Dedicated Forest Root Domain

[Elvis]

Hi,

I have been reading and found that Microsoft recommend
the "Dedicated Forest Root Domain" as best practices. I
am in an enterprise organization, and I understand that
Microsoft wants to split the Forst and Domain roles but
what would I need a "Dedicated Forest Root Domain" for??
If I only plan on having 1 forest?? If we buy another
company and decide to merge them onto our domain, their
domain controller will be rebuilt...no forests
etc....Please advise.
Thanking You
Elvis

 

[Chriss3 [MVP]]

Elvis a dedicated forest root is not necessary in most Cassese, there can be
laws etc that's define the responsible person etc related to this, depending
from country to country, it dose not provide any extra security. chose a
good namespace for the forest root domain and use it as production domain by
may advice. if your company buy another company there domain controllers
have to be rebuild anyhow.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup

 

[ptwilliams]

The main reasons are like you stated: defining the forest structure prior to
amalgamations and acquirements. Generally this is of no use unless you've
got some big domains.

We've setup some customers like this - an empty root with two DCs (both GCs)
balancing the operations masters across them both. Then the main production
domain underneath this. If they acquire another, it is easy to bring this
company into the forest, and even into the same tree if necessary with
everything in place. I guess a lot of it comes from simply having the right
domain names, etc.

It's all about planning. Most people try to keep the tree as flat as
possible however, and structure their administrative and business units via
OUs. Additional domains are only really needed when you have differing
security requirements, a serious need for de-centralised administration,
tightening down on replication traffic and/ or an enormous amount of
objects.

Anyway, some are now posting saying that MS no longer recommends this
setup...

--

Paul Williams
http://www.msresource.net


Why not join us in our free, public forum?
http://forums.msresource.net
______________________________________
Hi,

I have been reading and found that Microsoft recommend
the "Dedicated Forest Root Domain" as best practices. I
am in an enterprise organization, and I understand that
Microsoft wants to split the Forst and Domain roles but
what would I need a "Dedicated Forest Root Domain" for??
If I only plan on having 1 forest?? If we buy another
company and decide to merge them onto our domain, their
domain controller will be rebuilt...no forests
etc....Please advise.
Thanking You
Elvis

 

[Elvis]

Hi Gentleman,

Thanks for your answers on this. I thought I didn't need
an empty forest root. I have thought of all merger
possbilities and none of them require a forest root. We
have purchased lots of companies and we rebuild them to
conform to meet our standards..Our sister company has
implemented an empty forest root in 2001 and this has not
benfited them in anyway. So as stated by both of you I am
not going to implement one as its just not necessary.
Thanks for all the help. It is greatly appreciated.
Thanking You
Elvis

 

[Elvis]

Hi Chris,

Could you possible point me to some resources that state
that one does not need the Dedicated forest root.
All help is much appreciated.
Thanking You
Elvis