A couple more Two Domain Forest questions!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello again

I'd like to thank the group for answers to my initial questions two weeks ago. But of
couse that brought about some additional questions

Are there any reasons you'd want a particular domain created first in a two domai
forest? With the knowledge that clients can log into either domain (that will not be
an option in my case), if the majority of clients log into a particular domain, would
that enter into which domain is created first

Also, can one DHCP/WINS server act on behalf of both domains

Thanks again in advance!
 
inline -

Are there any reasons you'd want a particular domain created first in a
two domain
forest? With the knowledge that clients can log into either domain (that
will not be
an option in my case), if the majority of clients log into a particular
domain, would
that enter into which domain is created first?
Click to expand...

Just keep in mind that the domain created first will be the root domain of
the forest and cannot be changed. It will always be the root. Because of
that, there will be two very important groups in that domain you will have
to control carefully - Schema Admins and Enterprise Admins. These accounts
have forest-wide rights that ultimately cannot be prevented (if that's an
issue).

Some organizations use an "empty root" domain to hold these accounts and
provide a level of isolation from the remainder of the domains in the
forest. It can prove to be an easier way to protect the forest.

Also, can one DHCP/WINS server act on behalf of both domains?
Click to expand...

Certainly.


-ds
 
----- Dave Shaw [MVP] wrote: ----

inline

Are there any reasons you'd want a particular domain created first in a
two domai
forest? With the knowledge that clients can log into either domain (that
will not b
an option in my case), if the majority of clients log into a particular
domain, woul
that enter into which domain is created first
Click to expand...

Dave, thanks for your quick reply
Inline as well

Just keep in mind that the domain created first will be the root domain of
the forest and cannot be changed. It will always be the root. Because of
that, there will be two very important groups in that domain you will have
to control carefully - Schema Admins and Enterprise Admins. These accounts
have forest-wide rights that ultimately cannot be prevented (if that's an
issue)

Dave, that's an issue I didn't think of. In my case it would definetly come into play.
That answers that question....heheh
Also, can one DHCP/WINS server act on behalf of both domains
Click to expand...

Certainly

Thanks again! I've only got one additional box to serve both functions, so this i
a plus


-d

Thanks again
 
Back
Top