Solved

Understanding multi-domain sites

Posted on 2010-11-26
11
353 Views
Last Modified: 2012-05-10
Hi,

I am currently doing my MCIPT certification, and I have a query in regards to mutli-site multi-domains. If I create a domain called trey.net and then for another site create a researct.trey.net child domain, how do I configure the site in sites and services console? Do I also add the child domain as a site or do I keep them separate?

Whats the difference between creating a child domain and creating a completely separate domain and creating a trust between them?

thanks
0
Comment
Question by:Network_Padawan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
11 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 41 total points
ID: 34220394
You can use the same sites for your domain controllers as sites can span domains so lets say you have an HQ site in New York City you can have DCs from multiple domains in that site.

Not a big difference between the child domain and the separate domain in terms of AD.  You won't have to create a trust for the child and you get the contiguous namespace with the child domain.

I'd try to go for a single domain if possible but if you had to go with a second domain I'd go with the child vs a new tree.

Thanks

Mike
0
 

Author Comment

by:Network_Padawan
ID: 34220607
hi mkline, if i worked for a company that had 9 divisions, all with their own users and groups, different network, would they all be child domains or would it be better to have them as a different forest?

Im wondering about things like, what if the business wanted to sell that division?

Eg,

Do I create engineering.net and a remote site nepean.engineering or do I create nepean.net and create a trust?

I guess what I am looking for is, when, from a design point of view, do I create a new forest or create a subdomain and how does that affect the user and groups in terms of IT administration?
0
 
LVL 5

Accepted Solution

by:
Blake_1 earned 42 total points
ID: 34220910
Some points:

- Sites and Services is a forest-level configuration item, they are common to all Domains.  When you promote a Domain Controller it will prompt you for the site it is to be allocated to.
- 'One Domain per division' as a rule is a poor design choice.  As mkline has indicated, a single domain is preferable and there are a number of advantages of this the first of which is simplicity.  If there is a business requirement to have separate domains then sure, otherwise just use a single domain.
- Separate forests are really only used in a few scenarios eg simulation environment, company merger, corporate extranet, etc.  Avoid unless there is a business requirement.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Network_Padawan
ID: 34227983
So if I have a site in Sydney, another in London, and another in NY, they should all be in the same single parent domain instead of 3 separate child domains? Why would that be?
0
 
LVL 5

Expert Comment

by:Blake_1
ID: 34229582
Unless there is the need to separate the domains due to a business requirement, eg different administrators per region who do not work as part of a global team, or each location is a distinct business unit, then no.  Domains are not intended to group Active Directory geographically, this is what sites are for.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230713
Domains can also be seen as replication boundaries, in a global setup like that it is not uncommon to see a NorthAmerica, Europe, and Australia (or Asia).  



Thanks

Mike
0
 

Author Comment

by:Network_Padawan
ID: 34236803
Hi Mike,

Before I close this thread, are you suggesting that replication boundaries can be a good reason for child domain or no, thats not the case?

Lets say a company has bought out 6 companies, and they all work under their own business names but there is a centralized IT team. At the moment they all have trusts between child domains and whatnot, if I was to come in and propose a re-design, would I suggest a single domain?

What if someone asks me? What if we need to sell one of the companies?

Sorry Im just trying to get my head around what is the best design decision and why.
0
 
LVL 26

Assisted Solution

by:MidnightOne
MidnightOne earned 42 total points
ID: 34331282
Sites and domains are entirely independent of one another. I use (and haven't really seen other uses in the real world) site as a boundary for replication and actual physical locations.

As far as domain design, the old rule was if you need different security you create a new domain. Under Windows 2008 and its multiple password policies options this is less true.

0
 

Author Closing Comment

by:Network_Padawan
ID: 34333452
thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question