Announcement

Collapse
No announcement yet.

Multiple Child Domain under single Forest Help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple Child Domain under single Forest Help

    Hi Daniel,

    Hope you will help me with your expert advice for my requirement. Before i start with my questions, let me brief you the current senario.

    - We have 85 remote sites connected to datalink [512kbps]
    - Head Quarter [HQ] where IT operation dept located.
    - Running in house develped oracle application on remote sites.
    - Database is stored on local server [remote sites] and then be pushed to main database server located at Head Quarter.
    - All remote sites has their own Domain Controller running on win 2000/2003 with no trust relationship with any other remote sites.
    - Dual IP configured on single network adapter. Internal for clients and External [WAN] to connect to Operation room at HQ.
    - Domain names are given as per the site area name.
    - Using Third party Remote Admin tool to monitor remote sites server.


    Now we are planning to replace the old server with new server along with new client machines for all the sites and so have been planning to make the setup easy and more secure.

    Since you are expert and have been into this since long, i am seeking advice from you.

    - is it good to setup primary domain controller at Head quarter and to have child domain for remote sites for centralized control ?
    - if above point is considered, is it possible to keep the same domain name for child domain for all sites? i guess NO.
    - what are the pre-requesitite to setup single forest with multiple child ?
    - will trust relationship be created by default?

    I may not be very clear about what i need but hope you would understand. Would be pleased to provide more info if needed.

    Thanking you.

  • #2
    Re: Multiple Child Domain under single Forest Help

    Originally posted by realgujju View Post

    - is it good to setup primary domain controller at Head quarter and to have child domain for remote sites for centralized control ?
    - if above point is considered, is it possible to keep the same domain name for child domain for all sites? i guess NO.
    - what are the pre-requesitite to setup single forest with multiple child ?
    - will trust relationship be created by default?
    It makes sense for the Forest Root Domain Controller to be at the Head Office. Child domains for the remote sites would not give centralised control. The use ofchild domains would depend on whether the internet connection between Head Office and each site would cope with replication traffic and whether you have skilled IT staff for the AD at the remote site. There is the possibility that you can just have the one AD domain and then use Organisational Units.

    Your right, each child domain would be a different name but you could make each a separate Domain tree, so they will be 'SiteName.domain.local' convention.

    The main prerequisite will be the level of server hardware available. Ideally you need to have 2 servers per site Also, it will depend on applications used at each site and whether it uses the GC a lot. Also, does this or aything else create a lot of relication traffic? As mentioned above, it will depend on your IT staff. Also, how many users are at each site? You ususally would have a separate AD domain to allow a separate Password Policy.

    There is an automatic trust created for all domains in the same forest. There is the possibility of using shortcut trusts to expediate access to resources in other domains by allowing a direct connection, rather than havig to move through the domain hierarchy.

    Comment


    • #3
      Re: Multiple Child Domain under single Forest Help

      Originally posted by Virtual View Post
      It makes sense for the Forest Root Domain Controller to be at the Head Office. Child domains for the remote sites would not give centralised control. The use of child domains would depend on whether the internet connection between Head Office and each site would cope with replication traffic and whether you have skilled IT staff for the AD at the remote site. There is the possibility that you can just have the one AD domain and then use Organisational Units.
      at first, I thank you for being informative. Yes we had a discussion on this point and then the idea was dropped as there was a bit of hassle then after. For your information, We do not have dedicated IT staff at each site.

      Your right, each child domain would be a different name but you could make each a separate Domain tree, so they will be 'SiteName.domain.local' convention.
      yes..

      The main prerequisite will be the level of server hardware available. Ideally you need to have 2 servers per site Also, it will depend on applications used at each site and whether it uses the GC a lot. Also, does this or aything else create a lot of relication traffic? As mentioned above, it will depend on your IT staff. Also, how many users are at each site? You ususally would have a separate AD domain to allow a separate Password Policy.

      There is an automatic trust created for all domains in the same forest. There is the possibility of using shortcut trusts to expediate access to resources in other domains by allowing a direct connection, rather than havig to move through the domain hierarchy.
      Since above idea is dropped, we have now decided to have the same setup as current.

      what we are going to do is, prepare one server with common setup/config required for site and then image it.

      Now the question is, which software is the best to use ? Never used any software for server imaging with RAID.

      I am going to try Acronis True Image Echo Enterprise Ed. not sure if it works.

      would you please suggest one if known.

      Server Config:

      Dell PowerEdge 1900
      HDD SATA - 3 Drives
      RAID 5 Configured
      Windows Server 2003 SP2 R2
      DNS, WINS, DHCP, Active Directory

      Domain name will be common for all sites only the host name will be changed later as per the site name.

      Thanks once again.

      Comment

      Working...
      X