Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Single forest or multiple forests

Posted on 2007-12-05
2
Medium Priority
?
721 Views
Last Modified: 2011-11-12
We have a NY office .com and a London office .co.uk. The NY office is a single domain/forest configuration and so is the London domain. Both offices have their own Exchange servers.

The UK office is planning to migrate their the mailboxes onto a new Exchange server on the NY .com domain. This server will be hosted in London.

My question is do we go for a single forest or multiple forests with forest trusts between NY and UK. The users want one GAL and have the ability to connect to mailbox calendars from each site.

Thanks in advance
0
Comment
Question by:Atticusit
2 Comments
 
LVL 22

Expert Comment

by:mcsween
ID: 20411730
For simplicity of manangement I would definatly use one forest.  If you want to segregate them for administrative purposes you can setup a different domain in the same forest for each site.  If your administrators maintain both sites then I would suggest just 1 domain in 1 forest.
0
 

Accepted Solution

by:
intersum earned 500 total points
ID: 20411735
Without knowing much more detail about you guys I can only sug my personal preference...  For this I make the following assumptions..
1) the NY office is the bigger of the two
2) you dont mind having to move all your PC's and servers to a new domain.
3) Your link between sites is quite chunky (2 Meg dedicated if just mail and AD replication 10meg min if files to be accessed as well)
4) Each site will maintain its own Internet connection

So... I would do the following.
Move to a single forrest with just the top level domain.  Create sites for both NY and london and give them each 2 x DC's with NY holding the FMSO roles.  Have separeate containers in AD for each site subdivided with PC, User, Security Group and Mail group containers etc.  NY to have 2 x DNS\WINS servers set with external DNS servers as its forwarders, London at least one DNS\WINS server with one forwarder set to NY and the other to external DNS server.
MX records for both ny.com and london.co.uk will point to front end exchange in NY so you can still get mail to the old addresses.  Each site will have its own backend server or exchange cluster to hold its mailboxes if using exch 2007 replicated mailboxes on the other server incase either of the backends go down.  Thats just the very basics I'm sure others on here will have a different opinion which may work better for you but this one will do the following.

1) meet the GAL requirment
2) Allow single flat forrest with minimum authentication over the site link
3) Have an online mailbox backup should one of the exchange backends fall over
4) Route all incoming mail through a single gateway
5) allow each site to route its outgoing mail via its own internet connection.
6) allow you to implement 2 site links one over dedicated bandwidth (MPLS etc) and use the internet connections for a backup VPN.

Hope this helps.... Just done a similar thing and its working well!

0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question