Re: Reorranging a Domain Name Space
- From: Alex Anderson <AlexAnderson@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 30 Jan 2007 08:31:01 -0800
Herb,
Thank you for the information, critique and honest criticism.
So basically what your saying is that having more domains to manage brings
more overhead and it doesn't serve anyone any benefit? One thing that I'm
going to have a problem with is the default domain policy. And maybe you can
tell me how to get around it? Correct me if I'm wrong, but when it comes to
the password policy that can only be set rather effective through the default
policy. So at my new site where I want to bring up more DCs, how can I
differentiate between my current password policy and the new? Therefore,
that was my thought to bring up a new domain strickly for that site and
create domain trusts between my existing domain and the new.
Will using UPN suffixes get around this? What would be my best course of
action?
"Herb Martin" wrote:
"Alex Anderson" <AlexAnderson@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:D844B813-F38E-4DC8-A8D5-41E13B005483@xxxxxxxxxxxxxxxx
Sorry for the delay in response - hopefully I didn't leave the both of you
on your toes of anticipation. smirk.
Well, I did have the thread marked in red awaiting your next
question. <GRIN>
Background:
Here's what I currently have configured as far our domain. Currently we
two sites although the first domain in the forest is at one site and at
the other site we have two domain controllers acting as a primary and
backup. I do understand that's not the terminology to use since that was
NT 4.0, but they are more or less set up in that fashion.
They are just DCs. When you say "Primary" and "Backup" we
start wondering about your experience level, so if you know the
right terms just use them. (Keeps us from explaining things you
likely already understand.)
We have one domain name called my.domain.com and everyone at each site
logs into "MY" domain at client's workstations.
They can also login to "my.domain.com" just as easily (except
for typing a few extra letters.)
What I'm wanting to do:
Since we're starting to take on more sites, I would think it would be
appropriate for each site to have FSMO roles and a different domain name
(i.e. MY2) to log into.
Sites don't have "domain names". What you are describing
are really more DOMAINS.
Do you really want more domains just so the names will be
different?
How does that help anyone?
I suppose you could create more "User Principal Name" suffixes
and set each area's users to a different UPN but most people
want to go the other way and use a single UPN suffix for everyone
from DIFFERENT domains.
UPN suffixes are created in AD Domains and Trusts and set
on user accounts using AD Users/Computers -- works with
multiply selected users all at once -- or by writing a script.
I would like to find out with my current setup (All DC's are Windows 2003
in native mode) how to achieve this?
Irrelevant.
I know that no one mines people holding their hand, but if there are some
howto's or Microsoft's wonderful, helpful, and most importantly intuitive
whitepapers (being facetious) I can be pointed to - I would be most
gracious.
Microsoft has EXCELLENT documentation, both built into every
system, and on their web site -- it's amazing how many people
just never read it and then complain about its supposed deficiencies.
BUT we have to know what you really want and all I see is
that you want "more domains".
It's probably such a bad idea (for having more 'names' alone)
that I hesitate to help you with that, but you can just create more
domains if you really wish so there is really nothing much to
tell you beyond "create more domains."
[You will need at least one DC per site (if users visit or logon
there) per domain and preferable two or more.]
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
- Prev by Date: Re: Domain account - rights to install apps on all workstation in
- Next by Date: Re: Must I run ADPREP from the CD?
- Previous by thread: Re: Must I run ADPREP from the CD?
- Next by thread: Disadvantages of working at the forest level?
- Index(es):
Relevant Pages
|
Loading
