Do you have any specific info on the future versions that may allow removal of schema extensions? We are starting a discussion on a schema change policy and this would be very timly info.
Diane -----Original Message----- From: Rachui, Scott [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 11:13 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... This is a good list. The only modification I'd make to it is that ALL schema changes are permanent. There is currently no way to remove anything from the Schema. In future versions, yes. But not at present. -----Original Message----- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 1:15 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... -----Original Message----- From: Strand, Ted [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 1:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... Here are the points we used Had to copy to this e mail Was in PowerPoint format. This is for using separate forests (User accounts in one forest, resources in separate forests) There may be some things that have been left out. Pros Public Key Infrastructure Auto enrollment Single source for certificates Essential in secure e-commerce transactions between businesses Certificate Revocation List (CRL) Lower cost to support and maintain a single forest Case Studies and Gartner Report Indicate averages of 17% reduction in TCO $300-$600 per desktop savings in administration costs per year Common Schema Definition and extensibility of object classes are maintained centrally by committee Reduces risk of catastrophic failure, since group administrative membership for modifying the schema is smaller (some schema changes are permanent) Management of objects within an OU are easier to maintain and administer in a single forest Business Unit Administrators still maintain control of resources Common userid with permissions to multiple objects Supports single sign on from anywhere in the forest Easier search capabilities in AD Promotes single, one company view of the enterprise Increased collaboration thru a common global catalog Lower costs of performing audits to validate that separate forests are following corporate policies Less complex and more efficient use of bandwidth for replication and synchronization across the enterprise Allows common visible distribution lists, meeting requests, calendaring, instant messaging, presence notification, and a shared community of user throughout the forest Easier to find users and resources throughout the organization in a single forest (The AD Structure is transparent to user) Information and processes are consolidated Terminal Server management tools only recognize one forest Lower admin costs Distribution of administration is easier to delegate OU's are the new units of administration Local and centralized Cons Separate Exchange Organizations Increased network traffic Complicated Logons Users have to log on using UPN Logon time increased by 30 - 40 % TCO is higher More Labor Higher Maintenance Increased machine (server) needs Introduces complexity Synchronization of objects between forests isn't (natively) supported Requires very expensive Metadirectory services from Microsoft or 3rd party Vendor ( Can cost over one million dollars) Increased points of failure Duplication of efforts across the organization Multiple Schemas to maintain Duplication of Backup and Recovery processes Multiple DNS designs Complex navigation (Users will have to navigate AD Structure) Promotes separate company views of the enterprise Only NT4 style non-transitive trust are supported between forests Higher cost of managing the trusts (manual setup) Higher propensity for failure (due to human error - manual setup) ----Original Message----- From: Ellis, Debbie [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 9:57 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Introductions... K Can you forward a copy of the pro's/con's list that you presented? We are about to embark on the same battle. Any information (documentation) that anyone has would be very beneficial. -Ted Strand- Tech Data Corporation - Cheers, Paul List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/