Networks

General discussion

Gravatar
Locked

AD Naming Choice

By Mark ·
I am new to AD and have to set one up for a client and realize that the choices I make now affect the client forever and am concerned about making a good choice for their AD root domain name. I would like to explain the setup and get some feedback on the best choice. The names are ficticious and are there for descriptive purposes.

Client has an existing Internet Domain of lawfirm.com. There is presently about 50 workstations at the main office with a Netware 5 Server that will be phased out once this new WIN2K3 Server is setup. They have an existing standalone Win2K Server as well. They also have a small satellite office in city2 with 2 workstations (no VPN or connection other than dialup Interenet). I have already setup AD with the root domain name city1.lawfirm.com. This seemed logical, but I am now wondering if it is best before continuing with setting up users and such. I also found a reg hack that would prevent the DC from putting an A-Record on the DNS so I guess I could setup the AD root domain the same as the Internet domain of lawfirm.com.

What recommendations would you give on the setup? Leave it like I have it now at city1.lawfirm.com or use the same root domain name as the Internet website and email at lawfirm.com?

Also, any helpful info on migrating the Novell Users and switching the workstations login or getting Novell to register the users with AD, etc.

I am also wanting to join the standalone WIN2K server to AD and setup a DFS root with it and the new WIN2K3 server. Is there a way to get the W2K3 Server to take 95% of the load on this DFS root? The WIN2K Server is running some specific applications and doesn't have near the horsepower of the W2K3 Server. The W2K3 Server will be the PDC and will serve files from the DFS root. I want the DFS root in case of a Server outage so clients can still get their files. I guess I also need to setup the Win2K Server as a BDC?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by ITmanTPC In reply to AD Naming Choice

What I would do is have 2 machines, one machine ADD named lawfirm.com, then I would setup another ADD named city1.lawfirm.com, then at your other remote office city2.lawfirm.com. The only thing tricky about this setup is your DNS. You will have a zone that matches the domain in, for example: www.lawfirm.com. You will need to manage the DNS manually for lawfirm.com for your internal users only. This really is not a problem, they are usually static IP Addresses. For an internal webserver, your better off naming it something different than www anyway.

windows 2003 should have Novell migration scripts ready for your use, if not check out the resource kit.

gravatar
Collapse -

by Mark In reply to

It sounds like you are suggesting 3 Servers setup with 3 domains. This is not an option in this case. I only have 2 Servers to work with and the city2.lawfirm.com domain will not exist until down the road a ways. However, the decision I make now we have to live with down the road, so this is why I am posting the question.

Also the web server is not internal and there is no present need for an internal web server. The external domain lawfirm.com exists with a 3rd party ISP hoster. This is why I am posting this question. If I name it the same, there will be some confusion. If I make it city1.lawfirm.com there could still be some confusion. What are the pros and cons. I could also setup separate forests. But remember, I have limited control of the external Internet domain lawfirm.com.

gravatar
Collapse -

by Mark In reply to AD Naming Choice

It sounds like you are suggesting 3 Servers setup with 3 domains. This is not an option in this case. I only have 2 Servers to work with and the city2.lawfirm.com domain will not exist until down the road a ways. However, the decision I make now we have to live with down the road, so this is why I am posting the question.

Also the web server is not internal and there is no present need for an internal web server. The external domain lawfirm.com exists with a 3rd party ISP hoster. This is why I am posting this question. If I name it the same, there will be some confusion. If I make it city1.lawfirm.com there could still be some confusion. What are the pros and cons. I could also setup separate forests. But remember, I have limited control of the external Internet domain lawfirm.com.

I'm sure this is a common situation. I welcome feedback from others that have crossed this bridge for a while and are happy or unhappy with their choice.

gravatar
Collapse -

by shawn In reply to AD Naming Choice

About the domain name: if there is a chance that the lawfirm will one day host their own web server internally, then it might make sense to name the AD domain using the lawfirm.com namespace. If that's not likely for some time (and given my experience with lawfirms, that's probably a good bet), you could create whatever you wanted. For example, my company has an Internenet domain name registered, but I have no control over it (it's being managed by the parent company). Instead of tying the AD domain to that Internet domain name, I created a namespace for only internal use (company.local - there's no rule that the AD domain namespace has to be .com, .net, .org, etc.).

As for migrating the Novell users into A I know that Bind View Software has a tool set available for migrating NDS users to Windows 2000/2003 environment. Check that out.

Regarding DFS: Basically, all DFS does is create a faux share on one server that will automatically redirect a user request to the correct server. If a server is down it doesn't redirect users to a different location. What you might be interested in are the shadow copy features in Windows 2003. Unfortunately, I'm not running Windows 2003 (yet), so I can't offer much help here.

The Windows 2000 server could (and I would think should) be a domain controller in the new AD domain (note: domain controllers in AD are not PDC/BDC, they are all peer domain controllers), so you have an alternate server available to authenicate users in case of a server outage.

Hope this helps. Let me know how it goes.

Cheers
Shawn

gravatar
Collapse -

by Mark In reply to

The first suggestion helps. I don't expect they will ever host their website, but the concept I did not think about. It is actually too late now, I went ahead and named it city1.lawfirm.com but I did have some issues. It seems I have to point the clients to the DC as the ONLY DNS. Using the ISP's secondarys causes intermittent failures. I just setup the DC to forward to the ISP DNS's. I did try to setup the W2K Server as another DC but I had issues with the Highpoint RAID controller. For some reason the system would just hang for long periods of time with the HD LED on. I demoted it off DC and still had trouble. I then moved it off the RAID controller to a straight IDE controller and left the mirror drive unplugged for now. Now it is working, but no mirror. Then I had issues with clients being logged off by the server after 10 minutes or so of idle time. Seems W2K3 sets very strict security policies by default and I am restling that stuff now. Strict passwords required too, but that was easy to get past. Also from what I read about DFS it can use file replication to keep the same content on different servers in addition to what you described. I'll be trying that later. As far as the Users, I just typed them in. I had about 50 so it wasn't too bad. Thanks for the feedback.

gravatar
Collapse -

by Mark In reply to AD Naming Choice

This question was closed by the author

Back to Networks Forum
6 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums