Ask the Expert

How do I set up a global Active Directory environment in a one-tree structure with three regional ro

I am new to Active Directory. Our company would like to set up an AD environment globally in one-tree structure with three regional roots: Asia-Pacific zone, American zone and European zone. I understand the normal way to do this is to set up a global root, then start implementing with all the policies and configuration down to the root of the three regional zones, then the sub-zone of the regional zones. However, we would like to set up our zone first (we are one of the regional zones) then later down that track, we would join the root and form a triangle zone with the remaining two zones.

I would like to know:

1) Is it possible to join the root if we do it in a bottom up approach rather than a top down approach?

2) Apart from the naming convention (already agreed globally) would there be other things that need to be standardized globally? My concern is that if the root is going to use different standard (rather than the naming convention) we may have to redo the whole thing again to make our region join back to the root.

3) Would the effort be bigger to do it this way rather than the top-down approach?

    Requires Free Membership to View

The first domain that you create in an Active Directory forest becomes the forest root domain. This domain must remain the forest root for the lifetime of the Active Directory forest; it cannot be restructured to become the child of another domain without rolling up or migrating to a new Active Directory forest.

If you wish to pilot AD in a child organization before the parent orgs are ready, you will probably need to use the Active Directory Migration Tool or another third-party migration tool to restructure your forest environment later down the line. If you have decided as an organization that you will be moving to AD anyway, my best recommendation would be to plan and perform the entire rollout as a single, rational process, rather than launching ahead with a small portion of the upgrade that will likely need to be re-done at a later time. This includes determining a consistent naming convention for your DNS and AD domain names and zones, as well as organizational and naming conventions for your user and computer objects.

This was first published in December 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: