Active Directory
I am looking for best practice setup of our environment.
This is what we presently have now, and it is very confusing:
I am just helping someone who has this situation. three data centers, each data center has four forest with single domain, one for public, one for data, one for emails, and one for something else. Some of them have trust relationships.
location 1:
publictraffic.col.abc.com
datatraffic.col.abc.com
emailtraffic.col.abc.com
somethingelse.col.abc.com
location 2:
publictraffic.den.abc.com
datatraffic.den.abc.com
emailtraffic.den.abc.com
somethingelse.den.abc.com
location 3:
publictraffic.por.abc.com
datatraffic.por.abc.com
emailtraffic.por.abc.com
somethingelse.por.abc.com
As you can see there are 12 domains.
We want to redesign this, and what would be best practice, create one forest say:
root domain: xyz.com then create child domains
public.xyz.com, email.xyz.com data.xyz.com
My concern here is the FSMO's. Since Schema & Domain naming is per forest, what happens if I loose the DC.
WHat is the best practice for redesigning.
thanks
This is what we presently have now, and it is very confusing:
I am just helping someone who has this situation. three data centers, each data center has four forest with single domain, one for public, one for data, one for emails, and one for something else. Some of them have trust relationships.
location 1:
publictraffic.col.abc.com
datatraffic.col.abc.com
emailtraffic.col.abc.com
somethingelse.col.abc.com
location 2:
publictraffic.den.abc.com
datatraffic.den.abc.com
emailtraffic.den.abc.com
somethingelse.den.abc.com
location 3:
publictraffic.por.abc.com
datatraffic.por.abc.com
emailtraffic.por.abc.com
somethingelse.por.abc.com
As you can see there are 12 domains.
We want to redesign this, and what would be best practice, create one forest say:
root domain: xyz.com then create child domains
public.xyz.com, email.xyz.com data.xyz.com
My concern here is the FSMO's. Since Schema & Domain naming is per forest, what happens if I loose the DC.
WHat is the best practice for redesigning.
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I understand that, but our concern is a single point of failure especially with the FSMO's.
Is there another way to configure this.
Is there another way to configure this.
http://technet.microsoft.com/en-us/library/cc755450(v=ws.10).aspx
FSMO Roles shouldn't be a factor in determining your design really, other than where to place them. Unforunatly they will always be a single point of failure, but if you're environment is being properly monitored and maintained, the impact of losing any one DC, should be quite minimal. As mentioned, they can be moved and recovered fairly easily when needed.
FSMO Roles shouldn't be a factor in determining your design really, other than where to place them. Unforunatly they will always be a single point of failure, but if you're environment is being properly monitored and maintained, the impact of losing any one DC, should be quite minimal. As mentioned, they can be moved and recovered fairly easily when needed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Even if you go with three domains if you lose the FSMO that holds the forest wide roles you would either repair the server or seize the FSMO roles (no different than in a single domain). The schema master and domain naming master are fairly quiet and don't have a lot to do.
Thanks
Mike