AD-DNS Restructuring

25 pts.
Tags:
Active Directory
DNS
Hi, I am tasked with Restructuring Active Directory within our company domain which is a crucial step to have a real and effective network setup. The plan is that all offices should have a DNS forest domain on a city basis. This schema should be something like this: Office Location Proposed domain name Current domain name London london.<company>.local <company>.local Moscow moscow.<company>.local moscow.<company>.local Houston houston.<company>.local <company>.local Caracas caracas.<company>.local <company>.local Maracaibo maracaibo.<company>.local <company>.local Is the above just going into DNS management console and doing some reconfiguring, or will it also require the restructuring of AD aswell? Ideally we would like to restructure AD aswell, if feasible, as outlined below. The idea (good or bad) is to keep our current <company>.local domain as 'top level' domain and it would be 'clean' ie only have pointers to the subdomains DNS servers or zones and the proper CNAMES for critical services servers. contain CNAME records pointing to critical services Considering the above, what domain model would be ideal? I was thinking of a Placeholder domain so the placeholder will be <company>.local domain and the subdomains underneath it london.<company>.local etc which will contain users, groups and other resources. Also, we have far-flung geographical locations (as above) with slow link speeds to the main office. Our current AD structure is a mess - it's just <company>.local with all user and computer accounts in their repective default containers! Strangely GP's still get applied to both...how is that so with them being in default containers?? So there is no OU structure at all. Would it be best practice to use a Placeholder domain with an organised OU structure relfecting the functions in the proposed subdomains as listed above? Whats the procedure for 'moving' AD objects, users etc, from the main domain to their new <office>.<company>.local? Will a migration be invovled or is it a case of 'drag and drop'? Or would it be just better to re-organise DNS and leave AD alone?? To add complexity, we also have a unix developer environment that has to co-exist with the Windows domain restructuring. So will DNS zones have to be non secure updates to allow unix BIND servers? How will this proposed domain setup work in relation to centralized administration from one main office, because thats what we really want? We don't want to delegate any admin tasks to other offices. What about security policies in subdomains and trust relationships etc? Would each office location be better off in it's own site given that the links aren't the best between offices? And how would our Exchange servers fit into all of this - will they stay the same or need restructuring in some way aswell? Furthermore, Users have hard typed links to machines (not servers) in the top <company>.local forest. Would this be a problem? What other problems/questions might there be? So given all of the above (i know it's a lot of info!), what is the best way to go? Please can someone give me some good advice, and/or point me to some good resourses for this kind of thing? Thanks in advance, Taz

Answer Wiki

Thanks. We'll let you know when a new response is added.

This is hard to approach. The information provided is nice, however, the questions you are asking requre a lot more information before a complete solution can be provided. It appears that you are looking into a total revamp of your AD. If this is true I would recommend bringing in an expert to review your entire structure fully so that a reliable answer can be provided.

A placeholder domain structure will work for you yes but I still feel it would be to your best interest to bring in a professional for advise.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following