AD domain structure - a bit concerned now!
- From: "Matthew M \(UK\)" <mattee76@xxxxxxxxxxxxxxxx>
- Date: Thu, 8 Mar 2007 12:29:22 -0000
Hi,
Im really just looking at getting an idea of what other people may have done when in our situation? Your ideas would be appreciated.
We currently have the following new windows 2003 domain structure (root with sub domains for each country), we also have another forest where the bulk of our UK users (1500 users) exist, the new forest has about 250 users (expanding quickly). We will be moving all the resources from the current forest to a subdomain in the new forest this year sometime.
ALL the information below relates to the new forest.
New forest looks like:
domain.local (root domain)
eucountry1.domain.local (EU Country 1 - currently 0 users, going to 1500)
eucountry2.domain.local (EU Country 2 - currently 50 users, going to 150)
eucountry3.domain.local (EU Country 3 - not deployed yet, start with 20 users, going to 250)
apaccountry1.domain.local (APAC country 1 - currently 200 users - staying static)
qa.domain.local (Domain for QA environment)
The original idea was to have a subdomain for each country, the original reasons for this being:
1. Isolate replication - most of these sites have pretty limited bandwidth
2. Localised administration of domains - i know that we could do this via OUs, but we have far reaching sites with local admins, who by their nature want domain admin access. We have some level of trust between the admins, so are not overly concerned with any elevation of privaleges or them doing things outside of their own domain.
3. Individual account policies - to be honest this was possibly the main reason for multiple domains, and was a prereq put down by our security department. Hmm, how things change, now this is not a major concern, and we can have similar accout policies across the board.
My concern now is that it may have been over designed, with hindsight, i would have preferred to have a single subdomain for each continent, then we could have OUs for countries, etc etc.
The problem we have now is how do we move forward? I would like to rename our local new subdomain and then move the other EU domain resources into this.
We have the following already placed into the new forest....
eucountry1.domain.local (EU Country 1 - currently 0 users, going to 1500)
- Localised admins (this would be our team)
- Exchange 2003 installed - being used for IIFP and InterOrg replication.
eucountry2.domain.local (EU Country 2 - currently 50 users, going to 150)
- No local admins, delegated access to desktop guys
- No exchange, they are using the other forest exchange resources.
- Users and computer accounts have been created migrated.
eucountry3.domain.local (EU Country 3 - not deployed yet, start with 20 users, going to 250)
- Localised admins, full local management of all resources
- As meantioned this has not been created, but i am in two minds wether we continue with the agreed apon design, or change the design midway.
apaccountry1.domain.local (APAC country 1 - currently 200 users - expecting rapid growth)
- Localised admins
- Local exchange/file etc etc - full local management
qa.domain.local (Domain for QA environment)
Thanks
Matthew
.
- Follow-Ups:
- Re: AD domain structure - a bit concerned now!
- From: Anthony
- Re: AD domain structure - a bit concerned now!
- From: Paul Williams [MVP]
- Re: AD domain structure - a bit concerned now!
- From: Herb Martin
- Re: AD domain structure - a bit concerned now!
- Prev by Date: Re: Web Based Administration In Ad
- Next by Date: Re: AD domain structure - a bit concerned now!
- Previous by thread: User Limit of a shared folder
- Next by thread: Re: AD domain structure - a bit concerned now!
- Index(es):
Relevant Pages
|
|
