| Author | Messages | |
Johnchristie11
Posts:44
 | | 07/06/2010 10:04 AM |
| I have two Windows 2008 Forests which for now will remain separate but at
some point in the future will need to join via a Forest Trust.
Neither AD forest is connected to the internet, but I'm concerned that both
forests have been given the same name
What problems/limitations may I encounter in the future if I want to connect
the forests together?
Is there any best practice recommendations around AD naming?
Thanks JC
| | | |
| Parzival
Posts:107
| | 07/06/2010 10:27 AM |
| John,
If you want to join the forests together, you cannot use a trust if they use the same FQDN or Netbios name. If you want to migrate from A to B, you need to have an intermediate forest named C.. then migrate all to C and then to B.. so everything becomes very complex..
More info on design: http://technet.microsoft.com/en-us/library/bb727085.aspx
I believe the best practice is to use a non-bound name to the organization as acquisitions and mergers become much easier if the AD forest has a non-meaningfull name, but some would probably disagree with this one. Use a name that is not already registered on the internet, or if you wish to choose a "known" suffix like .com, .org or whatever make sure you register the name. "private" namespaces can also be used like .intranet, .local, etc.. if you choose a suffix of more than 3 characters, chances are high the suffix will ever be used on the internet and thus you are safe there. I've had several customers who had their very well-functioning and good AD's redesigned (including migration), just because the company who bought them wanted the name of the old company removed from the domain..
For example, in my labs I use, rootdomain.local, forestroot.local, oceanfloor.local etc.. but I've seen customers with Greek gods as their domain names etc.. so use your imagination and get approval 
_R
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of John Christie
Sent: Tuesday, July 06, 2010 10:55 AM
To: activedir
Subject: [ActiveDir] AD Naming
I have two Windows 2008 Forests which for now will remain separate but at some point in the future will need to join via a Forest Trust.
Neither AD forest is connected to the internet, but I'm concerned that both forests have been given the same name
What problems/limitations may I encounter in the future if I want to connect the forests together?
Is there any best practice recommendations around AD naming?
Thanks JC
| | | |
| Syed
Posts:19
| | 07/06/2010 11:13 AM |
| Hello John,
You should see this Kb
http://support.microsoft.com/kb/909264
Thanks
Syed
On 7/6/10, John Christie <johnchristie11@googlemail.com> wrote:
>
> I have two Windows 2008 Forests which for now will remain separate but at
> some point in the future will need to join via a Forest Trust.
>
> Neither AD forest is connected to the internet, but I'm concerned that both
> forests have been given the same name
> What problems/limitations may I encounter in the future if I want to
> connect the forests together?
>
> Is there any best practice recommendations around AD naming?
>
> Thanks JC
>
| | | |
| sdelrio
Posts:14
| | 07/06/2010 5:22 PM |
| Hi ,
You will not be able to create a forest trust if both domains are using the
same NETBIOS name.
On Tue, Jul 6, 2010 at 5:54 AM, John Christie <johnchristie11@googlemail.com
> wrote:
> I have two Windows 2008 Forests which for now will remain separate but at
> some point in the future will need to join via a Forest Trust.
>
> Neither AD forest is connected to the internet, but I'm concerned that both
> forests have been given the same name
> What problems/limitations may I encounter in the future if I want to
> connect the forests together?
>
> Is there any best practice recommendations around AD naming?
>
> Thanks JC
>
| | | |
| robertsingers
Posts:571
| | 07/07/2010 10:29 PM |
| We used network.local because our user base use the term "log into the network"
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Roelf Zomerman
Sent: Tuesday, 6 July 2010 9:25 p.m.
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] AD Naming
John,
If you want to join the forests together, you cannot use a trust if they use the same FQDN or Netbios name. If you want to migrate from A to B, you need to have an intermediate forest named C.. then migrate all to C and then to B.. so everything becomes very complex..
More info on design: http://technet.microsoft.com/en-us/library/bb727085.aspx
I believe the best practice is to use a non-bound name to the organization as acquisitions and mergers become much easier if the AD forest has a non-meaningfull name, but some would probably disagree with this one. Use a name that is not already registered on the internet, or if you wish to choose a "known" suffix like .com, .org or whatever make sure you register the name. "private" namespaces can also be used like .intranet, .local, etc.. if you choose a suffix of more than 3 characters, chances are high the suffix will ever be used on the internet and thus you are safe there. I've had several customers who had their very well-functioning and good AD's redesigned (including migration), just because the company who bought them wanted the name of the old company removed from the domain..
For example, in my labs I use, rootdomain.local, forestroot.local, oceanfloor.local etc.. but I've seen customers with Greek gods as their domain names etc.. so use your imagination and get approval
_R
From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of John Christie
Sent: Tuesday, July 06, 2010 10:55 AM
To: activedir
Subject: [ActiveDir] AD Naming
I have two Windows 2008 Forests which for now will remain separate but at some point in the future will need to join via a Forest Trust.
Neither AD forest is connected to the internet, but I'm concerned that both forests have been given the same name
What problems/limitations may I encounter in the future if I want to connect the forests together?
Is there any best practice recommendations around AD naming?
Thanks JC
This message has been scanned for viruses and is believed to be clean.
#####################################################################################
This message has been scanned for viruses and is believed to be clean.
#####################################################################################
----------------------------------------------------------------------------------------
Please Note:
The information contained in this email message and any attached files may be confidential and subject to privilege. If you are not the intended recipient of this message, privilege and confidentiality is not waived or lost, and you are not entitled to use, disclose or copy it in any way. Opinions expressed in this message are not necessarily those of the Department of Building and Housing. The Department does not accept any liability for any technical opinions offered. While we use standard virus protection software, we do not accept responsibility for viruses or anything similar in this email or its attachments, nor do we accept responsibility for changes made to this email or to its attachments after it leaves our system. If you have received this email in error, please notify us immediately by reply email and delete the original and any attachment(s). Thank you.
----------------------------------------------------------------------------------------
| | | |
| neil.ruston@credit-suisse.com
Posts:0
| | 07/08/2010 4:22 PM |
| A few random thoughts:
- Avoid names which are tied to the current company name [and
thus never need to rename / re-build]
- Use officially defined TLD names [linked to point below]
- Use registered DNS names [if u merge with another
rootdomain.local, you're snookered!]
- Use NetBIOS names which are likely to remain unique [even if
test environments appear later]
Hope that helps,
neil
________________________________
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Robert Singers
Sent: 07 July 2010 22:28
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] AD Naming
We used network.local because our user base use the term "log into the
network"
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of Roelf Zomerman
Sent: Tuesday, 6 July 2010 9:25 p.m.
To: activedir@mail.activedir.org
Subject: RE: [ActiveDir] AD Naming
John,
If you want to join the forests together, you cannot use a trust if they
use the same FQDN or Netbios name. If you want to migrate from A to B,
you need to have an intermediate forest named C.. then migrate all to C
and then to B.. so everything becomes very complex..
More info on design:
http://technet.microsoft.com/en-us/library/bb727085.aspx
I believe the best practice is to use a non-bound name to the
organization as acquisitions and mergers become much easier if the AD
forest has a non-meaningfull name, but some would probably disagree with
this one. Use a name that is not already registered on the internet, or
if you wish to choose a "known" suffix like .com, .org or whatever make
sure you register the name. "private" namespaces can also be used like
.intranet, .local, etc.. if you choose a suffix of more than 3
characters, chances are high the suffix will ever be used on the
internet and thus you are safe there. I've had several customers who
had their very well-functioning and good AD's redesigned (including
migration), just because the company who bought them wanted the name of
the old company removed from the domain..
For example, in my labs I use, rootdomain.local, forestroot.local,
oceanfloor.local etc.. but I've seen customers with Greek gods as their
domain names etc.. so use your imagination and get approval :-)
_R
From: activedir-owner@mail.activedir.org
[mailto:activedir-owner@mail.activedir.org] On Behalf Of John Christie
Sent: Tuesday, July 06, 2010 10:55 AM
To: activedir
Subject: [ActiveDir] AD Naming
I have two Windows 2008 Forests which for now will remain separate but
at some point in the future will need to join via a Forest Trust.
Neither AD forest is connected to the internet, but I'm concerned that
both forests have been given the same name
What problems/limitations may I encounter in the future if I want to
connect the forests together?
Is there any best practice recommendations around AD naming?
Thanks JC
This message has been scanned for viruses and is believed to be clean.
This message has been scanned for viruses and is believed to be clean.
________________________________
Please Note:
The information contained in this email message and any attached files
may be confidential and subject to privilege. If you are not the
intended recipient of this message, privilege and confidentiality is not
waived or lost, and you are not entitled to use, disclose or copy it in
any way. Opinions expressed in this message are not necessarily those
of the Department of Building and Housing. The Department does not
accept any liability for any technical opinions offered. While we use
standard virus protection software, we do not accept responsibility for
viruses or anything similar in this email or its attachments, nor do we
accept responsibility for changes made to this email or to its
attachments after it leaves our system. If you have received this email
in error, please notify us immediately by reply email and delete the
original and any attachment(s). Thank you.
________________________________
Lloyds TSB Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales, number 2065. Telephone: 020 7626 1500.
Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland, number 327000. Telephone: 0870 600 5000
Lloyds TSB Scotland plc. Registered Office: Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone: 0131 225 4555.
Cheltenham & Gloucester plc. Registered Office: Barnett Way, Gloucester GL4 3RL. Registered in England and Wales, number 2299428. Telephone: 01452 372372.
Lloyds TSB Bank plc, Lloyds TSB Scotland plc, Bank of Scotland plc and Cheltenham & Gloucester plc are authorised and regulated by the Financial Services Authority.
Halifax is a division of Bank of Scotland plc. Cheltenham & Gloucester Savings is a division of Lloyds TSB Bank plc.
HBOS plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland, number 218813. Telephone: 0870 600 5000
Lloyds Banking Group plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland, number 95000. Telephone: 0131 225 4555
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments.
Telephone calls may be monitored or recorded.
| | | |
| jimkatoe
Posts:7
| | 07/09/2010 3:55 AM |
| You can't have a trust between the 2 if the netbios name is the same. And
if you rename it Exchange won't be supported.
On Tue, Jul 6, 2010 at 4:54 AM, John Christie <johnchristie11@googlemail.com
> wrote:
> I have two Windows 2008 Forests which for now will remain separate but at
> some point in the future will need to join via a Forest Trust.
>
> Neither AD forest is connected to the internet, but I'm concerned that both
> forests have been given the same name
> What problems/limitations may I encounter in the future if I want to
> connect the forests together?
>
> Is there any best practice recommendations around AD naming?
>
> Thanks JC
>
| | | |
|
|