Server resources for Multi domain environment

[phil2627]

We are in the process of planning our domain and are looking at using
the Empty domain with child domains for our user accounts. Do we need
powerful servers for the empty domain ? We do realize this one of the
drawbacks of this model and have 2 pentium 4 dual processor servers (4
years old) to serve this purpose. Thanks.

 

[Herb Martin]

We are in the process of planning our domain and are looking at using
the Empty domain with child domains for our user accounts. Do we need
powerful servers for the empty domain ?

No, almost certainly not.

Typical domains don't even need "powerful" servers for regular domains
unless the DCs are given other taxing jobs.

We do realize this one of the
drawbacks of this model and have 2 pentium 4 dual processor servers (4
years old) to serve this purpose. Thanks.

Why are you creating the Child domains? If there is no reason for
separating
them, the root domain (usually) becomes irrelevant.

 

[phil2627]

No, almost certainly not.

Typical domains don't even need "powerful" servers for regular domains
unless the DCs are given other taxing jobs.


Why are you creating the Child domains? If there is no reason for
separating
them, the root domain (usually) becomes irrelevant.

Herb,

This is more of a "What if" post. We are leaning towards one domain
for management and resource purposes, but we want to see if we receive
more compelling reasons from our previous post. Right now, passwords
is a big factor. The difference between the two groups (students and
non students) could decide what we do.

 

[Herb Martin]

Herb,

This is more of a "What if" post. We are leaning towards one domain
for management and resource purposes, but we want to see if we receive
more compelling reasons from our previous post.

There was NOTHING in your previous post that offereed a compelling,
or even likely reason.

This is the reason for my question about the multiple domains which
we needed to presume has already been justified.

Unless you have specific reasons the default decision should be one
domain.

There are some valid reasons but they are very specific.

Right now, passwords
is a big factor. The difference between the two groups (students and
non students) could decide what we do.

If you have multiple password policy requirements and that cannot be
resolved then you will generally require a domain for each.

In my opinion no pass should be less than 15 characters if you actually
care about security -- with complexity.

 

[phil2627]

There was NOTHING in your previous post that offereed a compelling,
or even likely reason.

This is the reason for my question about the multiple domains which
we needed to presume has already been justified.

Unless you have specific reasons the default decision should be one
domain.

There are some valid reasons but they are very specific.


If you have multiple password policy requirements and that cannot be
resolved then you will generally require a domain for each.

In my opinion no pass should be less than 15 characters if you actually
care about security -- with complexity.- Hide quoted text -

- Show quoted text -

After speaking with my boss (still waiting for feedback from others)
we are likely to go with the multi domain model because of password
policy requirements. Staff is 10 character minimum and changes every
40 days where students are pulled from a field in the student
information system and does not change so they will not forget it.

 

[Herb Martin]

After speaking with my boss (still waiting for feedback from others)
we are likely to go with the multi domain model because of password
policy requirements. Staff is 10 character minimum and changes every
40 days where students are pulled from a field in the student
information system and does not change so they will not forget it.

You could append something trivial onto the info for students and you
MAY set their passwords to never expire despite the 40 day default.

Something like: Student:asdff32434**&^

If you are going to make it a fixed password like that you could just use


Student:MarySmith123

(with enought number to reach the minimum you wish.)

 

[phil2627]

You could append something trivial onto the info for students and you
MAY set their passwords to never expire despite the 40 day default.

Something like: Student:asdff32434**&^

If you are going to make it a fixed password like that you could just use

Student:MarySmith123

(with enought number to reach the minimum you wish.)- Hide quoted text -

- Show quoted text -

Ok, let me ask a question to you since I am getting different
information from different sources and I can't believe I am doubting
myself at this point. If we have staff that require a 10 character
minimum password that needs to change every 40 days and students that
have a password that stays the same throughout the school year being 3
to 8 characters in length do we need seperate domains or can this be
done at the OU level ? I thought if it was done at the OU level it
would apply to the workstation and local user only. Thanks.

 

[Herb Martin]

Ok, let me ask a question to you since I am getting different
information from different sources and I can't believe I am doubting
myself at this point. If we have staff that require a 10 character
minimum password that needs to change every 40 days and students that
have a password that stays the same throughout the school year being 3
to 8 characters in length do we need seperate domains or can this be
done at the OU level ?

For domain users this can only be done (as stated in this paragraph)
through third party add-ons which I have not personally tried..

I thought if it was done at the OU level it
would apply to the workstation and local user only. Thanks.

Exactly true.

The only (built-in) exception to the one password policy is that any
single users (and of course you can select as many as you wish) can
be set to "never expires."