Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

New Domain

  • Filter
  • Time
  • Show
Clear All
new posts

  • New Domain


    This is my first post on the site so appologise if already posted or in wrong place.

    I need to create a new 2008 Domain. I currently have a 2003 domain at the top of the tree and then a forest of 52 child domains.

    Each site has its own domain controller .

    For my new domain which will eventually replace the current domain,should I just have two domain controllers for the complete domain and at the remote sites have member servers .Or should I have a domain controller at each site replicating to the top of the tree.

    The Wan links between sites ar 10MB links.Each site has between 100 to 350 pc's and between 500 and 800 users.

    Any help and guidance will be greatly appriciatted.


    Sorry english not first language

  • #2
    Re: New Domain

    Since it is a completely fresh start, you have no baggage to worry about.

    First, MS recommendation is now to have a single domain unless you have some very specific needs for subdomains -- the main one is (still, despite PSOs) the need for different password policies.

    Second, with 500+ users per site, IMHO you have a absolute need for 2 domain controllers in each. Yes, authentication will work over your WAN links but with everyone logging on each morning, it WILL slow things down and if anything happens to the main office you will have a lot of users in a very messy situation!
    Personally I specify a domain controller of some sort for 10+ users (albeit over much slower WANs). If DC security is an issue, you can use RODCs but with that number of users per site I hope you have an IT team and a server room available so can use full DCs
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **