[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

Windows 2003 Domains

I am looking at setting up a new Collocation facility in San Antonio Texas through AT&T. Our office is located in Northern California. Is there any way through Windows 2003 to setup 2 different domains with good trust relationships? San Antonio - sanantonio.com and Northern California - sanantonio.northerncal.com, is this something we should even be thinking about? All of our important web servers, app servers, database servers will be in San Antonio so I don't know why I would. Any feedback would be greatly appreciated.
0
gbauer17
Asked:
gbauer17
  • 2
  • 2
  • 2
  • +3
1 Solution
 
Diophantus32Commented:
Just create a sub domain and make that an OU in Active Directory.
0
 
gbauer17Author Commented:
Make what an OU in AD?
0
 
gbauer17Author Commented:
The problem is everything that is going to San Antonio should be using the root of the domain and we would have get purchase another DC for local and create that as a Sub Domain?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
ametzlerCommented:
You could create two separate domains and set up two way transitive trusts, but you'd probably be better off with your Colo as a child domain to your main office.

If you have a domain already then that would be the parent. If that's northern California then it's domain name would be northerncal.com, while the child, presumably San Antonio, would be sanantonio.northerncal.com.

It isn't necessary for them to have different domain spaces though. As long as both sites are all part of the same internal network you can just have them all on the same domain. If your connection from the main site to the colo is fast enough you can just promote an additional DC in the colo and make it a Global Catalog server. Note that you'd want an additional GC at your corporate office and remove that roll from your forest root.
0
 
ametzlerCommented:
To make a child domain you would need another server and simply select 'a child domain in an existing domain" when you DCPromo it.
0
 
DenisCooperCommented:
Personally i always think one domain is the better option....are you going to have a decent fast link between the two sites?

You do have the options of creating child domains and other forests and using trusts for them, but personally if you don't need that conceptual boundary of a different domain, then you are better off going with one domain.

It makes administrative tasks much easier.
0
 
brwwigginsCommented:
I guess my first question is what is the purpose of the separate domains? Is it for administration, security or to follow an existing schema?
0
 
DenisCooperCommented:
generally if business requirements need it. For security purposes. Also, if you wanted different password policies, then you would need different domains.  keeping 1 domain, allows you to administrer easier, and also gives your fairly flexible security settings....
0
 
LauraEHunterMVPCommented:
The only real reason to deploy a multi-domain forest under Windows Server 2003 is to configure different password/account lockout policies, as these are one-per-domain.  (And even that's no longer a good reason, IMO, as 2008 allows multiple password policies within a single domain.)

Configuring multiple domains within a single forest confers absolutely -zero- security advantages, as there is a known elevation of privilege attack that allows Domain Admins in a child domain to elevate themselves to Enterprise Admins.  The security boundary in Active Directory is the forest, not the domain.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now