Solved

benefits of one domain

Posted on 2015-02-04
9
288 Views
Last Modified: 2015-02-04
We currently have two separate domains on our network and are going to merge them.  There was a one that contained our exchange server and phone equipment and all our workstations were on another domain.  

I need to illustrate the benefits of having one domain verses two.  Can you experts help me to see what are the benefits of consolidating two separate domains into one?
0
Comment
Question by:al4629740
9 Comments
 
LVL 12

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 50 total points
ID: 40589437
Simplicity in management, having multiple domains means you have to setup trusts between the two and manage them separately.  I would actually be more curious as to why have two domains for the same company.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40589438
I agree with Bryant - resource domains were common 15-20 years ago with NT, but since Active Directory was introduced in 2000, the guidance has been to consolidate.  If you need select people to manage resources in AD, then delegate authority to specific OUs and place resources in the OUs.
0
 
LVL 18

Assisted Solution

by:Don S.
Don S. earned 50 total points
ID: 40589474
A single domain is easier to manage and some software has issues with multiple domains and resources divided between them.  However, joining them potentially breaks things and is a bit of work depending on how many objects you are dealing with and as long as they are working ok now, there isn't that much difference in the amount of effort needed to manage a dual domain design.  So, is it a worth while goal to get to a single domain?  Yes.  But you might find it hard to find much in the way of hard cost savings to justify it.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:al4629740
ID: 40589555
What type of cost savings do you see when it comes to one domain?  What are areas that potential cost savings could be seen in many organizations.  Much of what I need to justify is the savings and benefits
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 40589581
You're going to have to look at how much time you spend administering.  Plus, you need a license for a DC (preferrably 2 for redundancy).  Consolidate into fewer domains and you save money on licenses, you save money on the time required to administer and maintain the domain, if you aren't virtual, you save money on the electricity and space requirements to house the server(s), if you are virtual you save money in reduced resources on the VM host and potentially, more available resources for other systems meaning potentially better overall performance of shared systems.
0
 

Author Comment

by:al4629740
ID: 40589749
fewer domains and you save money on licenses

Can you explain how so?
0
 
LVL 5

Accepted Solution

by:
Paul Wagner earned 350 total points
ID: 40589751
@al4629740

We were recently in the same situation as yourself and consolidated our physical/virtual network and domain/forest infrastructure into a single "entity".

In order to do this, we had to first ask ourselves if the project would be feasible. Are we separating the domains or network for a reason? Do we have a large enough division of users with specific requirements that makes leaving them in their own domain better than trying to integrate everyone together? By merging the network, can we cut costs on physical hardware? Can we reallocate network devices from one network to be used in the "joined" network for redundancy purposes? Does it benefit us to have separate routers/VLANs/IP schemes? etc... etc...

NETWORK

After vetting out the questions, we determined that it was best to put the physical network into a single IP scheme of 172.16.0.0 and splice out the different services/network needs into 6 difference VLANs. We ended up with a central switching core with redundant routers/switches as well as narrowing our four firewall endpoints (with different networks) down to two HA firewalls in the same network . This was much easier than the 15-20 VLANs and 8 different IP schemes we had before. NOTE: This doens't happen overnight. It took months of planning on how to migrate ESXi hosts, physical switches, VMWare networks, end-user devices, etc. over to the appropriate subnet. We also had to buy a few networking pieces since we had some end-of-life devices and thought it best to replace them since everything was changing anyway. This allowed us to configure the new devices with the new network while allowing the old network production devices to keep working.

Benefits:
Although we had to spend a chunk of change on the network consolidation, we were able to make our daily network administration work MUCH easier. There was some savings in not having to buy support on all those devices. We no longer deal with routing conflicts, firewall issues, server access, odd DNS issues, etc. Everything is simple and "sexy".  Our equipment is new and supported by the manufacturer and is nowhere near the end of its lifecycle. This part alone has made my life personally more enjoyable. I work on a network now that is simple and easy to understand. It cuts my time to resolution of issues (measurable metric that the bosses care about) by more than 60%. It's amazing. From a fiscal standpoint, we are also able to put all of our physical networking devices on the same-ish refresh cycle so it helps budgeting for the next few years very simple.

DOMAIN

We had three domains in different forests set up with two-way trusts. Each domain had different applications, services, IP ranges, GPOs, etc. It was a mess. We opted to consolidate everything into a single domain/forest with one domain name. Just like the network portion, this took quite some time. There is a lot of planning that goes into migrating everything from one place to the other. I can honestly say that it has TOTALLY been worth the effort. Altogether, it took the better part of a year to accomplish everything but we got to build the new domain exactly the way we wanted. That's a system architect/engineer's dream. Active Directory, Group Policy, Exchange, DHCP, etc. are exactly the way we want and it makes managing everything much simpler. Since we were already virtualized on VMWare, we were able to quickly spin up the new servers from image templates and build the virtual networks. Again, the migration of everything was quite taxing but since we were building everything brand new, daily production was not interrupted. (I highly recommend this design plan as you are able to build everything the way you want during the day instead of planning several nighttime efforts during downtime.)

Benefits:
After consolidating into a single domain/forest, management of the environment became incredibly easy. I have no idea why my predecessor did things the way he did before, but there was no need. Morale in the IT department is much higher. The costs to administer the infrastructure are lower because we don't have to call in specialists as often to resolve issues. We have less overall software licenses to purchase. We don't have to purchase as many physical resources like SANs or ESXi hosts. Oddly enough, reducing the domain footprint helped to reduce the file/data footprint. Resource requirements for hosts obviously went down since we needed less VMs (i.e.- Instead of having two DC's in each domain for redundancy, we only needed two DC's total). Just like the network savings, we are able to realize a similar refresh cycle on host/SAN devices so we can budget years in advance.

Ultimately, the major benefit is the time saved in managing the infrastructure. There are cost savings as well but it may take a couple years (depending on your current refresh cycle) to realize the difference. The immediate impact will be time to resolution on issues which end-users should notice. When they're happy, less complaints go up the chain and that definitely reflects on departmental and personal reviews.

Let me know if you have more detailed questions. I hope that helps!
0
 

Author Comment

by:al4629740
ID: 40589789
Very helpful reply.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40589812
fewer domains and you save money on licenses

Can you explain how so?

I did! "Plus, you need a license for a DC (preferrably 2 for redundancy). "

One domain controller cannot be a domain controller for TWO domains.  Therefore if you have two domains, you NEED two Windows licenses, one for a DC in each domain and since most would recommend a second DC for redundancy, that can mean TWO server licenses.  Plus two licenses for backup agents.  Plus two licenses antivirus.  Plus two licenses for any management software you use.... Think about what you put on a system - what DON'T you have to do if you don't have two domains?   How will not having to do it save you money?
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question