Fires up the jiffypop lol
From: Lora Cates [mailto:lora.ca...@rocketmail.com] Sent: Thursday, April 12, 2012 2:41 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal So I take it you lost? :) What, dare I ask, was your position on said matter in the arena? -lc ________________________________ From: William Robbins <dangerw...@gmail.com<mailto:dangerw...@gmail.com>> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Sent: Thursday, April 12, 2012 3:45 PM Subject: Re: Domain local vs. global vs. universal I'm not entering into the "empty root" arena again. :) I will answer the last query. He is that Brian Desmond...which is why I shan't enter that arena again. - Will On Thu, Apr 12, 2012 at 15:08, Lora Cates <lora.ca...@rocketmail.com<mailto:lora.ca...@rocketmail.com>> wrote: Well I've inherited what I'll kindly refer to as a "mess." I'm still in the information gathering phase myself as I haven't quite been here 12 days yet, and only found this list recently. So I'll apologize in advance for my faux pas. Basically I was hired to consolidate a plethora of disparate AD domains/forests in several geographically dispersed hospital groups into a single forest. I still haven't met with the networking folks, so I don't know what shape the WAN is in. My predecessor went so far as to set up the CompanyX.com<http://CompanyX.com> parent domain and it's empty save the defaults, there is also a child domain of US.companyX.com<http://US.companyX.com> with what appears to be the users from corporate. I've read several debates regarding an empty root. Is there a consensus on yea vs. nay? Speaking of reading, and apologies for any offense, are you this Brian Desmond? Active Directory: Designing, Deploying, and Running Active Directory, Fourth Edition -lc ________________________________ From: Brian Desmond <br...@briandesmond.com<mailto:br...@briandesmond.com>> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Sent: Thursday, April 12, 2012 2:16 PM Subject: RE: Domain local vs. global vs. universal Well the impact is that all uni group membership changes replicate to every GC. If you’ve got concerns around WAN utilization, availability, latency, etc., then this could be worth looking at. In quite a lot of scenarios, the WAN issues that existed circa Windows 2000 don’t exist anymore which makes this a less interesting discussion point. Without knowing about your customer’s environment and scale it’s hard to say. I would say that it’s highly unlikely that I would design a new multi-domain forest except for some pretty isolated and specific design requirements these days. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> w – 312.625.1438 | c – 312.731.3132 From: Lora Cates [mailto:lora.ca...@rocketmail.com<mailto:lora.ca...@rocketmail.com>] Sent: Thursday, April 12, 2012 1:05 PM To: NT System Admin Issues Subject: Re: Domain local vs. global vs. universal I too am looking into this for a coming migration I've been asked to design for a customer. What's the impact to GC's by making everything Universal Groups? Especially in a multi domain, multi forest environment? -lc ________________________________ From: Brian Desmond <br...@briandesmond.com<mailto:br...@briandesmond.com>> To: NT System Admin Issues <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Sent: Thursday, April 12, 2012 12:02 PM Subject: RE: Domain local vs. global vs. universal In a single domain forest (or even many multi-domain domain forests today), I would just do all uni groups. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> w – 312.625.1438 | c – 312.731.3132 From: David Lum [mailto:david....@nwea.org] Sent: Thursday, April 12, 2012 11:28 AM To: NT System Admin Issues Subject: Domain local vs. global vs. universal Today I found a global group in my AD (created by an SE that wasn’t me), but for this function I needed to add a domain local group to it and for course, that’s not possible. Someplace I heard in AD pretty much every group you use should be domain local unless it’s used for Exchange in which case you use Universal. All groups I create are domain local and it simply works, but I know that doesn’t mean it’s right. Before sending a note to the SE team on this I wanted to get a consensus from you guys. Comments? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin