Peer-Root Domain Model Win2k3

[Stubby]

Has anyone here employed a Peer-Root Domain Model with Windows 2003? I read
about this here:

http://www.samspublishing.com/articles/printerfriendly.asp?p=32080 slightly
past half way down the page.

This is something we are looking to implement with an in place upgrade of an
existing NT4 domain. Any thoughts are appreciated.

 

[Joe Richards [MVP]]

In the brief scan of that page I saw quite a few incorrect assumptions. I would
be wary of the document.

I have never heard the term peer-root before this post. It simply looks to be a
multi-tree forest with one tree that is entirely the forest root domain.

This method to isolate the schema group or any method to isolate the schema
group is pretty silly.

The forest is security boundary, not the domain, not the tree.

The goal should be to try and stick to a single domain if possible, if not, try
to use a minimal number of domains. If you need true security boundaries, this
means multiple forests. Multiple forest deployments are actually gaining
popularity especially in larger orgs with Exchange and different admins running
Exchange and AD so you can have separation of responsibilities, etc.