So I take it you lost? :) What, dare I ask, was your position on said matter in the arena? -lc
>________________________________ > From: William Robbins <dangerw...@gmail.com> >To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> >Sent: Thursday, April 12, 2012 3:45 PM >Subject: Re: Domain local vs. global vs. universal > > >I'm not entering into the "empty root" arena again. :) I will answer the >last query. He is that Brian Desmond...which is why I shan't enter that arena >again. > > - Will > > > > > > > > >On Thu, Apr 12, 2012 at 15:08, Lora Cates <lora.ca...@rocketmail.com> wrote: > >Well I've inherited what I'll kindly refer to as a "mess." I'm still in the >information gathering phase myself as I haven't quite been here 12 days yet, >and only found this list recently. So I'll apologize in advance for my faux >pas. >> >> >>Basically I was hired to consolidate a plethora of disparate AD >>domains/forests in several geographically dispersed hospital groups into a >>single forest. I still haven't met with the networking folks, so I don't >>know what shape the WAN is in. My predecessor went so far as to set up the >>CompanyX.com parent domain and it's empty save the defaults, there is also a >>child domain of US.companyX.com with what appears to be the users from >>corporate. I've read several debates regarding an empty root. Is there a >>consensus on yea vs. nay? >> >> >>Speaking of reading, and apologies for any offense, are you this Brian >>Desmond? Active Directory: Designing, Deploying, and Running Active >>Directory, Fourth Edition >>-lc >> >> >>>________________________________ >>> From: Brian Desmond <br...@briandesmond.com> >>> >>>To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> >>>Sent: Thursday, April 12, 2012 2:16 PM >>> >>>Subject: RE: Domain local vs. global vs. universal >>> >>> >>>Well the impact is that all uni group membership changes replicate to every >>>GC. If you’ve got concerns around WAN utilization, availability, latency, >>>etc., then this could be worth looking at. In quite a lot of scenarios, the >>>WAN issues that existed circa Windows 2000 don’t exist anymore which makes >>>this a less interesting discussion point. Without knowing about your >>>customer’s environment and scale it’s hard to say. >>> >>>I would say that it’s highly unlikely that I would design a new multi-domain >>>forest except for some pretty isolated and specific design requirements >>>these days. >>> >>>Thanks, >>>Brian Desmond >>>br...@briandesmond.com >>> >>>w – 312.625.1438 | c – 312.731.3132 >>> >>>From:Lora Cates [mailto:lora.ca...@rocketmail.com] >>>Sent: Thursday, April 12, 2012 1:05 PM >>> >>>To: NT System Admin Issues >>> >>>Subject: Re: Domain local vs. global vs. universal >>> >>>I too am looking into this for a coming migration I've been asked to design >>>for a customer. What's the impact to GC's by making everything Universal >>>Groups? Especially in a multi domain, multi forest environment? >>> >>>-lc >>> >>>________________________________ >>> >>>From:Brian Desmond <br...@briandesmond.com> >>> >>>To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com> >>>Sent: Thursday, April 12, 2012 12:02 PM >>> >>>Subject: RE: Domain local vs. global vs. universal >>> >>> >>> >>>In a single domain forest (or even many multi-domain domain forests today), >>>I would just do all uni groups. >>> >>>Thanks, >>>Brian Desmond >>>br...@briandesmond.com >>> >>>w – 312.625.1438 | c – 312.731.3132 >>> >>>From:David Lum [mailto:david....@nwea.org] >>>Sent: Thursday, April 12, 2012 11:28 AM >>>To: NT System Admin Issues >>>Subject: Domain local vs. global vs. universal >>> >>>Today I found a global group in my AD (created by an SE that wasn’t me), but >>>for this function I needed to add a domain local group to it and for course, >>>that’s not possible. Someplace I heard in AD pretty much every group you use >>>should be domain local unless it’s used for Exchange in which case you use >>>Universal. All groups I create are domain local and it simply works, but I >>>know that doesn’t mean it’s right. >>> >>>Before sending a note to the SE team on this I wanted to get a consensus >>>from you guys. Comments? >>>David Lum >>>Systems Engineer //NWEATM >>>Office 503.548.5229//Cell (voice/text) 503.267.9764 >>> >>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>>--- >>>To manage subscriptions click here: >>>http://lyris.sunbelt-software.com/read/my_forums/ >>>or send an email to listmana...@lyris.sunbeltsoftware.com >>>with the body: unsubscribe ntsysadmin >>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>>--- >>>To manage subscriptions click here: >>>http://lyris.sunbelt-software.com/read/my_forums/ >>>or send an email to listmana...@lyris.sunbeltsoftware.com >>>with the body: unsubscribe ntsysadmin >>> >>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>>--- >>>To manage subscriptions click here: >>>http://lyris.sunbelt-software.com/read/my_forums/ >>>or send an email to listmana...@lyris.sunbeltsoftware.com >>>with the body: unsubscribe ntsysadmin >>>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>>--- >>>To manage subscriptions click here: >>>http://lyris.sunbelt-software.com/read/my_forums/ >>>or send an email to listmana...@lyris.sunbeltsoftware.com >>>with the body: unsubscribe ntsysadmin >>> >>> >>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>--- >>To manage subscriptions click here: >>http://lyris.sunbelt-software.com/read/my_forums/ >>or send an email to listmana...@lyris.sunbeltsoftware.com >>with the body: unsubscribe ntsysadmin > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to listmana...@lyris.sunbeltsoftware.com >with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin