Please forgive my inexperience again, and forwardness in posting to you
directly, if you are still reviewing this forum, perhaps you would not mind
offering some additional assistance.
I am sorry to again ask your advice, I am reading the AD Primers you
recomended, However, as you showed me, there is alot to learn, I am afraid I
need to ask another question as I need to get this system completed and by
the time I become proficient, well, you understand..
Okay,
If you recall, this Network has 2 domain controllers, you assisted me in
replacing the failed, FIRST, domain controller, it is now running and
functional, However the second domain controller still holds all 5 roles. I
am having trouble finding documentation on which of the two domain
controllers should hold which roles for "Optimum configuration / performance"
and if there is any differance,... I am thinking of just putting the 5 roles
back onto the replaced domain controller..As they were after initial
installation of both into the roles
I was wondering if you could give me the benefit of your experience again,
where would you place the 5 roles..? and why
Happy Thanksgiving
Regards
Jim
--
Jim A.
No problem, that's why the newsgroups are created.
In a single forest domain as you have, all FSMO can be one DC, doesn't matter
which one. You can also devide them between the DCs but even if one fails
you have to seize the missing ones to the other DC, so if they are all on
one or you split them, i can not really see any advantage to split them.
Some people do it the other way around, but it really is not a critical decision.
In a multi-domain forest you have to follow some rules for the FSMO placement.
See here about, this still applies to Windows server 2008 and 2008 Windows
server R2:
http://support.microsoft.com/kb/223346/en-us
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Perhaps I should explain further...
Now.. my Single forest Domain is NTRN.newtron.com
Our plans include building this company over time to over 500 employees, we
are now less than 50, so the single forest domain works well...
It is anticipated we will need
Management
Engineering
Sales
General Users
and that we will want a tree in the forest so to speak for each...
NTRN.mgmt.newtron.com
NTRN.engr.newtron.com
NTRN.sale.newtron.com
NTRN.gnrl.newtron.com
So.... If I am understanding correctly, we would have 4 trees in the forest
NTRN.newtron.com
We may only have the two domain controllers initially as the forest grows
until it appears that the new tree need it's own domain controller...
So I would like to setup these two now with that in mind...
I assume I am correct in my assumptions, I will review the link you sent
regarding placement of the FSMO roles..
Please review my intentions and let me know if they are in fact sound..
Regards
Jim
--
Jim A.
"Meinolf Weber [MVP-DS]" wrote:
> .
>
Guess I got it a little screwed up.. realized that fter reviewing your link..
what we will be after is..
engr.NTRN.newtron.com
mgmt.NTRN.newtron.com
sales.NTRN.newtron.com
gnrl.NTRN.newtron.com
.
does that mak any more sense...? children aned grandchildren have to come
after the parent... not before...(LoL)
Thanks Again
Jim
--
Jim A.
"Meinolf Weber [MVP-DS]" wrote:
> .
>
What is the reason for the child domains? Do you really need them, there
is no real benefit except there own domain name. This setup requires more
administration and also you need more DCs, basically you should have 2 per
domain for failover and redundancy.
You can separate your branches within OUs in AD and delegate administration
that way. PLease describe more detailed why you need the child domains.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Oops... Sorry..
>
> Guess I got it a little screwed up.. realized that fter reviewing your
> link.. what we will be after is..
>
> engr.NTRN.newtron.com
> mgmt.NTRN.newtron.com
> sales.NTRN.newtron.com
> gnrl.NTRN.newtron.com
> .
> does that mak any more sense...? children aned grandchildren have to
> come after the parent... not before...(LoL)
>
> Thanks Again
> Jim
Aparantly.... I don't, (according to you, the expert...[lol])..
Our assumption was, that as each department grew in stature, users, and
Location it would be easier to manage if the domain controllers were local to
the department with an administrator at each site...
i.e. currently one physical location in Boston Massachusetts, about 50
employees in the company.
1 year buisness plan includes a branch office in NY city for the sales
department.
5 yearPlan includes 3 additional locations, Texas, SanFrancisco and Tulsa Ok..
so we were simply considering, placing a duplicate physical server rack in
each location with a different domain name..
is it wiser to use the wan and a single global pair of domain controllers at
headQuarters..?
Yes... I Know.. Again, it looks like I am over my head,
but as the song goes...."I'll get by with a little help from my friends"...
Thank you beatles..
Regards
Jim
--
Jim A.
"Meinolf Weber [MVP-DS]" wrote:
> .
>
Placing domain controllers in remote sites i would always suggest, doesn't
matter if single domain forest or multi domain forest, also they should be
GC and DNS server. So the users can logon even if the WAN connection is broken
to the main office. Therefore AD sites and services must be configured correct
also.
OUs you can use for delegation of the remote site admins without making them
domain administrators, sometimes a good solution to limit permissions and
also if they are not that experienced. There is no problem adding new OUs/sites
if the company growth.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Hmmm...
>
> Aparantly.... I don't, (according to you, the expert...[lol])..
>
> Our assumption was, that as each department grew in stature, users,
> and Location it would be easier to manage if the domain controllers
> were local to the department with an administrator at each site...
>
> i.e. currently one physical location in Boston Massachusetts, about 50
> employees in the company.
> 1 year buisness plan includes a branch office in NY city for the sales
> department.
> 5 yearPlan includes 3 additional locations, Texas, SanFrancisco and
> Tulsa Ok..
> so we were simply considering, placing a duplicate physical server
> rack in each location with a different domain name..
>
> is it wiser to use the wan and a single global pair of domain
> controllers at headQuarters..?
>
> Yes... I Know.. Again, it looks like I am over my head,
> but as the song goes...."I'll get by with a little help from my
> friends"...
> Thank you beatles..
> Regards
> Jim