Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active directory design

Status
Not open for further replies.
markdt

markdt

Technical User
Feb 15, 2006
63
GB
Hi All,

We have a current active directory setup of 5 domains in 5 seperate forests, these 5 domains are at different locations around the country connected via a VPN with standard 1mbps up 8mbps down broadband lines. As it stands they are all trusted so accessing shares and so fourth can take place.

I would like to take advantage of DFS namespaces for sharing of folders over multiple sites. Users at the moment can access these shares but it is really slow.

What i am thinking of suggesting to our IT Team is to consolidate our 5 domains and 5 forests into 1 domain 1 forest. I will be using sites & services within active directory to control replication of the domain controllers.

My question is has anyone got a similar setup of what i am suggesting if so does it work well? or if anyone has better ideas other than creating a single domain any help would be grately appreciated.

Thanks

Mark
 
Sort by date Sort by votes
Couple of thoughts....

1) What is the purpose of the 5 different forests in the network? If they are not needed, why not....
2) Is DFS already in place? Are there local file servers at all sites?
3) When users access the shares, what server is authenticating them? Where are the Global Catalog Servers?
4) How many users are using the broadband connections at each site? Is this enough bandwidth?
 
Upvote 0 Downvote
Thanks for your reply shorty545.

To be honest i really cant think of any purposes of the 5 domains and forests.

No currently DFS is not setup accross the multi forest domain environment. I always thougth that it couldnt be done from forest to forest?

There is at least 1 file server at each site running server 2003. I think we have maybe 1 or 2 with r2 on.

At the three main sites we have 2 broadband lines installed, 1 line for mail activity and web access the other for the VPN. Currently as it stands we have about 5 ppl using RDP over the VPN on a daily basis, but this is going to increase to approx 12.

The main headache i seem to have administering the domins in general. i.e group policys have to be done on all 5 domains, tedeous task. And the other which is file sharing from domain to domain is very slow.

As each domain/forest is seperate we have a global catalog server at each site authenticating users.

Thanks
 
Upvote 0 Downvote
Not sure on the DFS side but I'd definetly look at consolidating down to one forest (and one domain to if you can). After that admining AD and setting stuff like DFS up would be a whole lot easier.
 
Upvote 0 Downvote
If better administrative control is what you are after then 1 forest and 1 domain makes sense, this sort of consolidation is very common. To accomplish the active directory migration tool (ADMT) will be needed



Paul
MCSE


"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
84
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
316
goombawaho
goombawaho
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
80
geneg28
geneg28
axilleas
  • Locked
  • Question
Windows 2012 R2 Active directory problem after applying GPO
Replies
7
Views
143
technome
technome
mkrausnick
  • Locked
  • Question
Can't write to folder even though Active Directory effective permissions shows full control
Replies
1
Views
87
mkrausnick
mkrausnick

Part and Inventory Search

Sponsor

Back
Top