Re: Windows 2000 Multiple Domain Trees in a Single Forest
From: ots (therubysquare_at_hotmail.com)
Date: Thu, 03 Jun 2004 16:41:09 GMT
First and foremost thank you for taking the time to respond to my
I have taken the time to read the deployment kit, however as always I
seem to find that the instructional material speaks to the possibility
of Multiple domians trees in and single forest, but never digs into it
Similarily, my MCSE 2000 books also refer to the concepts, but do not
go so far as to provide methodology on implementation.
I think I am struggling as to how I would actually create this single
forest with 3 domains in AD; the concept is clear, but I can't find
where to implement.
I actaully have 3 registered domains, which I administer together, but
are seperate entities (webspace, e-mail, file stores). I also provide
hosting to several other domains on our network.
Previously I used FreeBSD to host other domains, and used my Windows
AD in a single domain tree model for my corporate domain.
Then one day a couple of weeks ago I thought to myself, wouldn't it be
nice to implement our network in AD / Win2k entirely to take advantage
of AD centralized administration, disk quota's, OWA, etc for all
I am a little concerned that the only way I have found to accomplish
this task is by implementing a new PDC for each domain, and assigning
trusts and delegates. In terms of scalability, this could cost us too
many systems, when with neglegable network traffic, these services
could, and should be combined to one PDC in my opinion.
So I've been doing some due dilligence in attempts to figure out how
this is done. Thank you again. :)
I have managed to add A records, and IIS sites for hosting clients and
our domains, however I am realizing now that Exchange doesn't want to
play along. ;)
As you are probably well aware, Exchange walks hand in hand with AD;
something I'm not entirely used to trying to get around.
I would ultimately like to configure POP3, IMAP and SMTP support for
our domains, and to be accessed remotely by hosting clients.
So I hope I have offered enough information to you. I would appreciate
Owen T. Soroke
On Thu, 3 Jun 2004 11:55:03 -0400, Marin Marinov <firstname.lastname@example.org>
>I'd suggest you review the 'Designing and Deploying Directory and
>Security Services' part of the Microsoft Windows Server 2003 Deployment
>Since in your case your not looking for service isolation, i.e. Bob will
>administer the whole forest the best design would be creating a single
>forest with 3 domains which will be in 3 different trees (as you already
>observed ;). Having a single forest means having a single schema and a
>common Global Catalog and Exchange extends the schema and uses the GC
>extensively which will give you the option to have a common Exchange
>server for all users.
>Access to resources is governed by security permissions at the resource
>itself so you can restrict it as you like. If you don't give anyone
>except Cathy access to a file share, then only she can use it.
>However, think very well whether you need more than one domain. Why do
>you think you need three domains? It's a not a preferred scenario and
>you must have very specific needs to justify this. Again, by properly
>securing resources with permissions and configuring the appropriate
>groups and privileges you can achieve what you need with a single
>domain. What is your end goal?