Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Understanding multi-domain sites

Posted on 2010-11-26
11
350 Views
Last Modified: 2012-05-10
Hi,

I am currently doing my MCIPT certification, and I have a query in regards to mutli-site multi-domains. If I create a domain called trey.net and then for another site create a researct.trey.net child domain, how do I configure the site in sites and services console? Do I also add the child domain as a site or do I keep them separate?

Whats the difference between creating a child domain and creating a completely separate domain and creating a trust between them?

thanks
0
Comment
Question by:Network_Padawan
  • 4
  • 2
  • 2
  • +1
11 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 41 total points
ID: 34220394
You can use the same sites for your domain controllers as sites can span domains so lets say you have an HQ site in New York City you can have DCs from multiple domains in that site.

Not a big difference between the child domain and the separate domain in terms of AD.  You won't have to create a trust for the child and you get the contiguous namespace with the child domain.

I'd try to go for a single domain if possible but if you had to go with a second domain I'd go with the child vs a new tree.

Thanks

Mike
0
 

Author Comment

by:Network_Padawan
ID: 34220607
hi mkline, if i worked for a company that had 9 divisions, all with their own users and groups, different network, would they all be child domains or would it be better to have them as a different forest?

Im wondering about things like, what if the business wanted to sell that division?

Eg,

Do I create engineering.net and a remote site nepean.engineering or do I create nepean.net and create a trust?

I guess what I am looking for is, when, from a design point of view, do I create a new forest or create a subdomain and how does that affect the user and groups in terms of IT administration?
0
 
LVL 5

Accepted Solution

by:
Blake_1 earned 42 total points
ID: 34220910
Some points:

- Sites and Services is a forest-level configuration item, they are common to all Domains.  When you promote a Domain Controller it will prompt you for the site it is to be allocated to.
- 'One Domain per division' as a rule is a poor design choice.  As mkline has indicated, a single domain is preferable and there are a number of advantages of this the first of which is simplicity.  If there is a business requirement to have separate domains then sure, otherwise just use a single domain.
- Separate forests are really only used in a few scenarios eg simulation environment, company merger, corporate extranet, etc.  Avoid unless there is a business requirement.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:Network_Padawan
ID: 34227983
So if I have a site in Sydney, another in London, and another in NY, they should all be in the same single parent domain instead of 3 separate child domains? Why would that be?
0
 
LVL 5

Expert Comment

by:Blake_1
ID: 34229582
Unless there is the need to separate the domains due to a business requirement, eg different administrators per region who do not work as part of a global team, or each location is a distinct business unit, then no.  Domains are not intended to group Active Directory geographically, this is what sites are for.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230713
Domains can also be seen as replication boundaries, in a global setup like that it is not uncommon to see a NorthAmerica, Europe, and Australia (or Asia).  



Thanks

Mike
0
 

Author Comment

by:Network_Padawan
ID: 34236803
Hi Mike,

Before I close this thread, are you suggesting that replication boundaries can be a good reason for child domain or no, thats not the case?

Lets say a company has bought out 6 companies, and they all work under their own business names but there is a centralized IT team. At the moment they all have trusts between child domains and whatnot, if I was to come in and propose a re-design, would I suggest a single domain?

What if someone asks me? What if we need to sell one of the companies?

Sorry Im just trying to get my head around what is the best design decision and why.
0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 42 total points
ID: 34331282
Sites and domains are entirely independent of one another. I use (and haven't really seen other uses in the real world) site as a boundary for replication and actual physical locations.

As far as domain design, the old rule was if you need different security you create a new domain. Under Windows 2008 and its multiple password policies options this is less true.

0
 

Author Closing Comment

by:Network_Padawan
ID: 34333452
thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question