I can't get too specific about the
requirements, so please don't ask ;-)
I'm looking for your ideas, opinions and
experience on how you maintain different sets of schemas for different forests
that you manage (for the same customer).
Basically, consider this: you have an
internal domain (single domain forest) and another (or several) single domain
forest(s) in a DMZ. They might have Exchange and one or two other
directory-enabled apps that extend the schema, and you have your own
standard/default schema.
Do you see any security implications in
having the same schema in the DMZ-type networks as that of the internal
domain? And if not, how do you manage updates and
testing, etc?
I might have several single domain
forests. Internal ones, and serveral of these DMZ based domains.
It's not really a DMZ, but is a different network and is considered external to
the internal domain(s). This is for a number of interoperability apps, and
no we can't use ADAM or equivalent. We're using plenty of
ADAM.
The main thing I'm intersted here is, as
mentioned above, if you were happy to have a consistent schema, how do you
maintain that? Would you use a script to compare and export differences,
etc.?
Or, would you recommend against having a
standard schema? I can't see why anyone would recommend against this
unless there's a major security concern I've overlooked as it will greatly
complicate future extensions, but I'm interested nonetheless.
Please assume a large enterprise
environment that follows ITIL and has a proper test environment, e.g. ADAM ->
VM -> Dev -> Pre-prod -> live.
Thanks,
--Paul
|
- [ActiveDir] Handling different schemas - managing &... Paul Williams
- RE: [ActiveDir] Handling different schemas - mana... neil.ruston
- Re: [ActiveDir] Handling different schemas - ... Paul Williams
- Re: [ActiveDir] Handling different schemas - ... Joe Kaplan
- Re: [ActiveDir] Handling different schema... Al Mulnick
- RE: [ActiveDir] Handling different sc... Grillenmeier, Guido