Setting up AD global catalog, etc.
Hi,
I'm working on setting up an whole new AD infrastructure. Here is the breakdown of what I intend to do:
Forest domains:
- corp-dc-[01,02], running Win2k8 R2. These controllers are used for the forest to join the child domains. It will be hosted in a data center in California.
Child domains:
- location1-dc-[01,02], running Wink28 R2. This is going to be child.domain joined to the forest.
- location2-dc-[01,02], running Wink28 R2. This is going to be child.domain joined to the forest.
Location 1 and 2 are offices in California in addition to one more state. While considering the setup above, I need to determine how to setup the Global catalog, Schema master and RID master to make sure that I have a good level of redundancy between all three geo locations.
I want to define the domain controller roles to make sure that each controller has role X and Y, etc.
Any thoughts?
I'm working on setting up an whole new AD infrastructure. Here is the breakdown of what I intend to do:
Forest domains:
- corp-dc-[01,02], running Win2k8 R2. These controllers are used for the forest to join the child domains. It will be hosted in a data center in California.
Child domains:
- location1-dc-[01,02], running Wink28 R2. This is going to be child.domain joined to the forest.
- location2-dc-[01,02], running Wink28 R2. This is going to be child.domain joined to the forest.
Location 1 and 2 are offices in California in addition to one more state. While considering the setup above, I need to determine how to setup the Global catalog, Schema master and RID master to make sure that I have a good level of redundancy between all three geo locations.
I want to define the domain controller roles to make sure that each controller has role X and Y, etc.
Any thoughts?
ASKER
To answer your question, more DC's because there will be multiple hands administering AD on the global level. I'm going to have two US location in addition to 4 EU locations so, to minimize and separate the location administration, I'm going to use the forest and child domains.
I will be running DNS on DCs. I was planning on running DNS on all of them.
I will be running DNS on DCs. I was planning on running DNS on all of them.
Ok then that is an decent design, splitting domains between regions like North America/Europe/Asia is definitely valid. Not as much for security because the forest is the boundary.
Thanks
Mike
Thanks
Mike
ASKER
Glad to hear it :) Any other thoughts on what I have?
You should be ok with what you have.
ASKER
Is it possible to have two servers as schema master though?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
FSMO roles can only be held on one DC so you don't really have redundancy with them. If the DC that holds them goes down hard you can seize those roles. The schema master and Domain naming masters are forest wide roles and the RID, PDCe and Infrastructure master are domain roles.
I'd always try and make every DC a GC. I also took that lesson from a legend in the AD world...see bullet one http://adisfun.blogspot.com/2009/04/lessons-learned-from-eric-fleischman.html
Will you be running DNS on your DCs. If so make them all DNS servers.
If you go with one domain you would create sites for your locations and still have local DCs for them.
Thanks
Mike