Parent / Child Domains / namespace

Discussion in 'Active Directory' started by ChrisNA662, Apr 13, 2005.

  1. ChrisNA662

    ChrisNA662 Guest

    I am looking at setting up a an Active Directory system, and I am trying to
    figure out something. I have read that most recommended creating a
    "mysite.com" as your forest and domain and making a "corp.mysite.com" for
    your corporate office and one for each extra external office. At what size
    of a setup would this be recommended?

    I have 20 locations total (including corporate), however only corporate
    houses the servers. The branch locations are so small that it isn't worth
    the cost of putting a server at each one. However we may choose this road
    later, so I want to implement this so we can easily go that route later.

    Thanks!
     
    ChrisNA662, Apr 13, 2005
    #1
    1. Advertisements

  2. ChrisNA662

    ptwilliams Guest

    I have read that most recommended creating a "mysite.com" as your forest
    This is not good information. This is a bad design idea. The best
    practices (and experience) dictate that fewer domains as possible is best.
    Also, try and make your directory as flat as possible.

    There are only a small number of reasons for implementing additional
    domains, the rest are usually political and for the wrong reasons.
    Differing security settings such as password policies, kerberos policies,
    etc. are one; governing laws are another, i.e. a certain country requires
    that it's data must be held in a domain in this country, etc.

    Security, via the all powerful accounts only residing in the root is no
    obsolete due to elevation attacks being quite easy.

    In general, you should try and have a single-domain forest. Obviously,
    there are often needs for an empty root and a small number of child domains,
    but you should not be looking at a domain per site.

    One domain, twenty sites. If you increase the number of users at a site
    later, you can add a DC to that site (for the existing domain) if necessary.
    Logically configuring your directory into sites is a way of reducing WAN
    traffic, etc. This is best.
     
    ptwilliams, Apr 13, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.