Re: Best Practice?
From: Herb Martin (news_at_LearnQuick.com)
Date: 02/10/05
- Next message: Burtsev Dmitry: "Re: Domain Rights"
- Previous message: blazer1992: "Best Practice?"
- In reply to: blazer1992: "Best Practice?"
- Next in thread: blazer1992: "Re: Best Practice?"
- Reply: blazer1992: "Re: Best Practice?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 23:28:30 -0600
"blazer1992" <blazer1992@discussions.microsoft.com> wrote in message
news:8349081F-0841-4244-9214-31F978C0161D@microsoft.com...
> Hi All,
> Our bank system is going from Novell to all Win2003 servers. We have 7
> branches and the main branch. I was wondering if I should have 1 forest
with
> 8 domains or what is the best practice for AD in this situation.
[Not enough info about your business etc.]
Is your bank all one business? If yes, almost certainly one Forest
and a minor argument for 1 Domain.
Is your bank 100,000 of users and machines? If no (likely) the
there probably are no overriding reasons for changing the
guess in the previous 1 Forest, probably 1 domain.
Do you have any subdivisions that are insisting on separating
control (multiple domains MAYBE) or unwilling to ever
share resource (more than one forest)? If no, then ignore this.
Note: Simple delegation can be controlled by OUs so in the
previous paragraph we are discussing true separate of
control or complete autonomy.
Sites will control replication at the branches so likely one
domain will server you just fine.
1 Forest, 1 domain (or 2*), 8 Sites.
Some people like an "IT/admin" domain but I have never
been sold on the general usefulness of this nor on that
it is cost effective in 99% of the cases. That is what OUs
are for IN GENERAL.
But this is only a guess.
> All the
> banks are connected by routers with T1's or some kind of circuit, 56K,
128K.
> No VPN's and some users will be going to differant branches and will need
to
> login.
Argues for one Forest certainly. And one domain is strengthened
a BIT.
> I have a outside consolting service helping me but I wanted some
> advise that didn't come from them. Thanks in advance for your help.
You can pay me <grin> for one day to review their proposals or to
sit in on some of the design. (I am expensive so you can also
just keep asking questions and I will try to answer time available.)
BTW, Domain design is easy -- they SHOULD be spending
most of their attention on the OU, Group, and Group Policy
Design.
OU design is easy to hard depending on your need primarily
for two things:
1) Delegating authority
2) Linking Group Policy (for different management of users
or computer.)
If these have no conflicts OU design moves toward easy, and
if their are conflicts this may tend toward hard(er.)
Group design is usually ignored or given short shrift by
amateurs but is probably as important as any of the above
if you have more than a few hundred to a thousand users &
computers.
After 1000 or so, good initial Group design will save you
untold hours later AND/OR allow for much better security
with the same level of effort.
-- Herb Martin
- Next message: Burtsev Dmitry: "Re: Domain Rights"
- Previous message: blazer1992: "Best Practice?"
- In reply to: blazer1992: "Best Practice?"
- Next in thread: blazer1992: "Re: Best Practice?"
- Reply: blazer1992: "Re: Best Practice?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
