benefits of having an empty root domain?

[Guest]

Are there any benefits of having an empty root domain?

The organization i work with has this setup. There are 2 IT departments in
our organization.....which have been just combined into 1. Each of the 2
departments had there own domain under the empty root. An administration
domain and an instructional domain.

Would there be any potential benefits to set things up some other way? Where
could i find more detailed info?

Thank you
Paul B.

 

[Herb Martin]

Are there any benefits of having an empty root domain?

The organization i work with has this setup. There are 2 IT departments in
our organization.....which have been just combined into 1. Each of the 2
departments had there own domain under the empty root. An administration
domain and an instructional domain.

I have never been convinced there are any significant benefits
just "because"...

Obviously it costs you are least one DC (probably more.)

Now, if you wish to have multiple child domains (siblings)
then it can certainly make sense to have a common parent for
the Enterprise Admins and IT specific resources.

Would there be any potential benefits to set things up some other way? Where
could i find more detailed info?

 

[Guest]

While this used to be seen as a best practice, I think Microsoft has
abandoned this scenario for the most part.

Political reasons aside . Generally speaking, new domains are required if:

a) You require differing domain security policies between two parts of an
organization

b) You require more control over replication (global catalog) between two
parts of an organization

Otherwise I would just consider an OU design and delegation of admin to
handle the differing responsibility areas.

 

[Glenn L]

I posted the same on another post.
So, I'm copying here for your benefit Paul.

Pros
Seperates the sensitive enterprise admin and schema admin groups from the
rest of the forest. Anyone in the domain administrators group (in
the forest root domain) can elevation their privelegs and add themselves to
the enterprise admins and schema admins groups.
Provides a convenient placeholder domain to move objects into and out of
during migration and restructuring activities.
DNS namespace politics. lets say you are contoso.com and you aquire
nwtraders.com (notice I have been trolling practice exams lately ;-)
I suspect the nwtraders.com executives would raise an eyebrow if they were
to be migrated into nwtraders.contoso.com child domain.
If you had a placeholder root domain....lets say corp.com
Then you would have contoso.corp.com, and you could migrate nwtraders into
nwtraders.corp.com Nice and pretty right.....

Cons
You must maintain 2 computers and 2 Windows server licenses.
forest wide sensitive groups in a production domain. Future divisions that
may require domains of their own may be adverse to that level of trust in
your domain administrators.
DNS namespace managment.
Take my example.
As an alternative to nwtraders.contoso.com, you could create a new tree in
the forest called nwtraders.com (actually it would have to be slightly
different to get trusts setup and to use ADMT to perform the migration)
Now you have two seperate namespaces you must manage and setup properly to
create seamless name resolution throughout your forest.
Of course it is possible to setup multiple tree roots even if there is an
empty placeholder root domain. I can't think of a good reason to have that.