Re: AD Consolidation Question
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Sat, 17 Mar 2007 03:55:09 +0100
not really correct....
10 forests all trusting each other = N*(N-1) = 10*(10-1)=90 trusts
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:up%23V$9UYHHA.588@xxxxxxxxxxxxxxxxxxxxxxx
"Tim" <donotemail> wrote in message
news:OU4cGsTYHHA.2320@xxxxxxxxxxxxxxxxxxxxxxx
My organization currently has ~10 forests, each holding a single domain.
Each forest represents a seperate location across the US and there are
trusts between all forests.
You can't really mean there are 9x8x7x6x5x4x3x2x2 == 725,760 trusts?
(The 10th domain would have 2[way] trusts with the other 9, then 9th with
the other 8 etc.)
We are looking to consolidate to a single forest / single domain Active
Directory infrastructure, but also add another site that will also need
to hold a DC to the new forest / domain
The last is trivial. Just add the Site, Subnet(s), Sitelink, and either
install
the DC there or move it their (both physically and in Sites and Services.)
- but
replicate over a dedicated link to the internet vs. a P2P WAN link.
Is it best to stick with the single forest / single domain concept for
this new site?
Technically we cannot know from the info given but the odds are immense
that this should be your plan.
Am I wrong in thinking that encapsalating active directory over IPsec
(ESP) would work in this scenario?
Some type of VPN, whether it is an L2TP/IPSec or a raw IPSec tunnel
(router to router) would likely be best.
We do have a PKI and I have read the articles per AD networks segmented
by firewalls and replication over firewalls, but am seeking clarity for
this unique site.
If you use a VPN and don't filter on those VPN interfaces the info on
replicating
over a "firewall" won't be needed. That info is for when you must
penetrate
the filters in the firewall but a VPN can allow you to protect from all
outside
interference while choosing NOT to filter between the locations.
Any help is appreciated.
You will also want to use ADMT to migrate those other domain/forests to
the
current one if you are going to consolidate.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
.
- Follow-Ups:
- Re: AD Consolidation Question
- From: Herb Martin
- Re: AD Consolidation Question
- References:
- AD Consolidation Question
- From: Tim
- Re: AD Consolidation Question
- From: Herb Martin
- AD Consolidation Question
- Prev by Date: Re: save sID during migrating from Samba to ADS to sIDHistory
- Next by Date: Re: AD Consolidation Question
- Previous by thread: Re: AD Consolidation Question
- Next by thread: Re: AD Consolidation Question
- Index(es):
Relevant Pages
|
