Re: 2003 AD upgrade and consolidation

"Ken Manohar" <KenManohar@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:99B1052D-38B5-4112-8EFF-A1AA0AEEE418@xxxxxxxxxxxxxxxx
Hi Herb,

Thanks for taking the time to trash this out. OK maybe I should start with
the business case. A conglomerate has a number of subisdaries, and they
continually accquire new companies. Right now, each subsidary has there
own
network (Windows 2000 or 2003) and operates autonomously.

Do they share resources across companies?

IF NOT then likely they shouldn't be the same forest.

There is a need to
consolidate all subsidaries for centralized management and upgrade all
networks to Windows 2003. New subsidaries need to have access to resources
to
this new network.

What sort of centralized management? Each domain will
have its own Admins and GPOs don't inherit across domain
boundaries (trees) so what do you expect to work for you
here?

I understand your point about having multiple domain controllers in case
one
goes down. Once the AD structure is fleshed out, multiple domain
controllers
will be assigned to each domain. For now we'll work with each domain
having
one DC.

Ok, but remember, loose the parent lose the children (and root
loses all.)

The plan is to create a forest root domain (abc.local). I understand how
the
forest root can also be a tree root, however there will be no child
domains
for abc.local.

Then why will this domain exist?

There should be a clear (set of) reason(s) for every domain.

A new/second tree root will be created (abc.com). Each
existing subsidary will be made a child domain off this tree root
(sub1.abc.com, sub2.abc.com, etc).

This part (mostly) makes sense (except the part about starting
a new tree for some unknown reason. (Rather than just starting
with the forest with this tree etc.)

When a new company is accquired, their network can be a new tree root in
the
abc.local forest. Or a trust relationship can be set up between their
network
and abc.local.

What users and resources would be sharing across "new
domain-company" and abc.local?

Later, when their network is compliant to the corporate
policies, it can be made a child domain of abc.com (newsub.abc.com).

No, it cannot. It would need to be re-installed to move to the
forest.

That is how the new AD structure should look using a domain controller for
each domain (abc.local, abc.com, sub1.abc.com, sub2.abc.com, etc). Once
the
DC's are built and AD structure created, the task will be to migrate each
subsidary domain to their new domain (sub1.abc.com, sub2.abc.com, etc).

It's likely a very poor plan and the design of the
final forest looks flaky too.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Please critique,
Ken


.

Relevant Pages

  • Re: 2003 AD upgrade and consolidation
    ... They have a number of subsidaries, each with their own AD forest. ... The client would like to create one Forest Root and one Tree Root. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Newbie questions about pruning privet hedge
    ... I make decisions based on tree biology when possible regarding forest health ... I understand that you have a background in wood products, ...
    (rec.gardens)
  • logging comment
    ... environmental disgrace; it had a huge, huge economic impact,". ... Beware of so-called forest experts who do not understand of tree ... biology. ...
    (rec.gardens)
  • Re: AD Forest Split Procedure
    ... Exchange data was exported, Exchange ... Two business originally one owner, one domain, one forest. ... cleanup; about a two or three days each. ... one DC from the other tree and of course DC's ...
    (microsoft.public.windows.server.migration)
  • Re: Landscaping Shrubs: Spruce Up Your Yard
    ... What's important is that tree biology is considered when making decisions on ... the studies drifted toward wood ... In 1907 the lab was discontinued and the Forest Products ...
    (rec.gardens)
Loading