Announcement

Collapse
No announcement yet.

Multiple AD domains designing question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple AD domains designing question

    Hello!
    We want to be able to from one domain > able to manage the other domain.

    We currently have one domain that's 2003 AD domain.
    The domain name: fx.pop.crucial.com
    (there isn't a root AD domain called pop.crucial.com, only fx.pop.crucial.com AD domain exists).

    We're going to add another domain called ex.pop.crucial.com (the name space pop.crucial.com has to be the same for political reasons).

    1. When installing the first DC for ex.pop.crucial.com domain, a) is it better to add it as a new DC in an existing forest (the forest that was created when installing fx.pop.crucial.com's DC above) or b) is it better to install the DC as a new domain in a new forest and then manually create a two way trust afterwards with the above existing domain?

    2. The both domain's DCs will be running an AD integrated DNS. Should I create a conditional forwarding to each other's domain on each DNS?

    3. In this case, if the DC from ex) fx.pop.crucial.com goes down, would the DC in ex.pop.crucial.com take over (either a) or b) )? I'm not sure how the replication works in multiple domains.

    Thank you!

  • #2
    Re: Multiple AD domains designing question

    If you want a complete two way trust betwwen the two domain then I would suggest you to go for the new tree in the same forest.

    Even in this case you will not need to configure the conditional forwarders.

    As far as failover is concerned there is not any failover machanism between different domains. If you want faul-tolerance then you need to add ADCs in all of your doamins....

    Regards,
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

    Comment


    • #3
      Re: Multiple AD domains designing question

      Originally posted by croku99 View Post
      1. When installing the first DC for ex.pop.crucial.com domain, a) is it better to add it as a new DC in an existing forest (the forest that was created when installing fx.pop.crucial.com's DC above) or b) is it better to install the DC as a new domain in a new forest and then manually create a two way trust afterwards with the above existing domain?
      Unless you need security separation, you'd probably want to create the new domain as a new tree in the existing forest.

      Originally posted by croku99 View Post
      2. The both domain's DCs will be running an AD integrated DNS. Should I create a conditional forwarding to each other's domain on each DNS?
      Depends how the zones are configured. If you are using application partitions for DNS, you might consider configuring the zones to replicate to all DNS servers in the forest and in this case no conditional forwarding will be required.

      Originally posted by croku99 View Post
      3. In this case, if the DC from ex) fx.pop.crucial.com goes down, would the DC in ex.pop.crucial.com take over (either a) or b) )? I'm not sure how the replication works in multiple domains.
      a. Redundancy works only inside a single domain. There is no failover between different domains in the same forest.

      b. the replication traffic will contain objects that are part of Global Catalog. If you go for forest-wide DNS application partitions, those will also take part in th replication.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: Multiple AD domains designing question

        Thanks guys.
        Do you guys recommend using an application partition for DNS so they replicate with other DCs that are also DNS or conditional forwarding?

        Comment


        • #5
          Re: Multiple AD domains designing question

          Both are fine but subjected to the requirement..........

          I always prefer to replicate if it's in same site or env.

          Regards,
          Kapil Sharma
          ~~~~~~~~~~~~~
          Life is too short, Enjoy It.

          Comment

          Working...
          X