[THIN] Re: OT: AD design question

• From: "Ron Oglesby" <roglesby@xxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Tue, 15 Jul 2003 14:52:51 -0500

Not really. I mean like everything, it depends. If you have a LARGE
corporate environment. Lets say 20K in user objects, tons and tons of
croups servers, PC, etc. Above and beyond boundaries the empty root will
(from what I have been told by MS) will increase performance even with
cross domain look ups and what not by keeping the individual domain
databases smaller. Don't get me wrong, you got 1 domain now. No need.
You got 17 that are huge and you are trying to collapse them and get a
name space that matches either at the geographic level or divisional
level.... You'll want it. 

Ron Oglesby
Senior Technical Architect
 
RapidApp
Office 312.372.7188
Mobile 815.325.7618
email roglesby@xxxxxxxxxxxx
 

-----Original Message-----
From: Adam.Baum@xxxxxxxxxxxxxx [mailto:Adam.Baum@xxxxxxxxxxxxxx] 
Sent: Tuesday, July 15, 2003 2:37 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: AD design question


I would agree with your "administrative boundary" question with W2K, but
AD
in 2003 give us more ability to restrict users (and admins) from
touching
other domains.   We had an MS guy out here a few weeks ago and he had
trouble explaining the merits.  I am not disagreeing with the idea of
empty
root.  It does produce a nice, warm fuzzy.  It's just a little difficult
to
justify on a technical level.    The same number of people for it can be
found against it.  I've got to come with pros/cons of it.  Not easy.




 

                      thin-bounce@freel

                      ists.org                 To:
<thin@xxxxxxxxxxxxx>

                                               cc:

                      07/15/2003 12:22         Subject:  [THIN] Re: OT:
AD design question                                            
                      PM

                      Please respond to

                      thin

 

 





Empty roots can be good for different reasons. If you require an
administrative boundary of some type  (like between domains) then an
empty root provides you with a name holder and location for the forest
schema and FSMO roles. If you are a small single domain environment with
no plans in the future of creating more domains (like through
acquisition) then there may be no need. In larger corporate environments
it is good from an administrative standpoint.

Ron Oglesby
Senior Technical Architect

RapidApp
Office 312.372.7188
Mobile 815.325.7618
email roglesby@xxxxxxxxxxxx


-----Original Message-----
From: Chris Lynch [mailto:lynch00@xxxxxxx]
Sent: Tuesday, July 15, 2003 12:43 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: AD design question


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have never been the one for an empty root domain, but if you have
multiple
child domains, it could make sense from a naming convention standpoint.
IF
you are going to design a single domain (which I don't know why, except
when
autonomy is in question).

Chris

- -----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Adam.Baum@xxxxxxxxxxxxxx
Sent: Tuesday, July 15, 2003 10:22 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: AD design question

Hi all,

Quick question on AD Design.  Given the Windows 2003 improves AD, is it
still considered good practice to use and empty root domain?  If so,
why?
What are some of the drawbacks to empty root?

I am in the process of coming up with a few design ideas for an AD
project
and need to know pros/cons.  I'm having trouble with the empty root
concept.
While I understand it and its functionality (to a point), I am not sure
if
it is needed when using Win2003.

adam


********************************************************
This weeks sponsor - IDP ServerBoss
Restrict, Manage and Control Access to your applications and other
valuable
Citrix,  Windows NT, 2000 and 2003 Server Resources
http://www.serverboss.com/default.asp?partner=thethin
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use
the below link:
http://thethin.net/citrixlist.cfm
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBPxQ9Nm9fg+xq5T3MEQJLSgCdE8vO9dYenwdrhObTXI0rwFBFZkQAn3ay
l/+Bg5U4vRsZzbK/KrbfRQxx
=r0ip
-----END PGP SIGNATURE-----


********************************************************
This weeks sponsor - IDP ServerBoss
Restrict, Manage and Control Access to your applications
and other valuable Citrix,  Windows NT, 2000
and 2003 Server Resources
http://www.serverboss.com/default.asp?partner=thethin
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - IDP ServerBoss
Restrict, Manage and Control Access to your applications
and other valuable Citrix,  Windows NT, 2000
and 2003 Server Resources
http://www.serverboss.com/default.asp?partner=thethin
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm





********************************************************
This weeks sponsor - IDP ServerBoss
Restrict, Manage and Control Access to your applications 
and other valuable Citrix,  Windows NT, 2000 
and 2003 Server Resources 
http://www.serverboss.com/default.asp?partner=thethin
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This weeks sponsor - IDP ServerBoss
Restrict, Manage and Control Access to your applications 
and other valuable Citrix,  Windows NT, 2000 
and 2003 Server Resources 
http://www.serverboss.com/default.asp?partner=thethin
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] Re: OT: AD design question
    • From: Chris Lynch

Other related posts:

• » [THIN] OT: AD design question
• » [THIN] Re: OT: AD design question
• » [THIN] Re: OT: AD design question
• » [THIN] Re: OT: AD design question
• » [THIN] Re: OT: AD design question
• » [THIN] Re: OT: AD design question
• » [THIN] Re: OT: AD design question
• » [THIN] Re: OT: AD design question

1. Home
2. thin
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---