[THIN] Re: attention active directory design gurus..again
- From: "Joe Shonk" <joe@xxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 16 Sep 2003 08:09:34 -0700
I would really look into why the customer requires two separate forests. At
first glance it seems that they don't have an understanding of Active
Directory. If your customer needs a separate security context, then look at
moving towards a Parent/Child domain structure. If you need use a different
namespace, then look at creating a separate tree.
If the customer still insists, more power to ya. You'll need to create a
trust relationship between the domains.
As far as what to do with the servers, follow Ron's recommendations.
The DC should be left alone. It's fine in the Domain Controller container.
The citrix servers, move to a separate OU and use loopback on the GPO.
The NFuse server, if you can get away with it being a workgroup server, then
do so. Use local GPO settings or Registry modification to lock the box
down. There are some pretty good security .inf floating around too, just
beware that many of them are set to clear the pagefile on restart/shutdown
(thus create a reaaaaalllly loooooooooooooong restart/shutdown if you have
sizable pagefile)
Joe
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Brian Lilley
Sent: Tuesday, September 16, 2003 6:57 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] attention active directory design gurus..again
What I know about AD design could be written on the back of a stamp...so
brace yourselves..
I am building a Citrix farm which will exist in its very own autonomous AD
forest which will be bolted next to a customers existing forest....don't
ask...its a long story..
The result is, that the users for this farm will come from a totally
seperate AD forest.
What would be the best AD design for this particular configuration...my
thoughts are :-
an overall OU called FARM1,
within the FARM1 OU, are additional OU's 1 for domain controllers, 1 for
Nfuse servers and 1 for the farm XPE servers
My questions are these
1. when the users enter the farm from an external forest, what group would
they come under? i.e. where would I apply the AD GPO in order to restrict
them... I'm guessing that the GPO being applied to the XPe servers would
restrict these users??
2. what sort of GPO would I apply to the domain controllers?
3. what sort of GPO would I apply to the nfuse servers?
I think I'd better read the AD book again...boohoohoo
Brian Lilley
Systems Integration
m +44 (0)7929 002501
t +44 (0)1249 665421
e brian.lilley@xxxxxxxxxxxxxx
**********************************************************************
The information contained in this e-mail message is intended
only for the individuals named above. If you are not the
intended recipient, you should be aware that any
dissemination, distribution, forwarding or other duplication
of this communication is strictly prohibited. The views
expressed in this e-mail are those of the individual author
and not necessarily those of Vivista Limited.
Prior to taking any action based upon this e-mail message
you should seek appropriate confirmation of its authenticity.
If you have received this e-mail in error, please immediately
notify the sender by using the e-mail reply facility.
**********************************************************************
_____________________________________________________________________
This message has been checked for all known viruses on behalf of Vivista by
MessageLabs.
http://www.messagelabs.com or Email: mailsweeper.info@xxxxxxxxxxxxx
Vivista formerly Securicor Information Systems for further information
http://www.vivista.co.uk
********************************************************
This Week's Sponsor: ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor: ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
- References:
- [THIN] attention active directory design gurus..again
- From: Brian Lilley
Other related posts:
- » [THIN] attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- » [THIN] Re: attention active directory design gurus..again
- [THIN] attention active directory design gurus..again
- From: Brian Lilley