My question is a little basic for this site, but I am hoping all your expertise will help me design the most efficient active directory structure. I currently have 2 NT domains, one for county government, the other for county police agencies. We plan to create a single forest with 3 trees; an empty root and the 2 existing NT domains. Certain county agencies need access to police servers, and the police need access to certain county servers. All users require intranet access, but only select workstations and users are to have internet access. My quandary is the placement of DNS servers. Do I create one primary DNS server in the null root and secondary DNS servers in the other domains, or do I create a DNS server for each domain and make it active directory integrated? If DNS is active directory integrated, how do users in domain 2 locate resources in domains 3. How will I differentiate users that need internet access from those who do not. We still have hundreds of NT and 98 clients? I'd like to examine all possible scenarios and the pros and cons of each. After reading all your entries over the past several months, I know that if I don't get the DNS setup correct, my active directory will be a disaster. Currently, workstations from each domain that need internet get a DNS server that forwards requests hard coded in the TCP/IP configuration. All others get a local DNS server that does not forward requests.
Cynthia Rittenhouse, MCSE, CCNA LAN Administrator County of Lancaster List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/