Solved

benefits of one domain

Posted on 2015-02-04
9
305 Views
Last Modified: 2015-02-04
We currently have two separate domains on our network and are going to merge them.  There was a one that contained our exchange server and phone equipment and all our workstations were on another domain.  

I need to illustrate the benefits of having one domain verses two.  Can you experts help me to see what are the benefits of consolidating two separate domains into one?
0
Comment
Question by:al4629740
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 12

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 50 total points
ID: 40589437
Simplicity in management, having multiple domains means you have to setup trusts between the two and manage them separately.  I would actually be more curious as to why have two domains for the same company.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 40589438
I agree with Bryant - resource domains were common 15-20 years ago with NT, but since Active Directory was introduced in 2000, the guidance has been to consolidate.  If you need select people to manage resources in AD, then delegate authority to specific OUs and place resources in the OUs.
0
 
LVL 18

Assisted Solution

by:Don S.
Don S. earned 50 total points
ID: 40589474
A single domain is easier to manage and some software has issues with multiple domains and resources divided between them.  However, joining them potentially breaks things and is a bit of work depending on how many objects you are dealing with and as long as they are working ok now, there isn't that much difference in the amount of effort needed to manage a dual domain design.  So, is it a worth while goal to get to a single domain?  Yes.  But you might find it hard to find much in the way of hard cost savings to justify it.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:al4629740
ID: 40589555
What type of cost savings do you see when it comes to one domain?  What are areas that potential cost savings could be seen in many organizations.  Much of what I need to justify is the savings and benefits
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 40589581
You're going to have to look at how much time you spend administering.  Plus, you need a license for a DC (preferrably 2 for redundancy).  Consolidate into fewer domains and you save money on licenses, you save money on the time required to administer and maintain the domain, if you aren't virtual, you save money on the electricity and space requirements to house the server(s), if you are virtual you save money in reduced resources on the VM host and potentially, more available resources for other systems meaning potentially better overall performance of shared systems.
0
 

Author Comment

by:al4629740
ID: 40589749
fewer domains and you save money on licenses

Can you explain how so?
0
 
LVL 5

Accepted Solution

by:
Paul Wagner earned 350 total points
ID: 40589751
@al4629740

We were recently in the same situation as yourself and consolidated our physical/virtual network and domain/forest infrastructure into a single "entity".

In order to do this, we had to first ask ourselves if the project would be feasible. Are we separating the domains or network for a reason? Do we have a large enough division of users with specific requirements that makes leaving them in their own domain better than trying to integrate everyone together? By merging the network, can we cut costs on physical hardware? Can we reallocate network devices from one network to be used in the "joined" network for redundancy purposes? Does it benefit us to have separate routers/VLANs/IP schemes? etc... etc...

NETWORK

After vetting out the questions, we determined that it was best to put the physical network into a single IP scheme of 172.16.0.0 and splice out the different services/network needs into 6 difference VLANs. We ended up with a central switching core with redundant routers/switches as well as narrowing our four firewall endpoints (with different networks) down to two HA firewalls in the same network . This was much easier than the 15-20 VLANs and 8 different IP schemes we had before. NOTE: This doens't happen overnight. It took months of planning on how to migrate ESXi hosts, physical switches, VMWare networks, end-user devices, etc. over to the appropriate subnet. We also had to buy a few networking pieces since we had some end-of-life devices and thought it best to replace them since everything was changing anyway. This allowed us to configure the new devices with the new network while allowing the old network production devices to keep working.

Benefits:
Although we had to spend a chunk of change on the network consolidation, we were able to make our daily network administration work MUCH easier. There was some savings in not having to buy support on all those devices. We no longer deal with routing conflicts, firewall issues, server access, odd DNS issues, etc. Everything is simple and "sexy".  Our equipment is new and supported by the manufacturer and is nowhere near the end of its lifecycle. This part alone has made my life personally more enjoyable. I work on a network now that is simple and easy to understand. It cuts my time to resolution of issues (measurable metric that the bosses care about) by more than 60%. It's amazing. From a fiscal standpoint, we are also able to put all of our physical networking devices on the same-ish refresh cycle so it helps budgeting for the next few years very simple.

DOMAIN

We had three domains in different forests set up with two-way trusts. Each domain had different applications, services, IP ranges, GPOs, etc. It was a mess. We opted to consolidate everything into a single domain/forest with one domain name. Just like the network portion, this took quite some time. There is a lot of planning that goes into migrating everything from one place to the other. I can honestly say that it has TOTALLY been worth the effort. Altogether, it took the better part of a year to accomplish everything but we got to build the new domain exactly the way we wanted. That's a system architect/engineer's dream. Active Directory, Group Policy, Exchange, DHCP, etc. are exactly the way we want and it makes managing everything much simpler. Since we were already virtualized on VMWare, we were able to quickly spin up the new servers from image templates and build the virtual networks. Again, the migration of everything was quite taxing but since we were building everything brand new, daily production was not interrupted. (I highly recommend this design plan as you are able to build everything the way you want during the day instead of planning several nighttime efforts during downtime.)

Benefits:
After consolidating into a single domain/forest, management of the environment became incredibly easy. I have no idea why my predecessor did things the way he did before, but there was no need. Morale in the IT department is much higher. The costs to administer the infrastructure are lower because we don't have to call in specialists as often to resolve issues. We have less overall software licenses to purchase. We don't have to purchase as many physical resources like SANs or ESXi hosts. Oddly enough, reducing the domain footprint helped to reduce the file/data footprint. Resource requirements for hosts obviously went down since we needed less VMs (i.e.- Instead of having two DC's in each domain for redundancy, we only needed two DC's total). Just like the network savings, we are able to realize a similar refresh cycle on host/SAN devices so we can budget years in advance.

Ultimately, the major benefit is the time saved in managing the infrastructure. There are cost savings as well but it may take a couple years (depending on your current refresh cycle) to realize the difference. The immediate impact will be time to resolution on issues which end-users should notice. When they're happy, less complaints go up the chain and that definitely reflects on departmental and personal reviews.

Let me know if you have more detailed questions. I hope that helps!
0
 

Author Comment

by:al4629740
ID: 40589789
Very helpful reply.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 40589812
fewer domains and you save money on licenses

Can you explain how so?

I did! "Plus, you need a license for a DC (preferrably 2 for redundancy). "

One domain controller cannot be a domain controller for TWO domains.  Therefore if you have two domains, you NEED two Windows licenses, one for a DC in each domain and since most would recommend a second DC for redundancy, that can mean TWO server licenses.  Plus two licenses for backup agents.  Plus two licenses antivirus.  Plus two licenses for any management software you use.... Think about what you put on a system - what DON'T you have to do if you don't have two domains?   How will not having to do it save you money?
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question