N
NETCRAMMER
How do I create a dedicated forest root?
How does this affect my dns structure?
I have multiple domains.
-NET
How does this affect my dns structure?
I have multiple domains.
-NET
T
Tomasz Onyszko
NETCRAMMER said:
Do you plan to consolidate this domains or something ?
In theory dedicated forest root is a single domain (just AD domain)
with the root DNS name (for example company.com) which acts as "parent
domain" for any other domain trees You are creating. You don't create
any objecets such users or computers in this domain - only the forest
wide objects like for example highest level administrative accounts.
For this domain You have to maintein standard DNS structure and DC's
(two of them is minimum in my opinion).
Your DNS structure is created just like in the standard AD design - You
can replicate DNS zones for root forest domain to the sub-level DNS for
good performance of naming service, if it will be based on Windows 2003
You can use stub zones instead of replicating all DNS informations.
Please describe Your case with some more deatils becouse - what You have
right now , what You want to achive and what are You planning?
C
Chriss3
Hello, The first domain you create is assigned the role as forest root
domain. The DNS Design is a part of it self
You may put all domains in
one zone or create one zone for each domain and only allow it replicate to
domain controllers in the particular domain.
If you already have domains, you also have an forest root domain.
An Dedicated Forest root domain dose not provide any security more than may
laws in your country. Create domains for replication reasons and
administrative task delegation. Create another forest for isolation.
domain. The DNS Design is a part of it self
You may put all domains inone zone or create one zone for each domain and only allow it replicate to
domain controllers in the particular domain.
If you already have domains, you also have an forest root domain.
An Dedicated Forest root domain dose not provide any security more than may
laws in your country. Create domains for replication reasons and
administrative task delegation. Create another forest for isolation.
N
NETCRAMMER
not at the moment. However we may take on an "outside" domain with AD
already in place.
can we integrate their domain into our "new" forests? and how will this
affect their dns structure? (if at all).
presently we do not have AD in place. we have a multiple domain (NT)
envirionment with primary and secondary dns.
we are upgrading our infrastructure servers to windows 2003 and would like
to use active-directory
in the process. our biggest concern is DNS -we dont want to make any
"drastic" changes to our current
dns structure. Should we upgrade our primary and secondary dns to AD
integrated zones? and why? what are the
benefits? and again how does this affect our current dns structure. Does
creating a new forest change our dns structure?
will our child domains take on a new FQDN? or can we continue to use what is
in place? and how does this change if we
use a dedicate forest root? -the reason we are looking at a dedicated forest
root is because of the other domains that may
come into play in the future and some of them already have AD. are we force
to use cross-trusts?
Thx. in adv.
-NET
already in place.
can we integrate their domain into our "new" forests? and how will this
affect their dns structure? (if at all).
presently we do not have AD in place. we have a multiple domain (NT)
envirionment with primary and secondary dns.
we are upgrading our infrastructure servers to windows 2003 and would like
to use active-directory
in the process. our biggest concern is DNS -we dont want to make any
"drastic" changes to our current
dns structure. Should we upgrade our primary and secondary dns to AD
integrated zones? and why? what are the
benefits? and again how does this affect our current dns structure. Does
creating a new forest change our dns structure?
will our child domains take on a new FQDN? or can we continue to use what is
in place? and how does this change if we
use a dedicate forest root? -the reason we are looking at a dedicated forest
root is because of the other domains that may
come into play in the future and some of them already have AD. are we force
to use cross-trusts?
Thx. in adv.
-NET
T
Tomasz Onyszko
You can not integrated this - You will have to join this two forestsNETCRAMMER said:
with trust relationship
So don't but You will have to be sure that this DNS server can handle AD
- so preferred solution will be upgrading this DNS servers to windows
2003 server
simplify replication and dynamic secure updates for example
I don't know Your current DNS infrastructure so I can't tell You how
introducing AD will affect this.
your child domains will take names with the FQDN of root so it will be
looks like child.FQDN_OF_ROOT
You cann't incorporate this existing domain into Your forest so You wil
have to use trusts - so You will have to preserve existing DNS
infrastructure for both domains and ensure that they can resolve
properly names from each other.
There can be a lot of issues with design this things, with such little
information I can't provide You with complete solution
Did I help You?
if not please post other questions, maybe in smallerpieces for specific issue and with some more infroamtion about You
existing environment
N
NETCRAMMER
actually you've been a great help.
sorry for the compulsive questioning. lol.
I'll try and be simple...
Here's just one (prob. not my last).
-Is a dedicated forest root the same as an empty root forest? I a bit
confused on this.
sorry for the compulsive questioning. lol.
I'll try and be simple...
Here's just one (prob. not my last).
-Is a dedicated forest root the same as an empty root forest? I a bit
confused on this.
S
Simon Geary
NETCRAMMER said:
Yes, they are just two different terms for the same thing.