Active Directory: WinSvr 2012 Forest / Domains
Posted on 2013-11-06
I am setting up a new network of sorts. I got 2 new servers with 3 existing servers and 3 PC's and 2 Laptops. Lastly, Firewall running WinSvr 2008 R2 with MS TMG 2010 Firewall.
I want to know the best way to setup the DNS, Domain Naming, Forest and assuring 2 way trusts.
The forest and domain controllers are my issue in simply planning.
Servers Names and Roles (Roles are not in place YET this planning )are below to give you an idea:
CTCSVR000 (Possible Domain Controller Internal Use) - Running WinSvr 2012
CTCSVR001 (Web Server IIS 8.0Internal and External use) - Running WinSvr 2012
CTCSVR002 (File Server and Web IIS 8.0 use Internal)
CTCSVR003 (Exchange Server 2013)
CTCSVR004 (Share team Server 2013)
Future Server: CTCSVR005 (Lync Server 2013)
Thinking maybe doing Domain Controller on Server CTCSVR000 as Domain Controller and Hyper-V Exchange 2013???
So the Servers CTCSVR003 and CTCSVR004 are going to be access by clients. They will be using email thru Exchange 2013 and using Share Team 2013.
Also the Web Servers will be used by Clients from the outside.
I know your suppose to use real world domain names - NO domainname.local or .pdc but
domainname.com which debating on using my real company domain as the domain name??? I host my email on Google Business Apps and run my web site in house so I would just do sub-domains correct.... CTCSVR000.mydomain.com etc etc for each server???
should I make more than one forest from the mostly internal servers from the semi external servers. there is a little over lap...
with 2 way trusts and what if I want 2 Domain controllers one for internal use and the other for external use...
Here is my thoughts:
All one forest
2 domain controllers
Servers: CTCSVR000, CTCSVR001, CTCSVR002 and the firewall under same domain Controller.
Servers: CTCSVR003 and CTCSVR004 under there own domain controller
I might need more users names by having more active directory's so if a client name is Clint and there is already a Clint there can be two... I know I can do naming conventions like First.Lastname etc but I might need more...
In house, there are only 8 of us so internal users are about 8 and that is with future growth in mind.
If I have one forest and join all the servers to the same forest and I can have 2 domain controllers that supports the servers I join it too and they have 2 way trusts so they can access each other.
Or is JUST ONE DOMAIN CONTROLLER the best... I am guess 2 domain controllers anyway if I keep them under just one domain name controller. For a back up if I have to move active directory or / and if I have to take the domain controller down the other domain controller in the same forest and domain will be up to take request???