Root Domain DCs tlloyd22[ at ]gmail.com 5/24/2007 6:26:00 PM OK. Here is my question: At our company there is an empty root domain. There are also 6 child domains and there are four major data centers across the globe. The question is "why the need for a root DC at each data center?". What AD dependencies require root domain DCs? What child domain activities require a referral to a root DC? FYI...we use a BIND DNS solution. I am guessing that it had something to do with the shortcut relationships between child domains as well as some Exchange dependencies. Any ideas?

Re: Root Domain DCs Scott <me[ at ]privacy.org> 5/25/2007 1:55:08 AM In article <1180031160.189797.265190[ at ]h2g2000hsg.googlegroups.com>tlloyd22[ at ]gmail.co m wrote: [Quoted Text] > OK. Here is my question: > At our company there is an empty root domain. There are also 6 > child domains and there are four major data centers across the globe. > The question is "why the need for a root DC at each data center?". > What AD dependencies require root domain DCs? What child domain > activitiesrequire a referral to a root DC? FYI...we use a BIND DNS > solution. > > I am guessing that it had something to do with the shortcut > relationships between child domains as well as some > Exchangedependencies. Any ideas? > > Given the importance of the forest root, it certainly makes sense from a business perspective to protect the forest root from failure with multiple, distributed DCs in the major data centers. Without any additional information, it would be difficult to identify any other business drivers that may have led to this particular design decision. Regards, Scott -- I'm trying a new usenet client for Mac, Nemo OS X. You can download it at http://www.malcom-mac.com/nemo

Re: Root Domain DCs "Herb Martin" <news[ at ]learnquick.com> 5/25/2007 3:53:37 AM <tlloyd22[ at ]gmail.com> wrote in message news:1180031160.189797.265190[ at ]h2g2000hsg.googlegroups.com... [Quoted Text] > OK. Here is my question: > At our company there is an empty root domain. There are also 6 child > domains and there are four major data centers across the globe. The > question is "why the need for a root DC at each data center?". You may not "need" them, but there are many reasons why you might need or want them very badly. > What > AD dependencies require root domain DCs? What child domain activities > require a referral to a root DC? FYI...we use a BIND DNS solution. Kerberos referrals between any peer domains where the root is on the path (parent-child trusts) require the root to be involved unless you have shortcut trusts. > I am guessing that it had something to do with the shortcut > relationships between child domains as well as some Exchange > dependencies. Any ideas? Also, just having DCs for the Root at a MINIMUM of 2 of the 4 locations seems right -- were you to lose a data center to catastrophe the rest of the Enterprise could continue running. If you lose the Root you (eventually) lose all domains, but presumably you also have really good backups, located offsite from the main DCs. If you cannot contact the Root DCs, you cannot traverse from domain to domain without shortcut trusts. I don't like the idea of BIND for this situation since you give up both Secure ONLY dynamic updates and AD replication features but it can work. Usually in such large, distributed, networks security is a big concern. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)