No announcement yet.

Best Practice Design AD - Single Loc w/ VLANs

  • Filter
  • Time
  • Show
Clear All
new posts

  • Best Practice Design AD - Single Loc w/ VLANs

    Current Environment:
    We have 3 administrators all having the same role. Overall split between 3 current domains we have approximately 1000 total objects (users, computer, printers)

    Three functional areas (staff, public, labs). Staff is made up of one subnet, public has 3 subnets and labs have 2 subnets. Each functional area has their own resources.

    Currently we have 3 separate Windows 2003 domains (staff.domain, lab.domain, and public.domain). Each domain has two domain controllers, dns and dhcp. It was created this way to keep the functional areas separate for security purposes.

    Without compromising security between the functional areas, is it possible to redesign to create a single domain either using subdomains, OUs or sites?

    New domain would be using a Windows 2008 R2 as our standard going forward. In the process of re-designing.

    What would be the pros/cons.

  • #2
    Re: Best Practice Design AD - Single Loc w/ VLANs

    I beleive the new best practice is to have a single domain, rather than a root domain and an operational domain..

    I'm in the process of designing something like you speak of, for a client of ours. We're migrating their global AD environment with 5 domains down to a single domain. They only have about 300 users.

    We're making each region an OU, and delegating responsibility for the OU to the administrative staff in that area.They can't touch anything else. including domain controllers...
    This brings all the control back to the global IT team, so noone can change dns or dhcp scopes etc, or just install crap on the domain controllers, or create their own policies.

    on the negative side, it does increase the workload for the global it team as they have to make all the changes that are needed for the other ous..
    Please do show your appreciation to those who assist you by leaving Rep Point