M
mjcsfmail-google
I have a small multi-site company which has not been using active
directory to date due to lack of time to set this up prior to now. I've
finally got some time to try my hand at this, but am new to it.
Based on a lot of reading, it seems like the best AD configuration is a
single forest with a single domain, and multiple sites. But currently,
we use site qualifiers in the domain names for existing computers and
would like to keep them that way - for example, joe's workstation in
San Francisco might be joe.sfo.domain.com and jane's in New York might
be jane.nyc.domain.com from a DNS perspective, but both users and both
computers would be in the single domain.com AD domain.
By default though, AD will set the dns suffix of each computer to the
AD domain of domain.com, not knowing about the sfo and nyc third-level
domain names.
It seems like I can create an OU for each site, and there is a group
policy setting called "primary DNS suffix" which can be set at the OU
level to set the correct dns domain suffixes for computers placed into
each OU. So by creating a different group policy applied to the "sfo"
and "nyc" OUs with the appropriate primary DNS suffix settings, I could
keep the existing FQDNs while still maintaining a single AD domain.
Has anyone out there done this?
Is this the right way to do this?
Is this a good idea?
Does anyone know where I can find more documentation on this?
I'd rather not change all our existing computer names if possible...
Thanks in advance!
Mike
P.S. I was also looking into a an empty forest root domain of
domain.com with child domains named after the sites, such as
sfo.domain.com, so the dns domain structure would match the AD domain
structure, but that seems too complicated for a small company of maybe
100 users across 4 sites. We also have a few sites which are basically
cities with one or two telecommuting workers, and I'm not sure how I'd
handle that situation in a multi-AD-domain setup.
directory to date due to lack of time to set this up prior to now. I've
finally got some time to try my hand at this, but am new to it.
Based on a lot of reading, it seems like the best AD configuration is a
single forest with a single domain, and multiple sites. But currently,
we use site qualifiers in the domain names for existing computers and
would like to keep them that way - for example, joe's workstation in
San Francisco might be joe.sfo.domain.com and jane's in New York might
be jane.nyc.domain.com from a DNS perspective, but both users and both
computers would be in the single domain.com AD domain.
By default though, AD will set the dns suffix of each computer to the
AD domain of domain.com, not knowing about the sfo and nyc third-level
domain names.
It seems like I can create an OU for each site, and there is a group
policy setting called "primary DNS suffix" which can be set at the OU
level to set the correct dns domain suffixes for computers placed into
each OU. So by creating a different group policy applied to the "sfo"
and "nyc" OUs with the appropriate primary DNS suffix settings, I could
keep the existing FQDNs while still maintaining a single AD domain.
Has anyone out there done this?
Is this the right way to do this?
Is this a good idea?
Does anyone know where I can find more documentation on this?
I'd rather not change all our existing computer names if possible...
Thanks in advance!
Mike
P.S. I was also looking into a an empty forest root domain of
domain.com with child domains named after the sites, such as
sfo.domain.com, so the dns domain structure would match the AD domain
structure, but that seems too complicated for a small company of maybe
100 users across 4 sites. We also have a few sites which are basically
cities with one or two telecommuting workers, and I'm not sure how I'd
handle that situation in a multi-AD-domain setup.