Solved

benefits of one domain

Posted on 2015-02-04
9
211 Views
Last Modified: 2015-02-04
We currently have two separate domains on our network and are going to merge them.  There was a one that contained our exchange server and phone equipment and all our workstations were on another domain.  

I need to illustrate the benefits of having one domain verses two.  Can you experts help me to see what are the benefits of consolidating two separate domains into one?
0
Comment
Question by:al4629740
9 Comments
 
LVL 11

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 50 total points
ID: 40589437
Simplicity in management, having multiple domains means you have to setup trusts between the two and manage them separately.  I would actually be more curious as to why have two domains for the same company.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40589438
I agree with Bryant - resource domains were common 15-20 years ago with NT, but since Active Directory was introduced in 2000, the guidance has been to consolidate.  If you need select people to manage resources in AD, then delegate authority to specific OUs and place resources in the OUs.
0
 
LVL 18

Assisted Solution

by:Don S.
Don S. earned 50 total points
ID: 40589474
A single domain is easier to manage and some software has issues with multiple domains and resources divided between them.  However, joining them potentially breaks things and is a bit of work depending on how many objects you are dealing with and as long as they are working ok now, there isn't that much difference in the amount of effort needed to manage a dual domain design.  So, is it a worth while goal to get to a single domain?  Yes.  But you might find it hard to find much in the way of hard cost savings to justify it.
0
 

Author Comment

by:al4629740
ID: 40589555
What type of cost savings do you see when it comes to one domain?  What are areas that potential cost savings could be seen in many organizations.  Much of what I need to justify is the savings and benefits
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 40589581
You're going to have to look at how much time you spend administering.  Plus, you need a license for a DC (preferrably 2 for redundancy).  Consolidate into fewer domains and you save money on licenses, you save money on the time required to administer and maintain the domain, if you aren't virtual, you save money on the electricity and space requirements to house the server(s), if you are virtual you save money in reduced resources on the VM host and potentially, more available resources for other systems meaning potentially better overall performance of shared systems.
0
 

Author Comment

by:al4629740
ID: 40589749
fewer domains and you save money on licenses

Can you explain how so?
0
 
LVL 3

Accepted Solution

by:
Paul Wagner earned 350 total points
ID: 40589751
@al4629740

We were recently in the same situation as yourself and consolidated our physical/virtual network and domain/forest infrastructure into a single "entity".

In order to do this, we had to first ask ourselves if the project would be feasible. Are we separating the domains or network for a reason? Do we have a large enough division of users with specific requirements that makes leaving them in their own domain better than trying to integrate everyone together? By merging the network, can we cut costs on physical hardware? Can we reallocate network devices from one network to be used in the "joined" network for redundancy purposes? Does it benefit us to have separate routers/VLANs/IP schemes? etc... etc...

NETWORK

After vetting out the questions, we determined that it was best to put the physical network into a single IP scheme of 172.16.0.0 and splice out the different services/network needs into 6 difference VLANs. We ended up with a central switching core with redundant routers/switches as well as narrowing our four firewall endpoints (with different networks) down to two HA firewalls in the same network . This was much easier than the 15-20 VLANs and 8 different IP schemes we had before. NOTE: This doens't happen overnight. It took months of planning on how to migrate ESXi hosts, physical switches, VMWare networks, end-user devices, etc. over to the appropriate subnet. We also had to buy a few networking pieces since we had some end-of-life devices and thought it best to replace them since everything was changing anyway. This allowed us to configure the new devices with the new network while allowing the old network production devices to keep working.

Benefits:
Although we had to spend a chunk of change on the network consolidation, we were able to make our daily network administration work MUCH easier. There was some savings in not having to buy support on all those devices. We no longer deal with routing conflicts, firewall issues, server access, odd DNS issues, etc. Everything is simple and "sexy".  Our equipment is new and supported by the manufacturer and is nowhere near the end of its lifecycle. This part alone has made my life personally more enjoyable. I work on a network now that is simple and easy to understand. It cuts my time to resolution of issues (measurable metric that the bosses care about) by more than 60%. It's amazing. From a fiscal standpoint, we are also able to put all of our physical networking devices on the same-ish refresh cycle so it helps budgeting for the next few years very simple.

DOMAIN

We had three domains in different forests set up with two-way trusts. Each domain had different applications, services, IP ranges, GPOs, etc. It was a mess. We opted to consolidate everything into a single domain/forest with one domain name. Just like the network portion, this took quite some time. There is a lot of planning that goes into migrating everything from one place to the other. I can honestly say that it has TOTALLY been worth the effort. Altogether, it took the better part of a year to accomplish everything but we got to build the new domain exactly the way we wanted. That's a system architect/engineer's dream. Active Directory, Group Policy, Exchange, DHCP, etc. are exactly the way we want and it makes managing everything much simpler. Since we were already virtualized on VMWare, we were able to quickly spin up the new servers from image templates and build the virtual networks. Again, the migration of everything was quite taxing but since we were building everything brand new, daily production was not interrupted. (I highly recommend this design plan as you are able to build everything the way you want during the day instead of planning several nighttime efforts during downtime.)

Benefits:
After consolidating into a single domain/forest, management of the environment became incredibly easy. I have no idea why my predecessor did things the way he did before, but there was no need. Morale in the IT department is much higher. The costs to administer the infrastructure are lower because we don't have to call in specialists as often to resolve issues. We have less overall software licenses to purchase. We don't have to purchase as many physical resources like SANs or ESXi hosts. Oddly enough, reducing the domain footprint helped to reduce the file/data footprint. Resource requirements for hosts obviously went down since we needed less VMs (i.e.- Instead of having two DC's in each domain for redundancy, we only needed two DC's total). Just like the network savings, we are able to realize a similar refresh cycle on host/SAN devices so we can budget years in advance.

Ultimately, the major benefit is the time saved in managing the infrastructure. There are cost savings as well but it may take a couple years (depending on your current refresh cycle) to realize the difference. The immediate impact will be time to resolution on issues which end-users should notice. When they're happy, less complaints go up the chain and that definitely reflects on departmental and personal reviews.

Let me know if you have more detailed questions. I hope that helps!
0
 

Author Comment

by:al4629740
ID: 40589789
Very helpful reply.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40589812
fewer domains and you save money on licenses

Can you explain how so?

I did! "Plus, you need a license for a DC (preferrably 2 for redundancy). "

One domain controller cannot be a domain controller for TWO domains.  Therefore if you have two domains, you NEED two Windows licenses, one for a DC in each domain and since most would recommend a second DC for redundancy, that can mean TWO server licenses.  Plus two licenses for backup agents.  Plus two licenses antivirus.  Plus two licenses for any management software you use.... Think about what you put on a system - what DON'T you have to do if you don't have two domains?   How will not having to do it save you money?
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now