RE: Windows Server 2003 Servicing Multiple AD Domains

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Mike:

Changing your topology to add separate domains is not a huge performance
issue, given the proper planning and bandwidth considerations. When security
is an issue, a design that you may want to consider it to create a "resource
domain" which will house your Exchange and/or other file and application
servers. This model increases security for the entire forest, albeit by
increasing your administration overhead as well. I would strongly recommend
re-visiting your security group design as well, since managing SG's in a
multi-domain environment is different from single domain model. Review the
SG nesting and ensure that groups are set up with proper local, domain and
global groups.

You may want to use these link for good info and gotcha's for the design:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/bpaddsgn.mspx#EHAA
AD Domain design alternatives:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/w2kdomar.mspx

-Allen Firouz

"Mike Pomerleau" wrote:

> I have a new Windows 2003 Active Directory with an empty Root Domain and a
> Common Child Domain containing 15,000 user and computer accounts from 5
> separate departments in an OU structure. There are 5,000 users and computers
> at HQ and about 2,000 users and computers ateach of the 5 regional office
> areas all connected by 10 MB ATM. There is one common Exchange Organization
> servicing all the users. We are planning on setting up a shared Windows 2003
> File & Print Storage Server at the principal office in each region as well as
> HQ.
>
> We have been getting pressure from each of the 5 Departments to move them
> into their own Child Domain for increased “security” (i.e. meet HIPA
> concerns) and allow them to deploy their own separate non-shared Windows 2003
> Server. All 5 departments are spread across HQ and the 5 regions.
>
> Is there any performance or access issues having users connecting across
> Domains via transitive trusts to a common shared Windows 2003 File & Print
> Storage Server for Home Directories and other shares?
>
> How can we address the Departments “security” concerns if we maintain the
> Common Child Domain and deploy a shared Windows 2003 File & Print Storage
> Server?
>
.

Relevant Pages

  • Re: Security issue with MS Exchange and Windows 2003 Server
    ... My design peoples will not accept either accept our IT instruction until one ... there are security issue caused by the staffs but they hire me to patch ... >> I believe yoy are qualified to steer him in the RIGHT direction for MS Exchange Server AV ... >> He uses a web site and Bowseing to show protection. ...
    (microsoft.public.security.virus)
  • Re: how can I make money off my ultimate security solution for servers
    ... You can go to a company that specializes in security or Windows ... Joe Richards Microsoft MVP Windows Server Directory Services ... This is not just my opinion, I have shared this design with my friends ...
    (microsoft.public.windows.server.security)
  • Re: how can I make money off my ultimate security solution for servers
    ... completely immune to viruses, security vulnerabilities, hackers and it ... I fully expect that in a few years every important server in the world ... This is not just my opinion, I have shared this design with my friends ... that I have a awesome security solution, I don't know what to do with it. ...
    (microsoft.public.windows.server.security)
  • Re: domain controller advise
    ... your web servr should be on one of your member servers. ... For security and performance purposes, ... them on server other then the DC ... in any AD design. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Security and EOL issues
    ... OS software resources are designed that reserved ram and disk space among other resources, to reflect what current hardware size is available. ... (There was a security patch a few years ago that could not be applied to NT4 as it required more resources then NT4 could provide. ... Installing air bags requires that the automobile manufacturer design, test, ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)