Re: Which Domain Controller setup should I use?

From: Mike Brannigan [MSFT] (mikebran_at_online.microsoft.com)
Date: 10/04/04 

Date: Mon, 4 Oct 2004 21:04:31 +0100

"greyhwk" <greyhwk@hotmail.com> wrote in message
news:usqKJEjqEHA.536@TK2MSFTNGP11.phx.gbl...
> Mike,
>
> I ordered that kit last week, as well as the administrator's companion,
> because no one in area had them in stock. I already own the
> administrator's pocket guide from MSPress. I would be hitting them if I
> could. I love figuring things out for myself. Greater sense of
> accomplishment, and all that. My partners are getting a little impatient,
> so I am having to seek additional help.
>

No need to wait for delivery.
All of the books from the Deployment are available for free download from
the web site at
http://www.microsoft.com/windowsserver2003/techinfo/reskit/deploykit.mspx

> Now, having read the stuff online, it lists the AD forest root domain,
> child domain, AD Domain tree.
>

You have one forest root domain. You the have domain trees which are
contigusous DNS style namespaces that form a parent child realtionship
between them selves. A Forest can have one or more trees with differnt
namespsaces BUT those tress are still considered children of the forest root
domain.

> WinServ 2003 Ent lists two choices of AD Forest domains when setting up
> the Domain Controller and AD.
>
> Looking at the choices, I can set up as:
> Forest root = forestroot.net
> child domain = child1.forestroot.net
> tree = treedomain
> or secondary forest (as I understand it) = corp.forestroot.net
>

When you install a DC it is either joining as an additional domain
controller in an existing domain. Or as a new DC in a new domain within an
existing forest or as a new DC in a new Domain which is a new forest.

> Since the forestroot.net is provided by a Dynamic DNS system with relay to
> my server, then instead of setting my server as DC for forestroot.net, I
> should set up as a second level forests of corp.forestroot.net for best
> performance.
>
> Is this correct?
>

That depends on what you want to do.
As I said if you have an existing DNS namespace registered externally one
option is to make you forest root name a child DNS zone off this namespace
(this is the recommendation from the deployment resource kit) - however
other alternatives exist for many other situations and design decisions
These are covered in the guide.

Since what you are about to do is a potentially company wide impacting you
should consider some formal training and/or some professional
consultancy/advice.

> Thanks in advance,
> 

-- 
Regards,
Mike
--
Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions, please use these
newsgroups
"greyhwk" <greyhwk@hotmail.com> wrote in message 
news:usqKJEjqEHA.536@TK2MSFTNGP11.phx.gbl...
> Mike,
>
> I ordered that kit last week, as well as the administrator's companion, 
> because no one in area had them in stock.  I already own the 
> administrator's pocket guide from MSPress.   I would be hitting them if I 
> could.   I love figuring things out for myself.  Greater sense of 
> accomplishment, and all that.  My partners are getting a little impatient, 
> so I am having to seek additional help.
>
> Now, having read the stuff online, it lists the AD forest root domain, 
> child domain, AD Domain tree.
>
> WinServ 2003 Ent lists two choices of AD Forest domains when setting up 
> the Domain Controller and AD.
>
> Looking at the choices, I can set up as:
> Forest root   = forestroot.net
> child domain = child1.forestroot.net
> tree = treedomain
> or secondary forest (as I understand it) = corp.forestroot.net
>
> Since the forestroot.net is provided by a Dynamic DNS system with relay to 
> my server, then instead of setting my server as DC for forestroot.net, I 
> should set up as a second level forests of corp.forestroot.net for best 
> performance.
>
> Is this correct?
>
> Thanks in advance,
>
>
> "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message 
> news:OmNswB4pEHA.2052@TK2MSFTNGP10.phx.gbl...
>> "greyhwk" <greyhwk@stormreaverkeep.org> wrote in message 
>> news:OoIVib3pEHA.516@TK2MSFTNGP09.phx.gbl...
>>>I have a single Windows Server 2003 (Ent Ed) and four workstations.
>>>
>>> I have a Dynamic DNS setup currently to my own domain name (we will call 
>>> it xxxxxxx.net), and am using this Server as the DNS server for my LAN.
>>>
>>> I have been thinking about setting the server as a Domain Controller, 
>>> using my xxxxxxx.net domain name and place all the workstations in this 
>>> domain instead of a workgroup.
>>>
>>> Would this be a wise choice?  What would be the best setup?
>>
>> If your company already uses the xxxxxxx.net name for an external 
>> presence our recommendation is now to take a sub zone from that for use 
>> as the Active Directory Forest root name e.g. corp.xxxxxxx.net
>>
>> There is lots of great documentation about planning, design and setup in 
>> the Windows Server 2003 Deployment Resource Kit which you can download 
>> all the books from
>> http://www.microsoft.com/windowsserver2003/techinfo/reskit/deploykit.mspx
>>
>> -- 
>>
>> Regards,
>>
>> Mike
>> --
>> Mike Brannigan [Microsoft]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights
>>
>> Please note I cannot respond to e-mailed questions, please use these
>> newsgroups
>>
>> "greyhwk" <greyhwk@stormreaverkeep.org> wrote in message 
>> news:OoIVib3pEHA.516@TK2MSFTNGP09.phx.gbl...
>>>I have a single Windows Server 2003 (Ent Ed) and four workstations.
>>>
>>> I have a Dynamic DNS setup currently to my own domain name (we will call 
>>> it xxxxxxx.net), and am using this Server as the DNS server for my LAN.
>>>
>>> I have been thinking about setting the server as a Domain Controller, 
>>> using my xxxxxxx.net domain name and place all the workstations in this 
>>> domain instead of a workgroup.
>>>
>>> Would this be a wise choice?  What would be the best setup?
>>>
>>>
>>
>>
>
>
Quantcast