AD Design Question

G

Guest

Anybody know a good document that discusses the pro's and con's of using child domains vs using seperate trees?

What I mean is..if I have a domain called example.com and two remote locations...One route would be to make the two remote locations child domains of example.com (child.example.com & child2.example.com).

OR

I instead of using contiguous child domains, I could just make the two remote domains their own seperate tree but still in the same forest.

Does one vs. the other affect replication traffic at all? Any thoughts or ideas greatly appreciated.
 
C

Cary Shultz [A.D. MVP]

Jason,

I do not have any links, per se. I can provide you with some if you wish.
Based on what little information you have provided I might suggest that you
simply make use of Active Directory Sites and Services. This is a 'new'
concept ( introduced in WIN2000 ) in that you can have one domain spread
across multiple physical locations. It is a rather nice feature.

There would not necessarily be any need for children domains or for separate
forests UNLESS there are some other factors that you have not yet mentioned.
Remember, you have provided little detail ( which is okay at this juncture )
and my response is very general in nature.

If you would care to share more information with all of us I am sure that we
can help lead you to a better solution ( based on the information that you
share with us ).

Here are some links to some MS Knowledge Base Articles concerning Sites...

http://support.microsoft.com/default.aspx?scid=kb;en-us;318480

http://support.microsoft.com/default.aspx?scid=kb;en-us;316812

http://support.microsoft.com/default.aspx?scid=kb;en-us;306602

http://support.microsoft.com/default.aspx?scid=kb;en-us;271997&Product=win2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;224815&Product=win2000

http://support.microsoft.com/default.aspx?scid=KB;en-us;247811

http://support.microsoft.com/default.aspx?scid=KB;en-us;247811

http://www.microsoft.com/windows200...chinfo/reskit/en-us/distrib/dsbc_nar_jevl.asp

HTH,

Cary


Jason said:
Anybody know a good document that discusses the pro's and con's of using
Click to expand...
child domains vs using seperate trees?
What I mean is..if I have a domain called example.com and two remote
Click to expand...
locations...One route would be to make the two remote locations child
domains of example.com (child.example.com & child2.example.com).
OR

I instead of using contiguous child domains, I could just make the two
Click to expand...
remote domains their own seperate tree but still in the same forest.
Does one vs. the other affect replication traffic at all? Any thoughts or
Click to expand...
ideas greatly appreciated.
 
M

Michael Holzemer

Jason said:
Anybody know a good document that discusses the pro's and con's of
using child domains vs using seperate trees?

What I mean is..if I have a domain called example.com and two remote
locations...One route would be to make the two remote locations child
domains of example.com (child.example.com & child2.example.com).

OR

I instead of using contiguous child domains, I could just make the
two remote domains their own seperate tree but still in the same
forest.

Does one vs. the other affect replication traffic at all? Any
thoughts or ideas greatly appreciated.
Click to expand...


This will help you with your AD questions and will explain why you would use
seperate trees.
http://www.microsoft.com/technet/tr...prodtechnol/AD/windows2000/deploy/default.asp
--
Regards,

Michael Holzemer
No email replies please - reply in newsgroup

Learn script faster by searching here
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/default.asp
 
G

Guest

Well, here is a little more info for you

Three domains, one in Texas, one in Florida, and one is France. Each domain is currently an NT 4.0 domain using Exchange 5.5. I'm starting to plan the companies move to Active Directory and someone suggested using seperate trees in the domain instead of using child domains and a contiguous namespace. For political reasons, the there has to be three domains. But the naming convention is up to us. So, my first idea is to make the main site domain named, "example.com" and the two remote sites, "child.example.com" and "child1.example.com". That's when it was suggested that we should use seperate trees all together..in that case, my forest root domain would be "example.com" and my two remote sites would be "something .com" and "somethingelse.com", but still all part of the same forest.

I think that should help a little bit as far as filling in any gaps. So, the questions is...is there a technical reason for doing one vs. the other? It was suggested to me that using different trees for the sites would be better technically because it will reduce replication traffic across our WAN links. But that doesn't make sense to me because our replication traffic should be the same. After all..their all still child domains no matter what their name is. Make sense? What do you think

Michael gave me the Windows 2000 deployment link, and I have read through the sections concerning AD Forests, trees, and domains. But it doesn't discuss how implementing either model is different except to say something like, "If you need to have need to use a different namespace for your child domains, then use seperate trees for them in your AD design." Basically, Microsoft seems to be telling me that either or is fine and the same technically and that implementing either of them is usually a Business decision.
 
M

Michael Holzemer

Jason said:
Well, here is a little more info for you,

Three domains, one in Texas, one in Florida, and one is France. Each
domain is currently an NT 4.0 domain using Exchange 5.5. I'm
starting to plan the companies move to Active Directory and someone
suggested using seperate trees in the domain instead of using child
domains and a contiguous namespace. For political reasons, the there
has to be three domains. But the naming convention is up to us. So,
my first idea is to make the main site domain named, "example.com"
and the two remote sites, "child.example.com" and
"child1.example.com". That's when it was suggested that we should
use seperate trees all together..in that case, my forest root domain
would be "example.com" and my two remote sites would be "something
.com" and "somethingelse.com", but still all part of the same forest.

I think that should help a little bit as far as filling in any gaps.
So, the questions is...is there a technical reason for doing one vs.
the other? It was suggested to me that using different trees for the
sites would be better technically because it will reduce replication
traffic across our WAN links. But that doesn't make sense to me
because our replication traffic should be the same. After all..their
all still child domains no matter what their name is. Make sense?
What do you think?

Michael gave me the Windows 2000 deployment link, and I have read
through the sections concerning AD Forests, trees, and domains. But
it doesn't discuss how implementing either model is different except
to say something like, "If you need to have need to use a different
namespace for your child domains, then use seperate trees for them in
your AD design." Basically, Microsoft seems to be telling me that
either or is fine and the same technically and that implementing
either of them is usually a Business decision.
Click to expand...

Here is some more for you. You may find this more informative for your
situation. Administratively you may find it best to have an empty forest
root of example.com and three children, France, Texas, and Florida.


--
Regards,

Michael Holzemer
No email replies please - reply in newsgroup

Learn script faster by searching here
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/default.asp
 
D

David Adner

I don't think there's any major technical differences to having 3
separate trees in a forest vs a single tree with child Domains. Each
tree will be the tree root, and so have automatic two-way kerberos
trusts between the other (or at least with the forest root.) Same
applies for your child domains/tree option. I don't know much about
Exchange, so you may want to ask in that newsgroup, but if you have 3
separate Exchange domains, that might be a good reason to go with the 3
tree design.

And like you thought, the two scenarios have no direct relation to
replication traffic. Not sure what your colleague is referring to
except maybe DNS replication?
 
J

joe

With windows sites configured you have complete control
over when replicaton occurs (ad replication) between your
sites. As far as Exchange goes you do not need separate
trees or even domains for Exchange 2000. I have seen werid
problems with Exchange 2000 living in forests with
multiple trees and having Exchange boxes in different
trees. Other than political reasons I don't know why you
would want separate trees. I would go with the empty root
and child domain structure.
-----Original Message-----
I don't think there's any major technical differences to having 3
separate trees in a forest vs a single tree with child Domains. Each
tree will be the tree root, and so have automatic two-way kerberos
trusts between the other (or at least with the forest root.) Same
applies for your child domains/tree option. I don't know much about
Exchange, so you may want to ask in that newsgroup, but if you have 3
separate Exchange domains, that might be a good reason to go with the 3
tree design.

And like you thought, the two scenarios have no direct relation to
replication traffic. Not sure what your colleague is referring to
except maybe DNS replication?
Click to expand...
France. Each domain is currently an NT 4.0 domain using
Exchange 5.5. I'm starting to plan the companies move to
Active Directory and someone suggested using seperate
trees in the domain instead of using child domains and a
contiguous namespace. For political reasons, the there
has to be three domains. But the naming convention is up
to us. So, my first idea is to make the main site domain
named, "example.com" and the two remote
sites, "child.example.com" and "child1.example.com".
That's when it was suggested that we should use seperate
trees all together..in that case, my forest root domain
would be "example.com" and my two remote sites would
be "something .com" and "somethingelse.com", but still all
part of the same forest.in any gaps. So, the questions is...is there a technical
reason for doing one vs. the other? It was suggested to
me that using different trees for the sites would be
better technically because it will reduce replication
traffic across our WAN links. But that doesn't make sense
to me because our replication traffic should be the same.
After all..their all still child domains no matter what
their name is. Make sense? What do you think?have read through the sections concerning AD Forests,
trees, and domains. But it doesn't discuss how
implementing either model is different except to say
something like, "If you need to have need to use a
different namespace for your child domains, then use
seperate trees for them in your AD design." Basically,
Microsoft seems to be telling me that either or is fine
and the same technically and that implementing either of
them is usually a Business decision.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AD design and flat AD network 7
cross domain trusts 2
Adding Child Domain 3
AD Design question 6
Merging two trees into a forest 2
ad design question 2
Make an existing domain a child of a new domain tree 2
child domains and dns design 5

Top