Solved

Designing new AD structure

Posted on 2010-08-16
4
280 Views
Last Modified: 2012-05-10
Hi

We are shortly going to be creating a new business unit, that requires a seperate AD forest from ours, so are thinking of potential designs for their AD 2008 structure.

Basically, they will have offices in emea, apac, usa and latam - multiple offices in multiple countries. They will have one Exchange org.

Some of my team are saying that we should create:

i) forest root: domain.com
ii) child domains of: emea.domain.com, apac.domain.com, usa.domain.com and latam.domain.com

However, I can't see the benefit of this - why not just one domain; domain.com, and split the continents into OU's, and have sub-OU's for the country etc?

Can anyone tell me the benefit of having multiple domains? The only one I can think of is password policy, since this is set in the Default Domain Policy, but I can't see that being an issue for us (unless apac want their own password policy to emea, say).
0
Comment
Question by:Joe_Budden
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
DesertCroc earned 167 total points
ID: 33446204
Unless you have specific security policies that are requiring you to have separate domains I'd recommend not doing this as you then introduce the more complexity to a fairly simple design. In 2008 you do have more granular control of password policies than in 2003 so that's not an issue anymore either....usually only politics is the reason these days unless the number of objects is massive.
0
 
LVL 3

Assisted Solution

by:robertodeacruz
robertodeacruz earned 167 total points
ID: 33446400
You are who will manage all areas? If there is a different administrator for EMEA, APAC, USA and LATAM domains will be advantageous to have multiple domains. If not, the best is even a single domain.

If the administrator is unique and also the policies, there is no reason to decentralize.
0
 
LVL 1

Author Comment

by:Joe_Budden
ID: 33446847
Thanks guys -

Out of interest, how do multiple domains affect AD replication traffic?
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 166 total points
ID: 33449571
You hit on the head in your post really there isn't a crazy amount of benefits using subdomains compared to OUs really it is preference and my preference is to keep everything in OU structure if there is not a company policy that requires different name spaces for each regional location. The one downfall is that you would have to create delegated rights to the local admins for their OU structure but once you create this you will have a more secure domain since local admins are not limited to your delegated controls and not domain admin rights like most companies give when they are in a multi-domain environment.

Replication is dependent AD Sites and Services nothing to do with your logical domain structure.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question