Forest/Enterprise level admin vs. OU admin; migration, loss ofprivilege

  • Thread starter Thread starter kcsteele
  • Start date Start date
K

kcsteele

Guest
Hi, I am currently tasked with documenting what would be lost if our
current AD environment (single forest, single domain) were to be
consolidated into a new forest as an OU with a different agency
controlling that forest.

I have started with some basic preliminary stuff, can anyone add to
this?

- loss of DCs
- value of current investment in servers is minimized
- forced to abide by password and kerberos policies implemented by
administrators of the parent domain, as well as enforced group
policies
- loss of control
- slower convergence w.r.t. required changes to the infrastructure
- right now, if changes are needed at the domain/enterprise level,
this can be effected immediately. in a delegated OU environment,
these changes are restricted to only those who control the parent
domain/forest, and any changes will have to go through the proper
channels of authorization and clearance, which can take weeks or even
months.
- schema changes (custom schema attributes for in house apps,
future growth of AD infrastructure)

- loss of Exchange organization and servers
- current organization would be consolidated into parent domain
Exchange organziation


Thanks for all the help.
 
Re: Forest/Enterprise level admin vs. OU admin; migration, loss of privilege

Re: Forest/Enterprise level admin vs. OU admin; migration, loss of privilege

You might not loose your DCs. It's not unusual to have a DC/file server in a
branch office.
You probably don't want to hear this one, but at minimum less admin duties
at the remote office because they are now being handled by corporate, at
most, no admin needed at the remote office, just a user with a task pad and
delegated responsibilities.

hth
DDS

"kcsteele" <k.c.steele@gmail.com> wrote in message
news:474d45ea-9e1a-4d53-bf0e-957241b4449d@m44g2000hsc.googlegroups.com...
> Hi, I am currently tasked with documenting what would be lost if our
> current AD environment (single forest, single domain) were to be
> consolidated into a new forest as an OU with a different agency
> controlling that forest.
>
> I have started with some basic preliminary stuff, can anyone add to
> this?
>
> - loss of DCs
> - value of current investment in servers is minimized
> - forced to abide by password and kerberos policies implemented by
> administrators of the parent domain, as well as enforced group
> policies
> - loss of control
> - slower convergence w.r.t. required changes to the infrastructure
> - right now, if changes are needed at the domain/enterprise level,
> this can be effected immediately. in a delegated OU environment,
> these changes are restricted to only those who control the parent
> domain/forest, and any changes will have to go through the proper
> channels of authorization and clearance, which can take weeks or even
> months.
> - schema changes (custom schema attributes for in house apps,
> future growth of AD infrastructure)
>
> - loss of Exchange organization and servers
> - current organization would be consolidated into parent domain
> Exchange organziation
>
>
> Thanks for all the help.
 
Re: Forest/Enterprise level admin vs. OU admin; migration, loss ofprivilege

Haha I know, this doesn't reflect badly on my work performance, more
like clueless management. It is probably not going to happen but my
boss is requesting the information regardless. I was hoping for more
of a technical view of exactly what other changes would be imminent
from a management perspective, not necessarily if I'll lose my job or
not. Or have I just about covered everything, I'm sure theres at least
a couple things I missed.

Thanks

On Jun 4, 11:06 am, "Danny Sanders" <DSand...@NOSPAMciber.com> wrote:
> You might not loose your DCs. It's not unusual to have a DC/file server in a
> branch office.
> You probably don't want to hear this one, but at minimum less admin duties
> at the remote office because they are now being handled by corporate, at
> most, no admin needed at the remote office, just a user with a task pad and
> delegated responsibilities.
>
> hth
> DDS
>
> "kcsteele" <k.c.ste...@gmail.com> wrote in message
>
> news:474d45ea-9e1a-4d53-bf0e-957241b4449d@m44g2000hsc.googlegroups.com...
>
>
>
> > Hi, I am currently tasked with documenting what would be lost if our
> > current AD environment (single forest, single domain) were to be
> > consolidated into a new forest as an OU with a different agency
> > controlling that forest.
>
> > I have started with some basic preliminary stuff, can anyone add to
> > this?
>
> > - loss of DCs
> > - value of current investment in servers is minimized
> > - forced to abide by password and kerberos policies implemented by
> > administrators of the parent domain, as well as enforced group
> > policies
> > - loss of control
> > - slower convergence w.r.t. required changes to the infrastructure
> > - right now, if changes are needed at the domain/enterprise level,
> > this can be effected immediately.  in a delegated OU environment,
> > these changes are restricted to only those who control the parent
> > domain/forest, and any changes will have to go through the proper
> > channels of authorization and clearance,  which can take weeks or even
> > months.
> > - schema changes (custom schema attributes for in house apps,
> > future growth of AD infrastructure)
>
> > - loss of Exchange organization and servers
> > - current organization would be consolidated into parent domain
> > Exchange organziation
>
> > Thanks for all the help.- Hide quoted text -
>
> - Show quoted text -
 
Back
Top