Parent - Child Domain

  • Thread starter Thread starter Dan Pinkham
  • Start date Start date
D

Dan Pinkham

I am thinking of implementing a child domain to my existing domain. My
domain currently has one Domain Controller. I have another machine that i
will use as another DC in the proposed child domain

What is the procedure for creating a Child domain please? During the
creation of the child, i will use the existing dc as my primary dns server,
but after that i have had problems. What is the procedure please regarding
child domain, dns issues please?
 
Dan said:
I am thinking of implementing a child domain to my existing domain. My
domain currently has one Domain Controller. I have another machine that i
will use as another DC in the proposed child domain

What is the procedure for creating a Child domain please? During the
creation of the child, i will use the existing dc as my primary dns server,
but after that i have had problems. What is the procedure please regarding
child domain, dns issues please?
Click to expand...
If you have only one DC, you almost certainly don't need a child Domain.

Why do you think that you need a child Domain?

Having a single DC Domain is dangerous. Having a single DC parent Domain
and a single DC child Domain is more than dangerous.

Cheers,

Cliff
 
Cliff, i understand your points..need a different password policy on child
domain - also would like advice on the procedure as have got it wrong
previously..luckily in test environment

Proper procedure for a child domain regarding DNS etc. would be great

Regards

Dan p
 
Dan Pinkham said:
Cliff, i understand your points..need a different password policy on
child domain - also would like advice on the procedure as have got it
wrong previously..luckily in test environment

Proper procedure for a child domain regarding DNS etc. would be great
Click to expand...


Here it is, but I agree with Cliff, having one DC is one thing, having
parent/child DCs with only one DC in each, is dangerous, if the parent
domain fails, you've got an orphaned child DC with no parent and no forest
root domain.
You'd be much better off making the machine into a replica DC.

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;255248&sd=RMVP
 
Dan said:
Cliff, i understand your points..need a different password policy on child
domain - also would like advice on the procedure as have got it wrong
previously..luckily in test environment
Click to expand...

Dan, there are third-party products that allow you to enforce multiple
password policies within a single domain. You can also write your own
password filtering DLL, however I would only recommend this if you have
a good understanding of C and systems programming.

Our product is called Password Policy Enforcer, and it allows you to
assign policies to users, groups, and OUs. You can read more about it
at http://www.anixis.com/products/ppe/features.htm
 
OK, what I've seen suggested, if you cannot stretch to a second server
class machine is to take a workstation class machine, stick a DC on it,
and make it a GC and put it in a corner somewhere. If you can. Think of
it as isurance.

Cheers,

Cliff
 
Back
Top