Solved

Single forest or multiple forests

Posted on 2007-12-05
2
713 Views
Last Modified: 2011-11-12
We have a NY office .com and a London office .co.uk. The NY office is a single domain/forest configuration and so is the London domain. Both offices have their own Exchange servers.

The UK office is planning to migrate their the mailboxes onto a new Exchange server on the NY .com domain. This server will be hosted in London.

My question is do we go for a single forest or multiple forests with forest trusts between NY and UK. The users want one GAL and have the ability to connect to mailbox calendars from each site.

Thanks in advance
0
Comment
Question by:Atticusit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 22

Expert Comment

by:mcsween
ID: 20411730
For simplicity of manangement I would definatly use one forest.  If you want to segregate them for administrative purposes you can setup a different domain in the same forest for each site.  If your administrators maintain both sites then I would suggest just 1 domain in 1 forest.
0
 

Accepted Solution

by:
intersum earned 125 total points
ID: 20411735
Without knowing much more detail about you guys I can only sug my personal preference...  For this I make the following assumptions..
1) the NY office is the bigger of the two
2) you dont mind having to move all your PC's and servers to a new domain.
3) Your link between sites is quite chunky (2 Meg dedicated if just mail and AD replication 10meg min if files to be accessed as well)
4) Each site will maintain its own Internet connection

So... I would do the following.
Move to a single forrest with just the top level domain.  Create sites for both NY and london and give them each 2 x DC's with NY holding the FMSO roles.  Have separeate containers in AD for each site subdivided with PC, User, Security Group and Mail group containers etc.  NY to have 2 x DNS\WINS servers set with external DNS servers as its forwarders, London at least one DNS\WINS server with one forwarder set to NY and the other to external DNS server.
MX records for both ny.com and london.co.uk will point to front end exchange in NY so you can still get mail to the old addresses.  Each site will have its own backend server or exchange cluster to hold its mailboxes if using exch 2007 replicated mailboxes on the other server incase either of the backends go down.  Thats just the very basics I'm sure others on here will have a different opinion which may work better for you but this one will do the following.

1) meet the GAL requirment
2) Allow single flat forrest with minimum authentication over the site link
3) Have an online mailbox backup should one of the exchange backends fall over
4) Route all incoming mail through a single gateway
5) allow each site to route its outgoing mail via its own internet connection.
6) allow you to implement 2 site links one over dedicated bandwidth (MPLS etc) and use the internet connections for a backup VPN.

Hope this helps.... Just done a similar thing and its working well!

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question