| Author | Messages | |
scharique
Posts:0
 | | 07/08/2009 2:01 PM |
| Joe, if your advice on AD doesn't matter than I don't know whose does.
Right now, the way those 6000 users are dispersed into three new target
(child) domains are something along the lines of NA(50%),EU(25%),AP(25%).
For some reason, management is more acceptable to 1+1 model, being in this
situation I deem that lesser evil than the current model. But you also don't
see any reason whatsoever of NOT dumping everything into the root and end up
with a single-domain forest at the end of the day ?
Thanks,
On Wed, Jul 8, 2009 at 6:54 AM, joe <listmail@joeware.net> wrote:
> Subject: RE: [ActiveDir] Revisiting the infamous topic of multiple child
> domains vs Single domain forest
> Date: Wed, 8 Jul 2009 07:51:06 -0400
> Message-ID: <4497A03061E7485080A6D4C30D9CEA3E@test.loc>
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_0B54_01C9FFA0.D9CF6DF0"
> X-Mailer: Microsoft Office Outlook 11
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
> In-Reply-To: <
> 9F12C1D07D672344A7A0D89FAC93214F0E760DF0@BL2PRD0102MB003.prod.exchangelabs.com
> >
> Thread-Index: AQHJ/1OMc1d/Nwi7g0iTYUauC36D0ZBqqgQAgAAAnoCAANoxsA==
> Precedence: bulk
> Sender: activedir-owner@mail.activedir.org
> Reply-To: activedir@mail.activedir.org
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0B54_01C9FFA0.D9CF6DF0
> Content-Type: text/plain;
> charset="us-ascii"
> Content-Transfer-Encoding: 7bit
>
> I concur if it matters. 
>
> If you are going through cleaning up, clean up to a single domain, not a
> new
> subdomain. The one exception I could think of is if say 90% of the
> users/machines were in one domain already. Then maybe you would consider
> pulling things into that domain so you hit the least amount of
> users/machines. Gets you closer to a collapsed environment with minimal
> work. But the goal would still be to roll everything into the root if there
> are no other reasons to keep the multiple domains. For 6000 users, I don't
> think I ever would have thought to split it up in the first place but
> wasn't
> there in the room during the initial planning. Someone may have had a
> certain set of things in mind that made sense.
>
> joe
>
>
> --
> O'Reilly Active Directory Fourth Edition -
> http://www.joeware.net/win/ad4e.htm
>
>
>
> _____
>
> From: activedir-owner@mail.activedir.org
> [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brian Desmond
> Sent: Tuesday, July 07, 2009 6:46 PM
> To: activedir@mail.activedir.org
> Subject: RE: [ActiveDir] Revisiting the infamous topic of multiple child
> domains vs Single domain forest
>
>
>
> Correct
>
>
>
> Thanks,
>
> Brian Desmond
>
> brian@briandesmond.com
>
>
>
> c - 312.731.3132
>
>
>
> From: activedir-owner@mail.activedir.org
> [mailto:activedir-owner@mail.activedir.org] On Behalf Of Rick Sheikh
> Sent: Tuesday, July 07, 2009 5:43 PM
> To: activedir@mail.activedir.org
> Subject: Re: [ActiveDir] Revisiting the infamous topic of multiple child
> domains vs Single domain forest
>
>
>
> And yes hitting every workstation in each domain to now roll it into the
> root would be really painful.
>
> Brian, I assume you are still pretty solid on single-domain forest as
> oppose
> to that CORP.root.int (as 1+1) analogy I put forth ? You don't see any
> reason why I should NOT go directly into root ?
>
>
>
>
> On Tue, Jul 7, 2009 at 5:36 PM, Rick Sheikh <getshq@gmail.com> wrote:
>
> Thanks everyone and Brian yes,I do feel the same about GCs sharing forest
> specific data to all DCs as all DCs are GCs. And I think had there been a
> legal ramification in picture, this issue would have arrived earlier as
> mentioned earlier this was a merger and one company had prior been
> operating
> under single domain forest and had offices in Paris, London and Madrid and
> some APAC regions as well. So I hope that is not a legal concern.but I will
> check. And no the WAN pipes are pretty good too.
>
> I am just trying to gather as much info as possible to table these facts in
> front of the CIO next week. When Exchange as messaging solution in picture,
> can a point of it being simpler implementation in a consolidated
> single-domain forest be also valid ?
>
> Please pass on if any one has any case study or an article to share.
>
> Thanks,
>
>
>
>
>
> On Tue, Jul 7, 2009 at 4:37 PM, Charlie Kaiser <charliek@golden-eagle.org>
> wrote:
>
> Yep. Thus the need for good planning...
>
>
> ***********************
> Charlie Kaiser
> charliek@golden-eagle.org
> Kingman, AZ
> ***********************
>
> > -----Original Message-----
> > From: activedir-owner@mail.activedir.org
>
> > [mailto:activedir-owner@mail.activedir.org] On Behalf Of Brian Desmond
> > Sent: Tuesday, July 07, 2009 1:56 PM
> > To: activedir@mail.activedir.org
> > Subject: RE: [ActiveDir] Revisiting the infamous topic of
> > multiple child domains vs Single domain forest
> >
>
> > Global Catalog leaks the data either way depending what the
> > definition of the "data" is.
>
>
>
>
>
>
> ------=_NextPart_000_0B54_01C9FFA0.D9CF6DF0
> Content-Type: text/html;
> charset="us-ascii"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:v =3D=20
> "urn:schemas-microsoft-com:vml" xmlns:o =3D=20
> "urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
> "urn:schemas-microsoft-com:office:word" xmlns:x =3D=20
> "urn:schemas-microsoft-com:office:excel" xmlns:p =3D=20
> "urn:schemas-microsoft-com:office:powerpoint" xmlns:a =3D=20
> "urn:schemas-microsoft-com:office:access" xmlns:dt =3D=20
> "uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s =3D=20
> "uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs =3D=20
> "urn:schemas-microsoft-com:rowset" xmlns:z =3D "#RowsetSchema" xmlns:b =
> =3D=20
> "urn:schemas-microsoft-com:office:publisher" xmlns:ss =3D=20
> "urn:schemas-microsoft-com:office:spreadsheet" xmlns:c =3D=20
> "urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc =3D=20
> "urn:schemas-microsoft-com:office:odc" xmlns:oa =3D=20
> "urn:schemas-microsoft-com:office:activation" xmlns:html =3D=20
> "http://www.w3.org/TR/REC-html40" xmlns:q =3D=20
> "http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc =3D=20
> "http://microsoft.com/officenet/conferencing" XMLNS =3D "DAV:" =
> XMLNS:Repl =3D=20
> "http://schemas.microsoft.com/repl/" xmlns:mt =3D=20
> "http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2 =3D=20
> "http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda =3D=20
> "http://www.passport.com/NameSpace.xsd" xmlns:ois =3D=20
> "http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir =3D=20
> "http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds =3D=20
> "http://www.w3.org/2000/09/xmldsig#" xmlns:dsp =3D=20
> "http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc =3D=20
> "http://schemas.microsoft.com/data/udc" xmlns:xsd =3D=20
> "http://www.w3.org/2001/XMLSchema" xmlns:sub =3D=20
> "http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec =
> =3D=20
> "http://www.w3.org/2001/04/xmlenc#" xmlns:sp =3D=20
> "http://schemas.microsoft.com/sharepoint/" xmlns:sps =3D=20
> "http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi =3D=20
> "http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs =3D=20
> "http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf =3D=20
> "http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p =3D=20
> "http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf =3D=20
> "http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss =3D=20
> "http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi =3D=20
> "http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi =3D=20
> "http://schemas.openxmlformats.org/package/2006/digital-signature" =
> xmlns:mver =3D=20
> "http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m =
> =3D=20
> "http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels =3D=20
> "http://schemas.openxmlformats.org/package/2006/relationships" =
> xmlns:spwp =3D=20
> "http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t =3D=20
> "http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m =
> =3D=20
> "http://schemas.microsoft.com/exchange/services/2006/messages" =
> xmlns:pptsl =3D=20
> "http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl =
> =3D=20
> "http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksSe=
> rvice"=20
> XMLNS:Z =3D "urn:schemas-microsoft-com:" xmlns:st =3D "=01"><HEAD>
> <META content=3D"text/html; charset=3Dus-ascii" =
> http-equiv=3DContent-Type>
> <META name=3DGENERATOR content=3D"MSHTML 8.00.6001.18783">
> <STYLE>@font-face {
> font-family: Cambria Math;
> }
> @font-face {
> font-family: Calibri;
> }
> @font-face {
> font-family: Tahoma;
> }
> @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
> P.MsoNormal {
> MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif";
> FONT-SIZE: =
> 12pt
> }
> LI.MsoNormal {
> MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif";
> FONT-SIZE: =
> 12pt
> }
> DIV.MsoNormal {
> MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif";
> FONT-SIZE: =
> 12pt
> }
> A:link {
> COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
> }
> SPAN.MsoHyperlink {
> COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
> }
> A:visited {
> COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
> }
> SPAN.MsoHyperlinkFollowed {
> COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
> }
> SPAN.EmailStyle17 {
> FONT-FAMILY: "Calibri","sans-serif"; COLOR: #000066; FONT-WEIGHT:
> bold; =
> mso-style-type: personal-reply
> }
> .MsoChpDefault {
> mso-style-type: export-only
> }
> DIV.Section1 {
> page: Section1
> }
> </STYLE>
> <!--[if gte mso 9]><xml>
> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
> </xml><![endif]--><!--[if gte mso 9]><xml>
> <o:shapelayout v:ext=3D"edit">
> <o:idmap v:ext=3D"edit" data=3D"1" />
> </o:shapelayout></xml><![endif]--></HEAD>
> <BODY lang=3DEN-US link=3Dblue vLink=3Dpurple>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D665324611-08072009><FONT =
> color=3D#0000ff=20
> size=3D2 face=3DArial>I concur if it matters. </FONT></SPAN></DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D665324611-08072009><FONT =
> color=3D#0000ff=20
> size=3D2 face=3DArial></FONT></SPAN> </DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D665324611-08072009><FONT =
> color=3D#0000ff=20
> size=3D2 face=3DArial>If you are going through cleaning up, clean up to =
> a single=20
> domain, not a new subdomain. The one exception I could think of is if =
> say 90% of=20
> the users/machines were in one domain already. Then maybe you would =
> consider=20
> pulling things into that domain so you hit the least amount of =
> users/machines.=20
> Gets you closer to a collapsed environment with minimal work. But the =
> goal would=20
> still be to roll everything into the root if there are no other reasons =
> to keep=20
> the multiple domains. For 6000 users, I don't think I ever would have =
> thought to=20
> split it up in the first place but wasn't there in the room during the =
> initial=20
> planning. Someone may have had a certain set of things in mind that made =
>
> sense.</FONT></SPAN></DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D665324611-08072009><FONT =
> color=3D#0000ff=20
> size=3D2 face=3DArial></FONT></SPAN> </DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D665324611-08072009><FONT =
> color=3D#0000ff=20
> size=3D2 face=3DArial> joe</FONT> </SPAN></DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN =
> class=3D665324611-08072009></SPAN><FONT size=3D2=20
> face=3DArial><SPAN class=3D665324611-08072009></SPAN></FONT> </DIV>
> <DIV dir=3Dltr align=3Dleft><FONT size=3D2 =
> face=3DArial></FONT> </DIV>
> <DIV align=3Dleft>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D625444604-27012006><FONT =
> color=3D#0000ff=20
> size=3D2 face=3DArial>--</FONT></SPAN></DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D625444604-27012006><FONT =
> color=3D#0000ff=20
> size=3D2 face=3DArial>O'Reilly Active Directory Fourth Edition - <A=20
> title=3Dblocked::http://www.joeware.net/win/ad3e.htm=20
> href=3D <http://www.joeware.net/win/ad3e.htm=20%0Ahref=3D>"
> http://www.joeware.net/win/ad4e.htm">http://www.joeware.net/win/a=
> d4e.htm <http://www.joeware.net/win/a=%0Ad4e.htm>
> </A> </FONT></SPAN></DIV>
> <DIV dir=3Dltr align=3Dleft><SPAN class=3D625444604-27012006><FONT =
> color=3D#0000ff=20
> size=3D2 face=3DArial></FONT></SPAN> </DIV></DIV>
> <DIV> </DIV><BR>
> <DIV dir=3Dltr lang=3Den-us class=3DOutlookMessageHeader align=3Dleft>
> <HR tabIndex=3D-1>
> <FONT size=3D2 face=3DTahoma><B>From:</B> =
> activedir-owner@mail.activedir.org=20
> [mailto:activedir-owner@mail.activedir.org] <B>On Behalf Of </B>Brian=20
> Desmond<BR><B>Sent:</B> Tuesday, July 07, 2009 6:46 PM<BR><B>To:</B>=20
> activedir@mail.activedir.org<BR><B>Subject:</B> RE: [ActiveDir] =
> Revisiting the=20
> infamous topic of multiple child domains vs Single domain=20
> forest<BR></FONT><BR></DIV>
> <DIV></DIV>
> <DIV class=3DSection1>
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #000066; FONT-SIZE: =
> 11pt">Correct<o:p></o:p></SPAN></B></P>
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #000066; FONT-SIZE: =
> 11pt"><o:p> </o:p></SPAN></B></P>
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #000066; FONT-SIZE: =
> 11pt">Thanks,<o:p></o:p></SPAN></B></P>
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #000066; FONT-SIZE: =
> 11pt">Brian=20
> Desmond<o:p></o:p></SPAN></B></P>
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #000066; FONT-SIZE: =
> 11pt">brian@briandesmond.com<o:p></o:p></SPAN></B></P>
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #000066; FONT-SIZE: =
> 11pt"><o:p> </o:p></SPAN></B></P>
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #000066; FONT-SIZE: =
> 11pt">c -=20
> 312.731.3132<o:p></o:p></SPAN></B></P>
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #000066; FONT-SIZE: =
> 11pt"><o:p> </o:p></SPAN></B></P>
> <DIV=20
> style=3D"BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; =
> PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: =
> #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
> <P class=3DMsoNormal><B><SPAN=20
> style=3D"FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: =
> 10pt">From:</SPAN></B><SPAN=20
> style=3D"FONT-FAMILY: 'Tahoma','sans-serif'; FONT-SIZE: 10pt">=20
> activedir-owner@mail.activedir.org =
> [mailto:activedir-owner@mail.activedir.org]=20
> <B>On Behalf Of </B>Rick Sheikh<BR><B>Sent:</B> Tuesday, July 07, 2009 =
> 5:43=20
> PM<BR><B>To:</B> activedir@mail.activedir.org<BR><B>Subject:</B> Re: =
> [ActiveDir]=20
> Revisiting the infamous topic of multiple child domains vs Single domain =
>
> forest<o:p></o:p></SPAN></P></DIV>
> <P class=3DMsoNormal><o:p> </o:p></P>
> <P style=3D"MARGIN-BOTTOM: 12pt" class=3DMsoNormal>And yes hitting every =
> workstation=20
> in each domain to now roll it into the root would be really=20
> painful.<BR><BR>Brian, I assume you are still pretty solid on =
> single-domain=20
> forest as oppose to that <A =
> href=3D"http://CORP.root.int">CORP.root.int</A> (as=20
> 1+1) analogy I put forth ? You don't see any reason why I should NOT go =
> directly=20
> into root ?<BR><BR><BR><o:p></o:p></P>
> <DIV>
> <P class=3DMsoNormal>On Tue, Jul 7, 2009 at 5:36 PM, Rick Sheikh <<A=20
> href=3D"mailto:getshq@gmail.com">getshq@gmail.com</A>> =
> wrote:<o:p></o:p></P>
> <P class=3DMsoNormal>Thanks everyone and Brian yes,I do feel the same =
> about GCs=20
> sharing forest specific data to all DCs as all DCs are GCs. And I think =
> had=20
> there been a legal ramification in picture, this issue would have =
> arrived=20
> earlier as mentioned earlier this was a merger and one company had prior =
> been=20
> operating under single domain forest and had offices in Paris, London =
> and Madrid=20
> and some APAC regions as well. So I hope that is not a legal concern.but =
> I will=20
> check. And no the WAN pipes are pretty good too.<BR><BR>I am just trying =
> to=20
> gather as much info as possible to table these facts in front of the CIO =
> next=20
> week. When Exchange as messaging solution in picture, can a point of it =
> being=20
> simpler implementation in a consolidated single-domain forest be also =
> valid=20
> ?<BR><BR>Please pass on if any one has any case study or an article to=20
> share.<BR><BR>Thanks,<o:p></o:p></P>
> <DIV>
> <DIV>
> <P style=3D"MARGIN-BOTTOM: 12pt" class=3DMsoNormal><FONT color=3D#0000ff =
> size=3D2=20
> face=3DArial></FONT><BR><BR><o:p></o:p></P>
> <DIV>
> <P class=3DMsoNormal>On Tue, Jul 7, 2009 at 4:37 PM, Charlie Kaiser =
> <<A=20
> href=3D"mailto:charliek@golden-eagle.org"=20
> target=3D_blank>charliek@golden-eagle.org</A>> wrote:<o:p></o:p></P>
> <P class=3DMsoNormal>Yep. Thus the need for good =
> planning...<o:p></o:p></P>
> <DIV>
> <P class=3DMsoNormal><FONT color=3D#0000ff size=3D2=20
> face=3DArial></FONT><BR>***********************<BR>Charlie Kaiser<BR><A=20
> href=3D"mailto:charliek@golden-eagle.org"=20
> target=3D_blank>charliek@golden-eagle.org</A><BR>Kingman,=20
> AZ<BR>***********************<BR><BR>> -----Original =
> Message-----<BR>>=20
> From: <A href=3D"mailto:activedir-owner@mail.activedir.org"=20
> target=3D_blank>activedir-owner@mail.activedir.org</A><o:p></o:p></P></DI=
> V>
> <DIV>
> <P class=3DMsoNormal>> [mailto:<A=20
> href=3D"mailto:activedir-owner@mail.activedir.org"=20
> target=3D_blank>activedir-owner@mail.activedir.org</A>] On Behalf Of =
> Brian=20
> Desmond<BR>> Sent: Tuesday, July 07, 2009 1:56 PM<BR>> To: <A=20
> href=3D"mailto:activedir@mail.activedir.org"=20
> target=3D_blank>activedir@mail.activedir.org</A><BR>> Subject: RE: =
> [ActiveDir]=20
> Revisiting the infamous topic of<BR>> multiple child domains vs =
> Single domain=20
> forest<BR>><o:p></o:p></P></DIV>
> <DIV>
> <DIV>
> <P style=3D"MARGIN-BOTTOM: 12pt" class=3DMsoNormal>> Global Catalog =
> leaks the=20
> data either way depending what the<BR>> definition of the "data"=20
> is.<o:p></o:p></P></DIV></DIV></DIV>
> <P class=3DMsoNormal><o:p> </o:p></P></DIV></DIV></DIV>
> <P class=3DMsoNormal><o:p> </o:p></P></DIV></BODY></HTML>
>
> ------=_NextPart_000_0B54_01C9FFA0.D9CF6DF0--
>
>
| | | |
|
|