New AD

myITforum.com Community Forum

Home Forums Blogs Live Support chat Search Articles Wiki FAQ Email Lists Register Login My Profile Inbox Address Book My Subscription My Forums

Photo Gallery Member List Search Calendars FAQ Ticket List Log Out

All Forums RSS Feed Subscription:

New AD

View related threads: (in this forum | in all forums)

Logged in as: Guest

Printable Version

All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> New AD

Page: [1]

Message

<< Older Topic Newer Topic >>

New AD - 6/23/2008 4:25:00 PM

mhudson

Posts: 505
Score: 10
Joined: 4/1/2007
From: College Station, TX
Status: offline

We are looking at creating a totally new AD Forest. Currently we have an AD with many many sub domains. The new AD will be a single AD with everyone part of OUs, not domains.

It is my understanding that you can only have 1 Primary per domain. Correct? If they do this would our only option would be to have a Primary and some secondaries and then user permissions to control everything in the console?

Is it possible to have a primary per OU and control the Discovery. Then our boundaries would need to be IP address based. Anyone have a solution. Granted we have 1 or 2 years before we make the move.

_____________________________

Matthew Hudson
http://sms-hints-tricks.blogspot.com/
http://www.sccm-tools.com

Post #: 1

RE: New AD - 6/23/2008 9:03:10 PM

eschloss

Posts: 611
Score: 25
Joined: 9/7/2004
From: Cincinnati
Status: offline

you can have more than one primary per domain, but you would have to divide them by boundaries, either by AD site or by subnet, either way.
you would set up one as the central site server and then have the other primary site servers report to the central in the heirarchy.

(in reply to mhudson)

Post #: 2

RE: New AD - 6/23/2008 10:01:55 PM

mhudson

Posts: 505
Score: 10
Joined: 4/1/2007
From: College Station, TX
Status: offline

The problem is that there will be only 1 AD site. All the DCs will be removed and everyone will be moved to OUs and the other problem is that we have over laping subnets with not continuous IP range. Almost everything is running DHCP.

I think we will need to do modifications to the DHCP server to do reservations by OU but I don't think it is possible. Basically we will be reeling in all the little domains in the AD to a mega Domain with OUs. Giving permissions for all the Admins in the Console and a single Site code seems like a easy way to do it. Then break down collections by OU.

_____________________________

Matthew Hudson
http://sms-hints-tricks.blogspot.com/
http://www.sccm-tools.com

(in reply to eschloss)

Post #: 3

RE: New AD - 6/23/2008 10:46:45 PM

curban

Posts: 1003
Score: 33
Joined: 8/19/2002
From: Kenosha, WI
Status: offline

So... I'm assuming your servers are static; thus that should be a quick win for you. The workstations now... how many physical locations do you have? Are you saying that any remote location may have the same subnets? Once you have your machines managed by ConfigMgr, you can delegate security of those resources by OU's; if that helps. If you can lend more insights into your physical topology / locations... it'd be easier to slice and dice it. Thanks!

_____________________________

Chris
MCT, MCSE, and Former-MVP

(in reply to mhudson)

Post #: 4

RE: New AD - 6/24/2008 8:45:47 AM

mhudson

Posts: 505
Score: 10
Joined: 4/1/2007
From: College Station, TX
Status: offline

This is a large college campus (45,000+ students) so machines are all over but not every department on campus will be in the new AD. Campus IT has no power over other IT departments which creates a problem, hence why this new AD (with only OUs no domains) will come up. We also have computers all over the state, these are already controlled by my SCCM servers. There are 3 SMS and 2 SCCM servers running and some altris servers all running independent. Servers are static and desktops are DHCP. Some desktops are run on reserve DHCP so they keep their IP address. Since there is no good delimiter of address sometimes we can't do subnet or ip range for boundaries. I think the only option with the fewest problems would be to have a central site to control the entire AD and secondarys to help with deployment. We just do alot of permissions to allow dept all over the campus to control their computers (Collections based on OUs)

The nice part is that we wouldn't have to worry about roaming. This solves the problem for half the campus that joins the new AD.

_____________________________

Matthew Hudson
http://sms-hints-tricks.blogspot.com/
http://www.sccm-tools.com

(in reply to curban)

Post #: 5