Problem solve Get help with specific problems with your technologies, process and projects.

How do I set up a global Active Directory environment in a one-tree structure with three regional ro

Expert Laura E. Hunter breaks down how to institute the one-tree structure in an Active Directory forest.

I am new to Active Directory. Our company would like to set up an AD environment globally in one-tree structure with three regional roots: Asia-Pacific zone, American zone and European zone. I understand the normal way to do this is to set up a global root, then start implementing with all the policies and configuration down to the root of the three regional zones, then the sub-zone of the regional zones. However, we would like to set up our zone first (we are one of the regional zones) then later down that track, we would join the root and form a triangle zone with the remaining two zones.

I would like to know:

1) Is it possible to join the root if we do it in a bottom up approach rather than a top down approach?

2) Apart from the naming convention (already agreed globally) would there be other things that need to be standardized globally? My concern is that if the root is going to use different standard (rather than the naming convention) we may have to redo the whole thing again to make our region join back to the root.

3) Would the effort be bigger to do it this way rather than the top-down approach?

The first domain that you create in an Active Directory forest becomes the forest root domain. This domain must remain the forest root for the lifetime of the Active Directory forest; it cannot be restructured to become the child of another domain without rolling up or migrating to a new Active Directory forest.

If you wish to pilot AD in a child organization before the parent orgs are ready, you will probably need to use the Active Directory Migration Tool or another third-party migration tool to restructure your forest environment later down the line. If you have decided as an organization that you will be moving to AD anyway, my best recommendation would be to plan and perform the entire rollout as a single, rational process, rather than launching ahead with a small portion of the upgrade that will likely need to be re-done at a later time. This includes determining a consistent naming convention for your DNS and AD domain names and zones, as well as organizational and naming conventions for your user and computer objects.

Dig Deeper on Windows systems and network management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.