| Author | Messages | |
rmscheck
Posts:53
 | | 07/16/2008 9:40 PM |
| Hey folks,
My place is looking to open a small office in China, possibly Kowloon (manufacturing) and are asking us what restrictions most organizations run into when extending their Active Directory and Windows environment to international soil such as this... Can anyone point me in the right direction?
What are the technical and legal aspects that we need to be aware of?
Thanks.
| | | |
| danholme
Posts:127
| | 07/16/2008 9:45 PM |
| Same here. Heading to one of those clients on Saturday, in fact.
What I've found is that each client is different in the way they
interpret & implement laws & regulations about this stuff (very much
like HIPAA/SOX/etc.) Your lawyers do, as brian suggest, need to be the
driver of requirements. It's not a technical thing-it's a legal thing.
Your legal needs to provide the opinion then be ready to stand behind
it. You could get all the technical advice in the world and be "hosed"
still, if your legal isn't thoroughly on board with the
business/information security choices you've made.
Plan on lots of security-that's for sure-if you're extending your
network overseas and particularly to PRC. Encryption, IPSec, domain
isolation, RODCs, NAP... do as much as you can. You might even consider
a separate forest + ADFS. I'm just gonna leave it at that for now... do
it!!!!
Dan
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Tuesday, June 24, 2008 3:45 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Overseas
Ask your lawyers. I haven't a clue what the laws are there. I have
customers with numerous DCs in China though and lots of info in their
AD.
--brian
On Tue, Jun 24, 2008 at 8:41 PM, Rand Salazar <rmscheck@yahoo.com>
wrote:
Hey folks,
My place is looking to open a small office in China, possibly Kowloon
(manufacturing) and are asking us what restrictions most organizations
run into when extending their Active Directory and Windows environment
to international soil such as this... Can anyone point me in the right
direction?
What are the technical and legal aspects that we need to be aware of?
Thanks.
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| robertsingers
Posts:143
| | 07/16/2008 9:45 PM |
| Hi my memories from working for the evil empire was that China was
difficult from a networking perspective, especially all the "gifts" that
were required to get work done, but France was the only serious issue
when it came to "exporting data". (Apart from Americans not being able
to come to grips with someone in NZST heh). Your lawyers should be able
to help with any Export Compliance or Privacy issues.
We used Singaporean Chinese students in the AIESEC programme to do the
actual implementation to get around the language and cultural barriers
in China. That worked well and I'm still in touch with one of them
today.
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Wednesday, 25 June 2008 1:42 p.m.
To: Active Dir
Subject: [ActiveDir] AD Overseas
Hey folks,
My place is looking to open a small office in China, possibly Kowloon
(manufacturing) and are asking us what restrictions most organizations
run into when extending their Active Directory and Windows environment
to international soil such as this... Can anyone point me in the right
direction?
What are the technical and legal aspects that we need to be aware of?
Thanks.
________________________________
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal
________________________________
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
| | | |
| bdesmond
Posts:347
| | 07/16/2008 9:45 PM |
| I've worked with a number of large multinationals where the Home country
rules don't really apply to their stuff outside of 'home'.
--brian
On Tue, Jun 24, 2008 at 9:47 PM, Akomolafe, Deji <deji@readymaids.com>
wrote:
> It's been my experience that most multi-national corporations are governed
> by the rules and regulations of the "Home" country in which they are
> headquartered. This is not meant to say don't talk to your lawyers first.
>
> With regards to technical limitations, procurement and shipment of the
> hardware is always a big issue and even though this will be considered
> non-technical, you need to devote a lot of planning to this because you
> really can't get technical if the hardware is not there.
>
> Others have given you some additional pointers, and I would like to add
> that, in my experience (and from other anecdotes), the carriers are hard to
> deal with and the bandwidth is not optimal. I don't know if this is true of
> Kowloon, but if English is your primary language of business, then you
> couldn't have picked a better location in China. You will need someone very
> fluent in BOTH the local language and English to get anywhere there.
>
>
> Sincerely,
> _____
> (, / | /) /) /)
> /---| (/_ ______ ___// _ // _
> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
> (_/ /)
> (/
> Microsoft MVP - Directory Services
> www.akomolafe.name<http://www.akomolafe.name/> - we know IT
> -5.75, -3.23
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> ________________________________
> From: ActiveDir-owner@mail.activedir.org [
> ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar [
> rmscheck@yahoo.com]
> Sent: Tuesday, June 24, 2008 6:41 PM
> To: Active Dir
> Subject: [ActiveDir] AD Overseas
>
>
> Hey folks,
>
>
>
> My place is looking to open a small office in China, possibly Kowloon
> (manufacturing) and are asking us what restrictions most organizations run
> into when extending their Active Directory and Windows environment to
> international soil such as this... Can anyone point me in the right
> direction?
>
>
>
> What are the technical and legal aspects that we need to be aware of?
>
>
>
> Thanks.
>
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
| | | |
| neilruston
Posts:144
| | 07/16/2008 9:47 PM |
| It's been my experience that most multi-national corporations are
governed by the rules and regulations of the "Home" country in which
they are headquartered. This is not meant to say don't talk to your
lawyers first.
*** That is certainly _not_ my experience at all :/ perhaps you've yet
to deal with small jurisdictions throughout Europe.
With regards to technical limitations, procurement and shipment of the
hardware is always a big issue and even though this will be considered
non-technical, you need to devote a lot of planning to this because you
really can't get technical if the hardware is not there.
*** I wish that was even on my list of 10 biggest concerns - my life
would be so much simpler 
neil
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: 25 June 2008 03:48
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Overseas
It's been my experience that most multi-national corporations are
governed by the rules and regulations of the "Home" country in which
they are headquartered. This is not meant to say don't talk to your
lawyers first.
With regards to technical limitations, procurement and shipment of the
hardware is always a big issue and even though this will be considered
non-technical, you need to devote a lot of planning to this because you
really can't get technical if the hardware is not there.
Others have given you some additional pointers, and I would like to add
that, in my experience (and from other anecdotes), the carriers are hard
to deal with and the bandwidth is not optimal. I don't know if this is
true of Kowloon, but if English is your primary language of business,
then you couldn't have picked a better location in China. You will need
someone very fluent in BOTH the local language and English to get
anywhere there.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
[rmscheck@yahoo.com]
Sent: Tuesday, June 24, 2008 6:41 PM
To: Active Dir
Subject: [ActiveDir] AD Overseas
Hey folks,
My place is looking to open a small office in China, possibly Kowloon
(manufacturing) and are asking us what restrictions most organizations
run into when extending their Active Directory and Windows environment
to international soil such as this... Can anyone point me in the right
direction?
What are the technical and legal aspects that we need to be aware of?
Thanks.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group.
The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk.
This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments.
Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons.
Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.
Barclays Bank PLC. Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
Barclays Bank PLC is authorised and regulated by the Financial Services Authority.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| Parzival
Posts:38
| | 07/16/2008 9:47 PM |
| And on the hardware side, usually it is better to acquire the hardware is the country where services will be hosted. This due to warranty and material replacement. Also, never send out anything with data on it.. we once had to send 4 routers, misteriously 3 dissapeared in customs..
Roelf
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of neil.ruston@barclayswealth.com
Sent: Wednesday, June 25, 2008 10:13 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Overseas
It's been my experience that most multi-national corporations are
governed by the rules and regulations of the "Home" country in which
they are headquartered. This is not meant to say don't talk to your
lawyers first.
*** That is certainly _not_ my experience at all :/ perhaps you've yet
to deal with small jurisdictions throughout Europe.
With regards to technical limitations, procurement and shipment of the
hardware is always a big issue and even though this will be considered
non-technical, you need to devote a lot of planning to this because you
really can't get technical if the hardware is not there.
*** I wish that was even on my list of 10 biggest concerns - my life
would be so much simpler
neil
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Akomolafe, Deji
Sent: 25 June 2008 03:48
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Overseas
It's been my experience that most multi-national corporations are
governed by the rules and regulations of the "Home" country in which
they are headquartered. This is not meant to say don't talk to your
lawyers first.
With regards to technical limitations, procurement and shipment of the
hardware is always a big issue and even though this will be considered
non-technical, you need to devote a lot of planning to this because you
really can't get technical if the hardware is not there.
Others have given you some additional pointers, and I would like to add
that, in my experience (and from other anecdotes), the carriers are hard
to deal with and the bandwidth is not optimal. I don't know if this is
true of Kowloon, but if English is your primary language of business,
then you couldn't have picked a better location in China. You will need
someone very fluent in BOTH the local language and English to get
anywhere there.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
[rmscheck@yahoo.com]
Sent: Tuesday, June 24, 2008 6:41 PM
To: Active Dir
Subject: [ActiveDir] AD Overseas
Hey folks,
My place is looking to open a small office in China, possibly Kowloon
(manufacturing) and are asking us what restrictions most organizations
run into when extending their Active Directory and Windows environment
to international soil such as this... Can anyone point me in the right
direction?
What are the technical and legal aspects that we need to be aware of?
Thanks.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group.
The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk.
This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments.
Internet communications are not guaranteed to be secure or virus-free. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons.
Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.
Barclays Bank PLC. Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
Barclays Bank PLC is authorised and regulated by the Financial Services Authority.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| rmscheck
Posts:53
| | 07/16/2008 9:47 PM |
| Thanks for the replies guys... Provided we get the legal aspect taken care of, how about things like can we use the same version of Windows? Given the bandwidth limitations, is it best from a replication standpoint to create a new child domain? I like Dan's idea of building security around it, new forest etc, but will we have security restrictions? Encryption restrictions? Firewall restrictions?
I guess I'm curious as to how others have done it. I figure it would be foolish for us to treat this location like another U.S. facility and stand up our systems in the same way.
--- On Wed, 6/25/08, Robert Singers <robert.singers@dbh.govt.nz> wrote:
From: Robert Singers <robert.singers@dbh.govt.nz>
Subject: RE: [ActiveDir] AD Overseas
To: ActiveDir@mail.activedir.org
Date: Wednesday, June 25, 2008, 3:50 AM
IME if we're talking about US multi-nationals SoX and
Export Compliance do, but employment and health and safety don't. Also
from memory some software is covered under the munitions section of US export
compliance.
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian
Desmond
Sent: Wednesday, 25 June 2008 2:56 p.m.
To:
ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD
Overseas
I've worked with a number of large multinationals where the Home country
rules don't really apply to their stuff outside of 'home'.
--brian
On Tue, Jun 24, 2008 at 9:47 PM, Akomolafe, Deji <deji@readymaids.com> wrote:
It's
been my experience that most multi-national corporations are governed by the
rules and regulations of the "Home" country in which they are headquartered.
This is not meant to say don't talk to your lawyers first.
With regards
to technical limitations, procurement and shipment of the hardware is always a
big issue and even though this will be considered non-technical, you need to
devote a lot of planning to this because you really can't get technical if the
hardware is not there.
Others have given you some additional pointers,
and I would like to add that, in my experience (and from other anecdotes), the
carriers are hard to deal with and the bandwidth is not optimal. I don't know
if this is true of Kowloon, but if English is your primary language of
business, then you couldn't have picked a better location in China. You will
need someone very fluent in BOTH the local language and English to get
anywhere there.
Sincerely,
_____
(, / |
/) /)
/)
/---| (/_ ______ ___// _ //
_
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/
/)
(/
Microsoft MVP -
Directory Services
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75,
-3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org]
On Behalf Of Rand Salazar [rmscheck@yahoo.com]
Sent: Tuesday,
June 24, 2008 6:41 PM
To: Active Dir
Subject: [ActiveDir] AD
Overseas
Hey folks,
My place is looking to open a
small office in China, possibly Kowloon (manufacturing) and are asking us what
restrictions most organizations run into when extending their Active Directory
and Windows environment to international soil such as this... Can anyone
point me in the right direction?
What are the technical and
legal aspects that we need to be aware
of?
Thanks.
List info : http://www.activedir.org/List.aspx
List FAQ
: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
Thanks,
Brian Desmond
brian@briandesmond.com
c -
312.731.3132
This e-mail message has been scanned for Viruses and cleared by NetIQ MailMarshal
Please Note:
The information contained in this email message and any attached files may be
confidential and subject to privilege. Any opinions expressed in this message
are not necessarily those of the Department of Building and Housing. All
technical opinions are offered on a ʽno-liabilityʼ basis. This message and any
files transmitted with it are confidential and solely for the use of the
intended recipient. If you are not the intended recipient, you are notified that
any use, disclosure or copying of this email is unauthorised. If you have
received this email in error, please notify us immediately by reply email and
delete the original and any attachment(s). Thank you.
| | | |
| TG
Posts:86
| | 07/16/2008 9:47 PM |
| Administration of Domain Controllers may become an issue if you have
either government contracts or others that impose the rule that only
people in US can have elevated rights.
Thank you, Tony.
Tony Gordon
Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
ITS Infrastructure Engineering
Hewitt Associates | 100 Half Day Road | Lincolnshire, IL 60069 |
USA
Tel 847.295.5000 x50526 | Fax 847.554.1574
tony dot gordon at hewitt dot com | www.hewitt.com
From:
"Robert Singers" <robert.singers@dbh.govt.nz>
To:
ActiveDir@mail.activedir.org
Date:
06/24/2008 10:49 PM
Subject:
RE: [ActiveDir] AD Overseas
IME if we're talking about US multi-nationals SoX and Export Compliance
do, but employment and health and safety don't. Also from memory some
software is covered under the munitions section of US export compliance.
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, 25 June 2008 2:56 p.m.
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Overseas
I've worked with a number of large multinationals where the Home country
rules don't really apply to their stuff outside of 'home'.
--brian
On Tue, Jun 24, 2008 at 9:47 PM, Akomolafe, Deji <deji@readymaids.com>
wrote:
It's been my experience that most multi-national corporations are governed
by the rules and regulations of the "Home" country in which they are
headquartered. This is not meant to say don't talk to your lawyers first.
With regards to technical limitations, procurement and shipment of the
hardware is always a big issue and even though this will be considered
non-technical, you need to devote a lot of planning to this because you
really can't get technical if the hardware is not there.
Others have given you some additional pointers, and I would like to add
that, in my experience (and from other anecdotes), the carriers are hard
to deal with and the bandwidth is not optimal. I don't know if this is
true of Kowloon, but if English is your primary language of business, then
you couldn't have picked a better location in China. You will need someone
very fluent in BOTH the local language and English to get anywhere there.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name<http://www.akomolafe.name/> - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org [
ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar [
rmscheck@yahoo.com]
Sent: Tuesday, June 24, 2008 6:41 PM
To: Active Dir
Subject: [ActiveDir] AD Overseas
Hey folks,
My place is looking to open a small office in China, possibly Kowloon
(manufacturing) and are asking us what restrictions most organizations run
into when extending their Active Directory and Windows environment to
international soil such as this... Can anyone point me in the right
direction?
What are the technical and legal aspects that we need to be aware of?
Thanks.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132 This e-mail message has been scanned for Viruses and
cleared by NetIQ MailMarshal
Please Note:
The information contained in this email message and any attached files may
be confidential and subject to privilege. Any opinions expressed in this
message are not necessarily those of the Department of Building and
Housing. All technical opinions are offered on a ?no-liability? basis.
This message and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the intended
recipient, you are notified that any use, disclosure or copying of this
email is unauthorised. If you have received this email in error, please
notify us immediately by reply email and delete the original and any
attachment(s). Thank you.
The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
| | | |
| adwulf
Posts:34
| | 07/16/2008 9:49 PM |
| 2008/6/25 <neil.ruston@barclayswealth.com>:
>
> With regards to technical limitations, procurement and shipment of the
> hardware is always a big issue and even though this will be considered
> non-technical, you need to devote a lot of planning to this because you
> really can't get technical if the hardware is not there.
> *** I wish that was even on my list of 10 biggest concerns - my life
> would be so much simpler
>
Not sure if it is still the case, but it used to be a top tip to ship
monitors to the EU separately to the rest of the kit.
Monitors were rated lower (or was it zero?) for import duty, whereas
the rest of the computer was not. If you shipped both together, the
duty applied to the value of the whole lot.
--
AdamT
"At times one remains faithful to a cause only because its opponents
do not cease to be insipid." - Nietzsche
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| listmail
Posts:428
| | 09/08/2008 4:09 PM |
| The most common deployment I have seen is multidomain in a single forest.
Usually Americas, Europe, AsiaPac. I have also seen Americas broken up into
North/South America due to poor connectivity in South America coupled with
large directory in North America. The splits ups tend to be along
replication load lines but also political. And not to start any fights but
the absolute most common political scenario has been that European don't
want to be included in with the United Statesians. The Asia-Pac people don't
seem to care much one way or the other, they just want stuff to work and to
know that if it is broken, they can get help in some reasonable time frame
and don't want all of their bandwidth sucked up because it is very
expensive. The US people are often like Euro-who? Asia-who?
If you can keep the environment within Data Centers with good connectivity
globally, try to stay with a single domain forest, all sorts of possible
issues melt away. If that isn't possible and you are large, you likely will
need to divy things up due to bandwidth issues so as not to kill WAN sites.
Now if you have to do that but Exchange stays in the datacenters, consider
an Exchange single domain resource forest. That should reduce the amount of
data in the NOS forest as well as stay away from various multidomain forest
issues Exchange suffers with and will truly consider to suffer with until
Outlook uses LDAP instead of NSPI for communicating to get/update directory
info.
--
O'Reilly Active Directory Third Edition -
http://www.joeware.net/win/ad3e.htm
_____
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Monday, August 25, 2008 8:26 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Overseas
Of the half a dozen or so multinationals I am working with right now, they
are all based in the US, all have one forest worldwide, and some of them
even have a single domain worldwide, but more commonly, they have regional
domains (e.g. EMEA, AMS, APJ, etc).
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
Sent: Monday, August 25, 2008 6:36 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Overseas
Hey guys,
Sorry to dredge up an old post.. it seems my situation has changed and the
legal aspect is not as cloudy as we thought. So now I turn to the technical
side...
How many of you have AD overseas with a primary office over in the US? How
did you decide what to do for AD there? Separate forest? New child domain?
Extend your current domain? I am battling this question as what would be
the best thing to do in this day and age. Some say no new domains, single
domain model works! Some say oh no, PRC.. go with a new forest as they have
haxors!! Then you have the old school, split 'em off into a child domain
and be done as its admin boundary! (yea, right!)
Confused.
--- On Wed, 6/25/08, Tony Gordon <Tony.Gordon@hewitt.com> wrote:
From: Tony Gordon <Tony.Gordon@hewitt.com>
Subject: RE: [ActiveDir] AD Overseas
To: ActiveDir@mail.activedir.org
Date: Wednesday, June 25, 2008, 2:29 PM
Administration of Domain Controllers may become an issue if you have either
government contracts or others that impose the rule that only people in US
can have elevated rights.
Thank you, Tony.
Tony Gordon
Windows 2003 & 2000 MCSE, Windows 2003 MCSA, PMP
ITS Infrastructure Engineering
Hewitt Associates | 100 Half Day Road | Lincolnshire, IL 60069 | USA
Tel 847.295.5000 x50526 | Fax 847.554.1574
tony dot gordon at hewitt dot com | www.hewitt.com
From:
"Robert Singers" <robert.singers@dbh.govt.nz>
To:
ActiveDir@mail.activedir.org
Date:
06/24/2008 10:49 PM
Subject:
RE: [ActiveDir] AD Overseas
_____
IME if we're talking about US multi-nationals SoX and Export Compliance do,
but employment and health and safety don't. Also from memory some software
is covered under the munitions section of US export compliance.
_____
From: ActiveDir-owner@mail.activedir.org [
<mailto:ActiveDir-owner@mail.activedir.org>
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Brian Desmond
Sent: Wednesday, 25 June 2008 2:56 p.m.
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Overseas
I've worked with a number of large multinationals where the Home country
rules don't really apply to their stuff outside of 'home'.
--brian
On Tue, Jun 24, 2008 at 9:47 PM, Akomolafe, Deji <deji@readymaids.com>
wrote:
It's been my experience that most multi-national corporations are governed
by the rules and regulations of the "Home" country in which they are
headquartered. This is not meant to say don't talk to your lawyers first.
With regards to technical limitations, procurement and shipment of the
hardware is always a big issue and even though this will be considered
non-technical, you need to devote a lot of planning to this because you
really can't get technical if the hardware is not there.
Others have given you some additional pointers, and I would like to add
that, in my experience (and from other anecdotes), the carriers are hard to
deal with and the bandwidth is not optimal. I don't know if this is true of
Kowloon, but if English is your primary language of business, then you
couldn't have picked a better location in China. You will need someone very
fluent in BOTH the local language and English to get anywhere there.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.name <http://www.akomolafe.name/> <http://www.akomolafe.name/>
- we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: ActiveDir-owner@mail.activedir.org
[ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar
[rmscheck@yahoo.com]
Sent: Tuesday, June 24, 2008 6:41 PM
To: Active Dir
Subject: [ActiveDir] AD Overseas
Hey folks,
My place is looking to open a small office in China, possibly Kowloon
(manufacturing) and are asking us what restrictions most organizations run
into when extending their Active Directory and Windows environment to
international soil such as this... Can anyone point me in the right
direction?
What are the technical and legal aspects that we need to be aware of?
Thanks.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
--
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
_____
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal
_____
_____
Please Note:
The information contained in this email message and any attached files may
be confidential and subject to privilege. Any opinions expressed in this
message are not necessarily those of the Department of Building and Housing.
All technical opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely for the use of
the intended recipient. If you are not the intended recipient, you are
notified that any use, disclosure or copying of this email is unauthorised.
If you have received this email in error, please notify us immediately by
reply email and delete the original and any attachment(s). Thank you.
_____
_____
The information contained in this e-mail and any accompanying documents may
contain information that is confidential or otherwise protected from
disclosure. If you are not the intended recipient of this message, or if
this message has been addressed to you in error, please immediately alert
the sender by reply e-mail and then delete this message, including any
attachments. Any dissemination, distribution or other use of the contents of
this message by anyone other than the intended recipient is strictly
prohibited. All messages sent to and from this e-mail address may be
monitored as permitted by applicable law and regulations to ensure
compliance with our internal policies and to protect our business. E-mails
are not secure and cannot be guaranteed to be error free as they can be
intercepted, amended, lost or destroyed, or contain viruses. You are deemed
to have accepted these risks if you communicate with us by e-mail.
| | | |
|
|