Re: Windows 2000 Multiple Domain Trees in a Single Forest

From: ots (therubysquare_at_hotmail.com)
Date: 06/03/04 

Date: Thu, 03 Jun 2004 16:41:09 GMT

Hi Marin,

First and foremost thank you for taking the time to respond to my
post.

I have taken the time to read the deployment kit, however as always I
seem to find that the instructional material speaks to the possibility
of Multiple domians trees in and single forest, but never digs into it
deeper.

Similarily, my MCSE 2000 books also refer to the concepts, but do not
go so far as to provide methodology on implementation.

I think I am struggling as to how I would actually create this single
forest with 3 domains in AD; the concept is clear, but I can't find
where to implement.

I actaully have 3 registered domains, which I administer together, but
are seperate entities (webspace, e-mail, file stores). I also provide
hosting to several other domains on our network.

Previously I used FreeBSD to host other domains, and used my Windows
AD in a single domain tree model for my corporate domain.

Then one day a couple of weeks ago I thought to myself, wouldn't it be
nice to implement our network in AD / Win2k entirely to take advantage
of AD centralized administration, disk quota's, OWA, etc for all
domains?

I am a little concerned that the only way I have found to accomplish
this task is by implementing a new PDC for each domain, and assigning
trusts and delegates. In terms of scalability, this could cost us too
many systems, when with neglegable network traffic, these services
could, and should be combined to one PDC in my opinion.

So I've been doing some due dilligence in attempts to figure out how
this is done. Thank you again. :)

I have managed to add A records, and IIS sites for hosting clients and
our domains, however I am realizing now that Exchange doesn't want to
play along. ;)

As you are probably well aware, Exchange walks hand in hand with AD;
something I'm not entirely used to trying to get around.

I would ultimately like to configure POP3, IMAP and SMTP support for
our domains, and to be accessed remotely by hosting clients.

So I hope I have offered enough information to you. I would appreciate
your feedback.

Best Regards,

Owen T. Soroke
therubysquare@hotmail.com

On Thu, 3 Jun 2004 11:55:03 -0400, Marin Marinov <mlmarinov@askme.ca>
wrote:

><anip>
>Hi Owen,
>I'd suggest you review the 'Designing and Deploying Directory and
>Security Services' part of the Microsoft Windows Server 2003 Deployment
>Kit:
>
>http://www.microsoft.com/windowsserver2003/techinfo/reskit/deploykit.msp
>x
>
>Since in your case your not looking for service isolation, i.e. Bob will
>administer the whole forest the best design would be creating a single
>forest with 3 domains which will be in 3 different trees (as you already
>observed ;). Having a single forest means having a single schema and a
>common Global Catalog and Exchange extends the schema and uses the GC
>extensively which will give you the option to have a common Exchange
>server for all users.
>
>Access to resources is governed by security permissions at the resource
>itself so you can restrict it as you like. If you don't give anyone
>except Cathy access to a file share, then only she can use it.
>
>However, think very well whether you need more than one domain. Why do
>you think you need three domains? It's a not a preferred scenario and
>you must have very specific needs to justify this. Again, by properly
>securing resources with permissions and configuring the appropriate
>groups and privileges you can achieve what you need with a single
>domain. What is your end goal?
>
>HTH

Relevant Pages

  • Re: Exchange 5.5 to 2003 resources
    ... ive alreday completed the Ad deployment will take a look at the SAMS ... > Two resources to pass on to you... ... > exchange 2003 upgrade. ... > directory and maintain the sid history for an easy upgrade. ...
    (microsoft.public.exchange.setup)
  • Re: Company splitting -- need domain advice
    ... Jim, yes there is a single forest for all offices, however we have ... Why would they lose access to local network resources is ... >> Exchange server. ...
    (microsoft.public.win2000.active_directory)
  • Multisite Design Questions with Poor Connectivity
    ... A single-server deployment test has failed miserably with Outlook taking several minutes to send a single message with a small attachment using "RPC over HTTPS". ... With a single public domain name, would all mail from the Internet need to arrive at a single point and then get distributed by Exchange? ... With multiple public domains, would users still be able to take advantage of Calendar and Task sharing across sites? ...
    (microsoft.public.exchange.design)
  • Re: AD Design Gurus
    ... different exchange servers the should use different domain. ... > usually work from a basic assumption of using a single forest starting ... > and then justifing using more than one. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Design Gurus
    ... some good deployment design for your Active Directory. ... child domain design with in a single forest may be a good design) ... Upgrade and migration to Windows Server 2003. ... Deployment of Exchange 2003, here should my personally advice be to re-build ...
    (microsoft.public.windows.server.active_directory)