Not really. I mean like everything, it depends. If you have a LARGE corporate environment. Lets say 20K in user objects, tons and tons of croups servers, PC, etc. Above and beyond boundaries the empty root will (from what I have been told by MS) will increase performance even with cross domain look ups and what not by keeping the individual domain databases smaller. Don't get me wrong, you got 1 domain now. No need. You got 17 that are huge and you are trying to collapse them and get a name space that matches either at the geographic level or divisional level.... You'll want it. Ron Oglesby Senior Technical Architect RapidApp Office 312.372.7188 Mobile 815.325.7618 email roglesby@xxxxxxxxxxxx -----Original Message----- From: Adam.Baum@xxxxxxxxxxxxxx [mailto:Adam.Baum@xxxxxxxxxxxxxx] Sent: Tuesday, July 15, 2003 2:37 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: AD design question I would agree with your "administrative boundary" question with W2K, but AD in 2003 give us more ability to restrict users (and admins) from touching other domains. We had an MS guy out here a few weeks ago and he had trouble explaining the merits. I am not disagreeing with the idea of empty root. It does produce a nice, warm fuzzy. It's just a little difficult to justify on a technical level. The same number of people for it can be found against it. I've got to come with pros/cons of it. Not easy. thin-bounce@freel ists.org To: <thin@xxxxxxxxxxxxx> cc: 07/15/2003 12:22 Subject: [THIN] Re: OT: AD design question PM Please respond to thin Empty roots can be good for different reasons. If you require an administrative boundary of some type (like between domains) then an empty root provides you with a name holder and location for the forest schema and FSMO roles. If you are a small single domain environment with no plans in the future of creating more domains (like through acquisition) then there may be no need. In larger corporate environments it is good from an administrative standpoint. Ron Oglesby Senior Technical Architect RapidApp Office 312.372.7188 Mobile 815.325.7618 email roglesby@xxxxxxxxxxxx -----Original Message----- From: Chris Lynch [mailto:lynch00@xxxxxxx] Sent: Tuesday, July 15, 2003 12:43 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: OT: AD design question -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have never been the one for an empty root domain, but if you have multiple child domains, it could make sense from a naming convention standpoint. IF you are going to design a single domain (which I don't know why, except when autonomy is in question). Chris - -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Adam.Baum@xxxxxxxxxxxxxx Sent: Tuesday, July 15, 2003 10:22 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] OT: AD design question Hi all, Quick question on AD Design. Given the Windows 2003 improves AD, is it still considered good practice to use and empty root domain? If so, why? What are some of the drawbacks to empty root? I am in the process of coming up with a few design ideas for an AD project and need to know pros/cons. I'm having trouble with the empty root concept. While I understand it and its functionality (to a point), I am not sure if it is needed when using Win2003. adam ******************************************************** This weeks sponsor - IDP ServerBoss Restrict, Manage and Control Access to your applications and other valuable Citrix, Windows NT, 2000 and 2003 Server Resources http://www.serverboss.com/default.asp?partner=thethin ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 Comment: Public PGP key for Chris Lynch iQA/AwUBPxQ9Nm9fg+xq5T3MEQJLSgCdE8vO9dYenwdrhObTXI0rwFBFZkQAn3ay l/+Bg5U4vRsZzbK/KrbfRQxx =r0ip -----END PGP SIGNATURE----- ******************************************************** This weeks sponsor - IDP ServerBoss Restrict, Manage and Control Access to your applications and other valuable Citrix, Windows NT, 2000 and 2003 Server Resources http://www.serverboss.com/default.asp?partner=thethin ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This weeks sponsor - IDP ServerBoss Restrict, Manage and Control Access to your applications and other valuable Citrix, Windows NT, 2000 and 2003 Server Resources http://www.serverboss.com/default.asp?partner=thethin ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This weeks sponsor - IDP ServerBoss Restrict, Manage and Control Access to your applications and other valuable Citrix, Windows NT, 2000 and 2003 Server Resources http://www.serverboss.com/default.asp?partner=thethin ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This weeks sponsor - IDP ServerBoss Restrict, Manage and Control Access to your applications and other valuable Citrix, Windows NT, 2000 and 2003 Server Resources http://www.serverboss.com/default.asp?partner=thethin ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm