Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

A Windows 2008 AD design question.. 3

Status
Not open for further replies.

blade1000

IS-IT--Management
Mar 1, 2009
133
US
hello all-

I am building out Windows 2008 server/Active Directory for this company.

The company has roughly 7 or 8 subsidiary businesses in which none of them have any type of Active Directory running whatsoever.

My goal is to start with two servers, start the install process for Windows 2008 and build AD.. there will be meetings throughout the week with management discussing things like OU's, GPOs etc..

There is a debate about how to bring in all of the subsidiaries into the AD Schema and whether or not to make all the 7 businesses child domains or to make them OU's... if I make them OU's which seem to be a cheaper and simpler solution since I won't need a DC for each subsidiary, will these OU's allow me to use somewhat of a business name that appends to the DNS parent name space?

for instance, I will make the parent dns name something like business.com at the root... If I bring in a child domain which I do plan on doing, it might be something like - first.business.com.. so since I have a child domain, can I introduce 7 (business based) OU's that will collapse something like i,e subsidiary1.first.business.com, then the second business will be subsidiary2.first.business.com etc etc..

can this be done? the company does not want me to implement 7 child domains here, this would mean the purchase of 7 servers in order to make them DCs. so I was wondering a more simplistic solution.

any thoughts at all on this topic would be greatly appreciated.

blade

 
If i understand what you are trying to do and how you are describing it you would have to create child domains.

OUs you can name after the subsiduary, but the way you are describing it with doing DNS like that you would be creating child domains.

Wm. Reynolds
Senior VP - Information Technology and Fleet Operations
Texas Public Safety Solutions | PremCOM

- - - - - - - - - - - - -

Network Error:
Hit any user to continue
 
OUs don't have DNS namespace like you describe. Only domains do.

Since you have a requirement to not buy additional hardware, then OUs are the answer.

But - if the first (and really, only) domain will be running on those two DCs, why not just make it business.com and be done with it? From there, create your various OUs, delegate accordingly, and you'll have a nice, clean OU structure.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Single domain is definitely the way to go here, makes admin in the long term very easy.

I'm taking a guess that your dns queries is relating to external dns namespace which doesn't really have any relevance to what the AD domain is.
 
Thanks to all!

logistically I will stick with the single domain, and manage the various businesses as OUs then.

stars to all

blade
 
All-

Sorry for late reply on this. It will essentially be a single domain with OU's for each business..

I will be ready for the migration stages of this. I am setting up a server running Win2k3 at the "new" Windows 2k8 schema and am looking for different options here. This project includes 6 businesses (some are setup in individual workgroups and there are actually 3 different domains as well.. so 3 workgroups and 3 domains.

All of these users collectively will need to join the "new" domain and move away from all these disparate entities what have you.

Overall there are roughly 250 users collectively to migrate into this new forest from wherever they reside either in one of the work groups or their respective domain.

So.. other than a manual process (create user, create OU, place them in OU etc) would it be more advisable to just use ADMT properly and migrate the users...

I worry about user ACL's and their rights to certain files and folders when using the ADMT. Perhaps I am expecting too much out of this tool. If I didn't use the tool I'd have to manually configure each users right to the data files were will copy over on to a file share in the new domain..

Any options for a more seamless process? any information or objectives you are willing to discuss here will be most appreciated.

thanks again!

blade
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top