message or any
attachment(s) to it. If verification of this
email is sought then please request
a hard copy. Unless otherwise stated
this email: (1) is not, and should
not be treated or relied upon as,
investment research; (2) contains
views or opinions that are solely those of
the author and do not necessarily
represent those of NIplc; (3) is intended
for informational purposes only and
is not a recommendation, solicitation or
offer to buy or sell securities or
related financial instruments. NIplc
does not provide investment services
to private customers. Authorised and
regulated by the Financial Services
Authority. Registered in England
no. 1550505 VAT No. 447 2492 35.
Registered Office: 1 St Martin's-le-Grand,
London,
EC1A
4NP. A member of the Nomura group of
companies.
-------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE-------
PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or
any attachments. This information is strictly confidential and may be subject to
attorney-client privilege. This message is intended only for the use of the
named addressee. If you are not the intended recipient of this message,
unauthorized forwarding, printing, copying, distribution, or using such
information is strictly prohibited and may be unlawful. If you have received
this in error, you should kindly notify the sender by reply e-mail and
immediately destroy this message. Unauthorized interception of this e-mail is a
violation of federal criminal law. Applebee's International, Inc. reserves the
right to monitor and review the content of all messages sent to and from this
e-mail address. Messages sent to or from this e-mail address may be stored on
the Applebee's International, Inc. e-mail system.
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies. | | | |
| AD000001290
Posts:0
| | 10/04/2005 7:44 AM |
| * What is/are the reasons of
existance for the multiple forests?
- political reasons
* Why do you want to create one
forest with multiple child domains? What is the purpose of the child
domains? Why not create a single domain forest?
- political reasons. As an architect I suggested one domain in one
forest.
* Do you trust everyone within
the new forest that is a domain admin?
- to be worked on :) Trust is a dirty word right now
:)
* Why do you feel uncomfortable
with the proposal?
- I never liked the idea of re-using the external DNS name for an
internal AD and was concerned that re-using the same 'root' could cause
issues. I would prefer a clean break from .com and ideally from xxx too.
Maybe a compromise would be to use xxx.net...
My concerns were not based upon anything concrete and hence my question
to the list.
neil
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Almeida Pinto,
Jorge deSent: 03 October 2005 16:53To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: RE: [ActiveDir] Multiple forests
with a common DNS parent zone
For the information you have
posted I don't feel uncomfortable re-using the XXX.COM DNS name and building a
new forest root called GLOBAL.XXX.COM (assuming your internet presence is
XXX.COM). Isn't XXX the company's name?
In my opinion it is OK to
use:
* COMPANY.LOCAL for the forest
root if external is COMPANY.COM
* something like AD.COMPANY.COM
or GLOBAL.COMPANY.COM for the forest root if external is
COMPANY.COM
* something like
. if external is COMPANY.COM
It all depends on your DNS and
name resolution requirements
Well.... a few questions come up..
* What is/are the reasons of
existance for the multiple forests?
* Why do you want to create one
forest with multiple child domains? What is the purpose of the child
domains? Why not create a single domain forest?
* Do you trust everyone within
the new forest that is a domain admin?
* Why do you feel uncomfortable
with the proposal?
my EUR 0,02
Cheers
Jorge
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of
neil.ruston@xxxxxxxxxxxxxSent: Monday, October 03, 2005
11:30To: ActiveDir@xxxxxxxxxxxxxxxxxxSubject: [ActiveDir]
Multiple forests with a common DNS parent zone
I have encountered a situation where 4 forests exist
today, all of which have a common DNS parent zone - let's call it
xxx.com.
Forest 1 has root domain named xxx.com with multiple
child domains Forest 2 has root domain named
ap.xxx.com with multiple child domains Forest
3 has root domain named am.xxx.com with multiple child domains Forest 4 has root domain named jp.xxx.com with no
children
DNS resolution between the 4 forests works fine.
Xxx.com is hosted on UNIX BIND servers with all child zones delegated to Windows
DNS servers. All child zone DNS servers forward to the servers hosting xxx.com.
Existing forests are w2k native and no trusts exist between these
forests.
There is a proposal to build a new, fifth forest and
to migrate all objects from the 4 forests above into this new forest.
Forest 5 will have root domain named global.xxx.com
and 4 children - representing the 4 forests above.
Does anyone have any concerns over the re-use of the
same DNS name - xxx.com? I feel uncomfortable with this proposal but don't have
any technical reasons to block it.
Any comments?
Thanks, neil
___________________________ Neil Ruston Global Technology Infrastructure Nomura International plc Telephone: +44 (0) 20 7521 3481
PLEASE READ: The
information contained in this email is confidential and
intended for the
named recipient(s) only. If you are not an intended
recipient of this
email please notify the sender immediately and delete your
copy from your
system. You must not copy, distribute or take any further
action in reliance
on it. Email is not a secure method of communication and
Nomura International
plc ('NIplc') will not, to the extent permitted by law,
accept
responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence
of any virus, worm or similar malicious or disabling
code in, this
message or any attachment(s) to it. If verification of this
email is sought then
please request a hard copy. Unless otherwise stated
this email: (1) is
not, and should not be treated or relied upon as,
investment research;
(2) contains views or opinions that are solely those of
the author and do
not necessarily represent those of NIplc; (3) is intended
for informational
purposes only and is not a recommendation, solicitation or
offer to buy or sell
securities or related financial instruments. NIplc
does not provide
investment services to private customers. Authorised and
regulated by the
Financial Services Authority. Registered in England
no. 1550505 VAT No.
447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A
member of the Nomura group of companies.
This e-mail and any
attachment is for authorised use by the intended recipient(s) only. It may
contain proprietary material, confidential information and/or be subject to
legal privilege. It should not be copied, disclosed to, retained or used by, any
other party. If you are not an intended recipient then please promptly delete
this e-mail and any attachment and all copies and inform the sender. Thank
you.PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies. | | | |
| ActiveDirectory@xxxx.yyy
| | 10/05/2005 2:07 AM |
| Also, if your Forests are all Native 2003 domains you might look into their consolidation features. Since none of your names overlap and the zones are the same you may have better luck. I don't know the details as I've never done it myself, but it is theoretically possible to merge them together.
-----Original Message-----
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx
Sent: Monday, October 03, 2005 2:22 PM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: RE: [ActiveDir] Multiple forests with a common DNS parent zone
IF the NetBIOS names of the new root will NOT be the same as the old root, I can not make a technical case against your migration plans. It should work.
But, if the NetBIOS names are going to be the same (maybe because your users are too attached to that name, and you don't want to introduce too much changes), then you can't do it the way you described it.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of neil.ruston@xxxxxxxxxxxxx
Sent: Mon 10/3/2005 2:30 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] Multiple forests with a common DNS parent zone
I have encountered a situation where 4 forests exist today, all of which have a common DNS parent zone - let's call it xxx.com.
Forest 1 has root domain named xxx.com with multiple child domains Forest 2 has root domain named ap.xxx.com with multiple child domains Forest 3 has root domain named am.xxx.com with multiple child domains Forest 4 has root domain named jp.xxx.com with no children
DNS resolution between the 4 forests works fine. Xxx.com is hosted on UNIX BIND servers with all child zones delegated to Windows DNS servers. All child zone DNS servers forward to the servers hosting xxx.com. Existing forests are w2k native and no trusts exist between these forests.
There is a proposal to build a new, fifth forest and to migrate all objects from the 4 forests above into this new forest.
Forest 5 will have root domain named global.xxx.com and 4 children - representing the 4 forests above.
Does anyone have any concerns over the re-use of the same DNS name - xxx.com?
I feel uncomfortable with this proposal but don't have any technical reasons to block it.
Any comments?
Thanks,
neil
___________________________
Neil Ruston
Global Technology Infrastructure
Nomura International plc
Telephone: +44 (0) 20 7521 3481
PLEASE READ: The information contained in this email is confidential and
intended for the named recipient(s) only. If you are not an intended
recipient of this email please notify the sender immediately and delete your
copy from your system. You must not copy, distribute or take any further
action in reliance on it. Email is not a secure method of communication and
Nomura International plc ('NIplc') will not, to the extent permitted by law,
accept responsibility or liability for (a) the accuracy or completeness of,
or (b) the presence of any virus, worm or similar malicious or disabling
code in, this message or any attachment(s) to it. If verification of this
email is sought then please request a hard copy. Unless otherwise stated
this email: (1) is not, and should not be treated or relied upon as,
investment research; (2) contains views or opinions that are solely those of
the author and do not necessarily represent those of NIplc; (3) is intended
for informational purposes only and is not a recommendation, solicitation or
offer to buy or sell securities or related financial instruments. NIplc
does not provide investment services to private customers. Authorised and
regulated by the Financial Services Authority. Registered in England
no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand,
London, EC1A 4NP. A member of the Nomura group of companies.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| prenouf
Posts:1
| | 10/05/2005 2:21 AM |
| | Message body was not found. | | | |
|
|