Empty Root Domain

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Have you fully thought through the possibility of using OUs in a single
domain to achieve the same thing?

Investigate this first, because it will give you optimum use of hardware and
simplify your environment, while still allowing full delegation of control
of OUs.

The usual reason for creating a multi-domain forest is to allow different
password policies.

Regards

Oli


"bumba" <bumbaahi@yahoo.com> wrote in message
news:7967e19c.0409060830.26e060dd@posting.google.com...
> Hello everybody,
>
> I am installing (trying to) a new Domain Controller on a powerfull
> computer.
> My company has several branches, geographically apart from each other.
>
> I want to give those branches the control of their own domain, and
> also I will have my own domain.
>
> We (me and the other branches) will have a domain name like:
> -branch1.mycorp.com
> -branch2.mycorp.com
> -branch3.mycorp.com, etc, etc
>
> I am branch1. Problem, How do I install the first domain controller ?
>
> When asked by the FQDN (following the active directory wizard), should
> I try:
> machineonbranch1.branch1.mycorp.com ?
> If I do that, then my root forest will be branch1.mycorp.com, and not
> mycorp.com as I wanted to be ?
>
> I don't want to waste a good machine only to be an empty domain
> controller of mycorp.com, I want that machine to be the domain
> controller of branch1 domain, but at the same time, I want that when
> someone in branch2 creates his domain controller, he can use
> branch2.mycorp.com and not branch2.branch1.mycorp.com.
>
>
> Do I make any sense ? If not, this is a summary:
> forest domain: mycorp.com
> child domain 1: branch1.mycorp.com
> child domain 2: branch2.mycorp.com
>
> domain controller of branch1: machineonbranch1
>
> domain controller of branch2: machineonbranch2
>
>
> machineonbranch1 is the first domain controller ever installed in my
> company, which makes it the root domain controller, but I don't want
> branch1.mycorp.com be the root domain of my company. Any way to do
> that?
>
>
>
> Thanks a lot for your inputs,
>
> Regards,
> Tommy

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

Correct.

What Oli is saying is that you would use Sites from the ADSS MMC ( Active
Directory Sites and Services MMC ) for each location ( if that is how things
are ) and create an OU for each location and then, if necessary, use the
Delegation Wizard to grant a certain user - or group, even if there is just
one person in it - the ability to do 'things' ( whatever that might mean ).

HTH,

Cary

"Oli Restorick [MVP]" <oli@mvps.org> wrote in message
news:uj$CFDFlEHA.3648@TK2MSFTNGP09.phx.gbl...
> Have you fully thought through the possibility of using OUs in a single
> domain to achieve the same thing?
>
> Investigate this first, because it will give you optimum use of hardware
and
> simplify your environment, while still allowing full delegation of control
> of OUs.
>
> The usual reason for creating a multi-domain forest is to allow different
> password policies.
>
> Regards
>
> Oli
>
>
> "bumba" <bumbaahi@yahoo.com> wrote in message
> news:7967e19c.0409060830.26e060dd@posting.google.com...
> > Hello everybody,
> >
> > I am installing (trying to) a new Domain Controller on a powerfull
> > computer.
> > My company has several branches, geographically apart from each other.
> >
> > I want to give those branches the control of their own domain, and
> > also I will have my own domain.
> >
> > We (me and the other branches) will have a domain name like:
> > -branch1.mycorp.com
> > -branch2.mycorp.com
> > -branch3.mycorp.com, etc, etc
> >
> > I am branch1. Problem, How do I install the first domain controller ?
> >
> > When asked by the FQDN (following the active directory wizard), should
> > I try:
> > machineonbranch1.branch1.mycorp.com ?
> > If I do that, then my root forest will be branch1.mycorp.com, and not
> > mycorp.com as I wanted to be ?
> >
> > I don't want to waste a good machine only to be an empty domain
> > controller of mycorp.com, I want that machine to be the domain
> > controller of branch1 domain, but at the same time, I want that when
> > someone in branch2 creates his domain controller, he can use
> > branch2.mycorp.com and not branch2.branch1.mycorp.com.
> >
> >
> > Do I make any sense ? If not, this is a summary:
> > forest domain: mycorp.com
> > child domain 1: branch1.mycorp.com
> > child domain 2: branch2.mycorp.com
> >
> > domain controller of branch1: machineonbranch1
> >
> > domain controller of branch2: machineonbranch2
> >
> >
> > machineonbranch1 is the first domain controller ever installed in my
> > company, which makes it the root domain controller, but I don't want
> > branch1.mycorp.com be the root domain of my company. Any way to do
> > that?
> >
> >
> >
> > Thanks a lot for your inputs,
> >
> > Regards,
> > Tommy
>
>

Archived from groups: microsoft.public.win2000.setup_deployment (More info?)

You're welcome.

AD has the concept of sites (sets of IP subnets that have high bandwidth and
a permanent connection), so inter-site replication is handled differently.

With NT4, you had to use domains to restrict replication traffic. Don't let
the compromises you had to make under NT4 cloud your AD design decisions!

Go and grab a copy of Mark Minasi's "Mastering Windows Server 2003",
published by Sybex (even if you're still using Windows 2000, as it covers
both).

Cheers

Oli



"bumba" <bumbaahi@yahoo.com> wrote in message
news:7967e19c.0409070927.53341059@posting.google.com...
> "Oli Restorick [MVP]" <oli@mvps.org> wrote in message
> news:<uj$CFDFlEHA.3648@TK2MSFTNGP09.phx.gbl>...
>> Have you fully thought through the possibility of using OUs in a single
>> domain to achieve the same thing?
>>
>> Investigate this first, because it will give you optimum use of hardware
>> and
>> simplify your environment, while still allowing full delegation of
>> control
>> of OUs.
>>
>> The usual reason for creating a multi-domain forest is to allow different
>> password policies.
>>
>> Regards
>>
>> Oli
>>
>>
> Thanks a lot Oli!
>
> I will have probably 10-15 different domains with their respective
> administrators on each branch. Will the replication traffic be a
> problem if I go with OUs instead of domains ?