K
Keith W. McCammon
All,
I have an AD named company.com. This is a Windows 2000 AD (if it even
matters, for our purposes).
I also have a remote site that needs to be managed, which I'd like to assign
the domain name pub.company.com. This is a Windows 2003 AD in a hosting
environment, and must be its own forest root--yes, we have child domains,
know all about them, but this isn't going to be one of them.
The reasons for this are both security- and availability-related. The
security-related reasons should be obvious. As far as availability is
concerned, this domain and environment must be able to function in the
absence of all of our other systems. Thus, creating a child and having to
rely on the forest root in company.com for selected authentication and
authorization services is not acceptable. Which brings me to my question:
What are the implications for pub.company.com if the company.com name
servers no longer exist or are unreachable? And if there are implications,
are they time-sensitive (I.e., pub.company.com will be happy without
company.com for X days, etc.)?
As its own forest root, I'm not worried about authentication within
pub.company.com in the absence of company.com. I am, however, worried about
any of the usual AD caveats, such as a default setting that tells a
sub-domain that it must be able to reach its parent once every X days, or
else it starts generating all kinds of irrational errors, shutting itself
down when it knows the operators are asleep, growing legs and running away,
etc.
Any feedback, experiences and input are appreciated.
Cheers
Keith
I have an AD named company.com. This is a Windows 2000 AD (if it even
matters, for our purposes).
I also have a remote site that needs to be managed, which I'd like to assign
the domain name pub.company.com. This is a Windows 2003 AD in a hosting
environment, and must be its own forest root--yes, we have child domains,
know all about them, but this isn't going to be one of them.
The reasons for this are both security- and availability-related. The
security-related reasons should be obvious. As far as availability is
concerned, this domain and environment must be able to function in the
absence of all of our other systems. Thus, creating a child and having to
rely on the forest root in company.com for selected authentication and
authorization services is not acceptable. Which brings me to my question:
What are the implications for pub.company.com if the company.com name
servers no longer exist or are unreachable? And if there are implications,
are they time-sensitive (I.e., pub.company.com will be happy without
company.com for X days, etc.)?
As its own forest root, I'm not worried about authentication within
pub.company.com in the absence of company.com. I am, however, worried about
any of the usual AD caveats, such as a default setting that tells a
sub-domain that it must be able to reach its parent once every X days, or
else it starts generating all kinds of irrational errors, shutting itself
down when it knows the operators are asleep, growing legs and running away,
etc.
Any feedback, experiences and input are appreciated.
Cheers
Keith