Announcement

Collapse
No announcement yet.

Root Domains

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Root Domains

    What are people's thoughts on these?

    Were migrating to a new domain as we have a variety of issues with the current domain and also out internal namespare is that same as our external address. Performing a domain rename is far too risky.

    Do people still set-up these. I know they are Microsoft's best practices but I was just after other people's opinions. I don't see if requiring additional domains as were a public sector company and don't acquire companies.

    Thoughts?

    Michael

    P.s. Anyone recommend this book:

    http://www.amazon.co.uk/Active-Direc...8100785&sr=8-2

    Thanks

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

  • #2
    Re: Root Domains

    I'm assuming you mean using the root hints instead of forwarders for external DNS resolution. If so, then yes, I use the root hints and don't use forwarders. My line of thinking is that if I use forwarders then my external DNS resolution is always dependent on the availability and proper operation of the forwarders and that's not a dependency I'm comfortable with.

    If my external DNS resolution doesn't work because the root hint servers are having trouble, then their are probably bigger things to worry about.

    Comment


    • #3
      Re: Root Domains

      Originally posted by joeqwerty View Post
      I'm assuming you mean using the root hints instead of forwarders for external DNS resolution. If so, then yes, I use the root hints and don't use forwarders. My line of thinking is that if I use forwarders then my external DNS resolution is always dependent on the availability and proper operation of the forwarders and that's not a dependency I'm comfortable with.

      If my external DNS resolution doesn't work because the root hint servers are having trouble, then their are probably bigger things to worry about.
      No, sorry, maybe my post was a bit confusing.

      Were moving to a new domain and MS best practise is to create a root domain and then a child domain for your resources. The root domain is only for admin resources i.e. etnerprise admins etc. All users / computers are kept in the child domain.

      Michael
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Root Domains

        OK, now I get it. You're thinking about using the "empty root" domain scenario. I don't have any experience with it, so don't have an opinion. Sorry.

        Comment


        • #5
          Re: Root Domains

          I do, but most of the time I think it's a waste of resources. What advantages do you think it might give you?
          Bringing up at least 2 DC's for just being a root domain ... Also I'd believe Microsoft changed their opinion about the root domain.

          Further you might read this.
          http://technet.microsoft.com/en-us/l...74(WS.10).aspx
          http://www.microsoft.com/casestudies...yID=4000001633
          Last edited by Dumber; 13th November 2009, 15:15.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Root Domains

            Michael,

            Have I got this wrong, or are you referring to the Advantages/Disadvantes of having different or the same Internal/external DNS namespaces?
            If so, you are probably going to get different opinions pro and against each option.
            I have heard (can't confirm) that there are some problems with some UC Certificates when using Same internal/external namespace as well as acquisition/merger issues (Which you won't do probably) but for some others has worked great. What I can say is unless you have a problem, why change it!

            As for the book, wouldn't you consider one that covers 2008 instead?
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: Root Domains

              Thanks Marcel,

              Everything I have read points to people moving to a single domain infrastructure. The reason for having multiple domain was different password policies but obviously 2008 solves this with fine-grained password policies.

              I dont think were ever going to need / require a child domain and the effort in managing two domain just in case we ever do need a new domain doens't seem worth it.

              Michael

              ** EDIT - Just found this - http://www.activedir.org/Articles/ta...8/Default.aspx **
              Last edited by m80arm; 13th November 2009, 15:46.
              Michael Armstrong
              www.m80arm.co.uk
              MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              Comment


              • #8
                Re: Root Domains

                And protecting the Enterprise Admins and the forest FSMO (for example the schema) roles.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Root Domains

                  Microsoft stopped that recommendation long ago. If you read the 2008 Resource Kits it goes against that. It's seen as a waste of resources.

                  Comment


                  • #10
                    Re: Root Domains

                    Ah so I was right
                    I'd believe that Microsoft recommended it till Windows 2003 but there was a lot of focus on it with Windows 2000.
                    Like I said before, personally I think it's a waste of resources. Those 2 servers can do other things
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment

                    Working...
                    X