Information or websites on designing an Enterprise-size tree

Discussion in 'Active Directory' started by Bill Bradley, Nov 17, 2006.

  1. Bill Bradley

    Bill Bradley Guest

    I see where Microsoft has created a site for "mid-level businesses" of up to
    500 servers. We need to design and setup a tree for 60 K users and 80 K
    computers--does anyone know of resources to help design a tree of that size?

    Bill Bradley, Nov 17, 2006
    1. Advertisements

  2. If a corporation is looking to spend the kind of money that this network is
    going to cost, they should be hiring a consultant (A very good one) to
    assist. This isn't a job for someone to learn as they go.
    Paul Bergson [MVP-DS], Nov 17, 2006
    1. Advertisements

  3. Bill Bradley

    Herb Martin Guest

    Paul is absolutely correct.

    And this is further confirmed by the term "tree" used
    above: Tree is a technical term in AD and is (practically)
    independent of the number of users, being decided solely
    by the number of domain/zone names to be used in the

    One starts with the number of Forests and Domains,
    and trees will take care of themselves.

    Many companies with 80k users might need only one
    domain or almost always a small number of domains
    in a single tree, or perhaps a could of domains in one
    to a few (small number) of forests.

    Designing domains (the count etc) is very easy to
    describe (takes about one page of dense text and
    10 minutes or so to explain). Forests are even
    easier, but that won't make a beginner able to do
    it without error for 80K users on the first try.
    Herb Martin, Nov 17, 2006
  4. Bill Bradley

    Bill Bradley Guest

    I completely agree, and, used the word "Tree" on purpose, as, that's the
    term used by "those in charge".

    Just to give you some insight on what's being attempted, 5 existing Domains
    (out of about 25), within a single Forest are being required to
    migrate/merge into 1 large Domain. So, while not COMPLETELY starting from
    scratch, the idea is to try and create a cleaner Domain, using lessons

    We were looking for information on possible problem areas (for instance,
    Group setup or replication time may work fine with a size of 20 K users,
    but, with 80 K users, flaws in the topology may be more apparent.

    I know that, technically, ADS can handle millions of objects, but, in
    practice, I'm sure there are some tips & tricks.

    So...besides a consultant, which was not made available to us, any info on
    this size and scale of ADS available, via web or book or magazine?

    Bill Bradley, Nov 17, 2006
  5. My first concern would be security. I would try and find one of the best
    (Steve Riley/Jesper Johanasen or someone similar, not sure if they consult
    but doubt it). So for starters you could go through either Riley/Jesperson
    or Microsoft's security guide and there recommendations, after all if it
    isn't secure what good is it?

    Paul Bergson [MVP-DS], Nov 17, 2006
  6. Bill Bradley

    Herb Martin Guest

    Then the main issue is Migrations? ADMTv3 is your friend for that.
    AD can effectively replicate millions of users but this
    is dependent mostly on the quality and speed of the WAN

    If have been using domains to control replication (with 5
    domains) you might not even see a difference or you might
    see problems if you weren't replicating (much) across
    WAN lines with the multi-domain design.
    Know your WANS. Make sure you Sites and Site Links are
    setup intelligently would be the place to start.

    Some of this has to do with turnover also. If the organization is
    very stable then this reduces replication but if the changes are
    unusually large that hurts.
    Paul gave you some leads on articles (this thread) and there
    are many cases studies and video/audio presentations on the
    MS web site.

    It is impractical to think that with this size deployment there
    was no opportunity to seek outside expert help. There is a lot
    of money invested in your systems, and presumably it is worth
    a lot of money to the BUSINESS to get this right.

    Herb Martin, MCSE, MVP
    Accelerated MCSE
    [phone number on web site]
    Herb Martin, Nov 17, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.