Hi, I am tasked with Restructuring Active Directory within our company domain which is a crucial step to have a real and effective network setup. The plan is that all offices should have a DNS forest domain on a city basis. This schema should be something like this: Office Location Proposed domain name Current domain name London london.<company>.local <company>.local Moscow moscow.<company>.local moscow.<company>.local Houston houston.<company>.local <company>.local Caracas caracas.<company>.local <company>.local Maracaibo maracaibo.<company>.local <company>.local Is the above just going into DNS management console and doing some reconfiguring, or will it also require the restructuring of AD aswell? Ideally we would like to restructure AD aswell, if feasible, as outlined below. The idea (good or bad) is to keep our current <company>.local domain as 'top level' domain and it would be 'clean' ie only have pointers to the subdomains DNS servers or zones and the proper CNAMES for critical services servers. contain CNAME records pointing to critical services Considering the above, what domain model would be ideal? I was thinking of a Placeholder domain so the placeholder will be <company>.local domain and the subdomains underneath it london.<company>.local etc which will contain users, groups and other resources. Also, we have far-flung geographical locations (as above) with slow link speeds to the main office. Our current AD structure is a mess - it's just <company>.local with all user and computer accounts in their repective default containers! Strangely GP's still get applied to both...how is that so with them being in default containers?? So there is no OU structure at all. Would it be best practice to use a Placeholder domain with an organised OU structure relfecting the functions in the proposed subdomains as listed above? Whats the procedure for 'moving' AD objects, users etc, from the main domain to their new <office>.<company>.local? Will a migration be invovled or is it a case of 'drag and drop'? Or would it be just better to re-organise DNS and leave AD alone?? To add complexity, we also have a unix developer environment that has to co-exist with the Windows domain restructuring. So will DNS zones have to be non secure updates to allow unix BIND servers? How will this proposed domain setup work in relation to centralized administration from one main office, because thats what we really want? We don't want to delegate any admin tasks to other offices. What about security policies in subdomains and trust relationships etc? Would each office location be better off in it's own site given that the links aren't the best between offices? And how would our Exchange servers fit into all of this - will they stay the same or need restructuring in some way aswell? Furthermore, Users have hard typed links to machines (not servers) in the top <company>.local forest. Would this be a problem? What other problems/questions might there be? So given all of the above (i know it's a lot of info!), what is the best way to go? Please can someone give me some good advice, and/or point me to some good resourses for this kind of thing? Thanks in advance, Taz

Software/Hardware used: