?
Solved

Domain and sub domains

Posted on 2012-03-30
6
Medium Priority
?
395 Views
Last Modified: 2012-04-02
So I'm building a network from scratch with Windows Server 2003 & Exchange Server 2003.  My plan is for my domains to be:

aaa:mycompany.com
bbb.mycompany.com
ccc.mycompany.com

This relates to a question I asked in the past.  So that when I setup exchange, all these networks share the same GAL.  What is the best way to achieve this?

Do I need a server setup as a root domain at mycompany.com and setup the other's as child domains?  If that is the case, is it possible to setup the root domain, and a subdomain on the same server?  I have to keep the macines I use to a minimum.  Perhaps I'm going at this wrong, and this has to do with configuring DNS differently.  

In the past I had configured 3 different domains in their own forest, but this didn't allow me to share their GAL.  Thats the ultimate goal here.  To have the 3 unique domains but all having the same GAL.

Please advise on the best way forward.
0
Comment
Question by:usmcguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 9

Expert Comment

by:Geodash
ID: 37787801
Are your domains going to be trusted? One way, two way, etc...?

look at this article -

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26441939.html
0
 

Author Comment

by:usmcguy
ID: 37787840
The domains will be trusted both ways.

I've read about IIFP in the past.  But is it the best way to go?  I was thinking that if you built your forest/domain correctly, you wouldn't need to go that route.  Am I wrong?  If not, the piece I'm missing is knowing how to setup the forest/domain correctly.  Otherwise, I would just have to setup 3 seperate forests, and use IIFP.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 37792024
You don't need IIFP.

You will be running an Active Directory forest so all domains are linked.
With Exchange 2003 you can only have one Exchange Organization in the forest.
This can be achieve simply be configuring Exchange for "Using a Single Forest Topology"

Read the following:
http://technet.microsoft.com/en-us/library/bb124972(v=exchg.65).aspx
http://technet.microsoft.com/en-us/library/aa997002(v=exchg.65).aspx
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:usmcguy
ID: 37792034
Yes, this is correct. But my question remains, would I need a dc at the root of the forest hosting my company.com? Or could a dc hosting one of the other domains (aaa, bbb, or ccc) also be at the root of the forest and still maintain the DNS naming convention.
I ask because I have to keep servers use at a minimum
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 2000 total points
ID: 37792117
You need at least 1 DC for each domain.
No DC = No Authentication = No Domain

You configure DNS locally for each domain/DC
You enable DNS Zone replication to all the Domain Controllers in the forest.

Why? because AD is dependant on DNS, so ideally you want your domain to function even if other DNS servers/domains are having problems.

The easiest way you'll get to your design:
aaa:mycompany.com
bbb.mycompany.com
ccc.mycompany.com

Would be by creating the forest with a root domain and the 3 child domains. (x4 DC's)
mycompy.com
aaa:mycompany.com
bbb.mycompany.com
ccc.mycompany.com

I'm not sure what DNS naming conventions you're worried about...please elaborate.
0
 

Author Closing Comment

by:usmcguy
ID: 37795595
You pretty much answered my question.  I was more curious if there was a way to setup the forest without having to setup a domain at mycompany.com first.  But as I suspected, this isn't possible.  Thanks for the input!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month9 days, 6 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question