Re: Site link and domain infrastrure
- From: "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Wed, 15 Mar 2006 07:55:50 -0600
Inline
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com
This posting is provided "AS IS" with no warranties, and confers no rights.
"Simon" <Simon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D1FB16F7-77E0-41AC-8D05-3859290D6519@xxxxxxxxxxxxxxxx
In our existing environment, we have using single forest with multiple
domains of windows 2000 infrastructure. However, in this approach, we have
found that we have difficulties to manage all the domain controllers at
different countries since they have their own domain admin right to do
what
they like. Therefore, we would like to migrate the windows 2000 to windows
2003 so as to centralize all the permissions to some of the administrators
in
the enterprise rather than their local administrators.
For the new infrastructure, I will suggest using single forest with
multiple
domains infrastructure but for the child domain, i will only have one
child
domain. For all the other countries, we will still have domain controllers
in
their sites, but these are the additional domain controllers of the child
domain only. That means they are at least 2 additional DC for each sites.
Total it's around 15 additional DC for that child domain and we will only
grant the permission of the Organizational Unit(OU) for that local
administrators to view the configuration such as users/group accounts
properties. Is that possible or any other suggestions? or still remain the
same infrastructure as before(one root domain and many child domains)?
Unless you have a specific need, why not just set up a single domain within
your forest. At each site provide two DC's for domain functions. I don't
know the size or layout of your organization so will go with your 2 as you
have specified. You can then delegate admin functions to each local it
represenative at either the site or ou level.
In my point of view, I would concern about the changes of the domain
controllers of each site. Is that right, for example, if one of the OU's
users is likely to change some properties of the account, then it will
replicate to all the domain controllers that in those countries since they
are in the same level?
Any object changes made to the domain partition within AD (Including users)
will be replicated to all dc's within the domain.
One more thing I would like to ask is the site link between these
countries,
if all the main sites connected to the data centre is a T1 links, is that
the
domain controllers at each site of each country will also need to use site
link to configure it to the data center?
I'm not clear if you are asking if a seperate T1 is needed for the dc's but
they will all use the same T1 line.
Moreover, there are some sub-sites in some main countries, however, they
may
only get a (64K WAN link) connected to the main country first and then
route
to the data center? Is that right I need to create a site link that is
contain the main country and data center so that KCC errors will not be
occurred? Is there any replication traffic that I need to concern??
You don't need to have a hub and spoke model, which is to say all sites do
not have to be connected directly to the main site, they can be daisy
chained together and the KCC will define the proper topology for
replication. You may want to evaluate how often replication is occuring if
you only have a 64k link, this can be configured at the site level. This is
pretty small, depending on the size of your AD you should consider upgrading
this link
Thanks very much.
.
- Follow-Ups:
- Re: Site link and domain infrastrure
- From: Simon
- Re: Site link and domain infrastrure
- Prev by Date: Re: Logistics of upgrading NT4 Domain to AD 2003 using in-place upgrade
- Next by Date: Re: Existing Domain to Child Domain
- Previous by thread: PDC role
- Next by thread: Re: Site link and domain infrastrure
- Index(es):
Relevant Pages
|
