Re: Place holder root domain advantage
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Fri, 8 Aug 2008 07:47:25 -0500
That is the recommend course strategy, but to be honest we don't follow
that. I don't know if it was security related or just the fact you need to
be able to manage dns and not expose your internal boxes ip addresses, which
we do both.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"jacksors" <jacksors@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:18547956-7C98-47CB-8982-22440B57271D@xxxxxxxxxxxxxxxx
Paul,
I have a follow up question. Old best practice said to not use your
routeable internet domain name as the domain for your forest root domain.
Is
that still a best practice or do to enhanced security does that no longer
matter as well?
Thanks.
"Paul Bergson [MVP-DS]" wrote:
If I recall correctly it started with the release of AD (2000).
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"jacksors" <jacksors@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8E3E3EA0-B153-42EF-A814-1FFCD6D713AF@xxxxxxxxxxxxxxxx
Thanks Paul. What AD version prompted this best practice change?
"Paul Bergson [MVP-DS]" wrote:
This is no longer a recommended strategy. Microsoft now recommends to
keep
it as simple as possible with as few domains as your enterprise can
use.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Randy Jackson" <jacksors@xxxxxxxxx> wrote in message
news:O9fddT29IHA.4004@xxxxxxxxxxxxxxxxxxxxxxx
I've been struggling with a domain design to choose. I've always
read
that
it is best practice design to create an empty place holder root
domain
to
hold the enterprise admin group and to hold the forest schema
operations
role. Then have another domain to hold all users/groups/computers.
The
alternative being one domain, that holds all of the above.
There is obviously additional hardware costs associated with the
empty
place holder domain, but there isn't going to be much administrative
overhead since the domain is going to me basically unused.
What are the underlying reasons why the place holder root domain is
setup
and should this domain design be favored in a large enterprise
organization vs the single domain model?
Thank you.
.
- Follow-Ups:
- Re: Place holder root domain advantage
- From: jacksors
- Re: Place holder root domain advantage
- References:
- Place holder root domain advantage
- From: Randy Jackson
- Re: Place holder root domain advantage
- From: Paul Bergson [MVP-DS]
- Re: Place holder root domain advantage
- From: jacksors
- Re: Place holder root domain advantage
- From: Paul Bergson [MVP-DS]
- Re: Place holder root domain advantage
- From: jacksors
- Place holder root domain advantage
- Prev by Date: Re: Win32 Time Service not running on one of the Win2003 DC
- Next by Date: Re: VBA Script execution in AD
- Previous by thread: Re: Place holder root domain advantage
- Next by thread: Re: Place holder root domain advantage
- Index(es):
Relevant Pages
|
