Solved

Understanding multi-domain sites

Posted on 2010-11-26
11
349 Views
Last Modified: 2012-05-10
Hi,

I am currently doing my MCIPT certification, and I have a query in regards to mutli-site multi-domains. If I create a domain called trey.net and then for another site create a researct.trey.net child domain, how do I configure the site in sites and services console? Do I also add the child domain as a site or do I keep them separate?

Whats the difference between creating a child domain and creating a completely separate domain and creating a trust between them?

thanks
0
Comment
Question by:Network_Padawan
  • 4
  • 2
  • 2
  • +1
11 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 41 total points
ID: 34220394
You can use the same sites for your domain controllers as sites can span domains so lets say you have an HQ site in New York City you can have DCs from multiple domains in that site.

Not a big difference between the child domain and the separate domain in terms of AD.  You won't have to create a trust for the child and you get the contiguous namespace with the child domain.

I'd try to go for a single domain if possible but if you had to go with a second domain I'd go with the child vs a new tree.

Thanks

Mike
0
 

Author Comment

by:Network_Padawan
ID: 34220607
hi mkline, if i worked for a company that had 9 divisions, all with their own users and groups, different network, would they all be child domains or would it be better to have them as a different forest?

Im wondering about things like, what if the business wanted to sell that division?

Eg,

Do I create engineering.net and a remote site nepean.engineering or do I create nepean.net and create a trust?

I guess what I am looking for is, when, from a design point of view, do I create a new forest or create a subdomain and how does that affect the user and groups in terms of IT administration?
0
 
LVL 5

Accepted Solution

by:
Blake_1 earned 42 total points
ID: 34220910
Some points:

- Sites and Services is a forest-level configuration item, they are common to all Domains.  When you promote a Domain Controller it will prompt you for the site it is to be allocated to.
- 'One Domain per division' as a rule is a poor design choice.  As mkline has indicated, a single domain is preferable and there are a number of advantages of this the first of which is simplicity.  If there is a business requirement to have separate domains then sure, otherwise just use a single domain.
- Separate forests are really only used in a few scenarios eg simulation environment, company merger, corporate extranet, etc.  Avoid unless there is a business requirement.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Network_Padawan
ID: 34227983
So if I have a site in Sydney, another in London, and another in NY, they should all be in the same single parent domain instead of 3 separate child domains? Why would that be?
0
 
LVL 5

Expert Comment

by:Blake_1
ID: 34229582
Unless there is the need to separate the domains due to a business requirement, eg different administrators per region who do not work as part of a global team, or each location is a distinct business unit, then no.  Domains are not intended to group Active Directory geographically, this is what sites are for.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230713
Domains can also be seen as replication boundaries, in a global setup like that it is not uncommon to see a NorthAmerica, Europe, and Australia (or Asia).  



Thanks

Mike
0
 

Author Comment

by:Network_Padawan
ID: 34236803
Hi Mike,

Before I close this thread, are you suggesting that replication boundaries can be a good reason for child domain or no, thats not the case?

Lets say a company has bought out 6 companies, and they all work under their own business names but there is a centralized IT team. At the moment they all have trusts between child domains and whatnot, if I was to come in and propose a re-design, would I suggest a single domain?

What if someone asks me? What if we need to sell one of the companies?

Sorry Im just trying to get my head around what is the best design decision and why.
0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 42 total points
ID: 34331282
Sites and domains are entirely independent of one another. I use (and haven't really seen other uses in the real world) site as a boundary for replication and actual physical locations.

As far as domain design, the old rule was if you need different security you create a new domain. Under Windows 2008 and its multiple password policies options this is less true.

0
 

Author Closing Comment

by:Network_Padawan
ID: 34333452
thanks
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question