Forest/Enterprise level admin vs. OU admin; migration, loss ofprivilege

[Guest kcsteele]

Hi, I am currently tasked with documenting what would be lost if our

current AD environment (single forest, single domain) were to be

consolidated into a new forest as an OU with a different agency

controlling that forest.

 

I have started with some basic preliminary stuff, can anyone add to

this?

 

- loss of DCs

- value of current investment in servers is minimized

- forced to abide by password and kerberos policies implemented by

administrators of the parent domain, as well as enforced group

policies

- loss of control

- slower convergence w.r.t. required changes to the infrastructure

- right now, if changes are needed at the domain/enterprise level,

this can be effected immediately. in a delegated OU environment,

these changes are restricted to only those who control the parent

domain/forest, and any changes will have to go through the proper

channels of authorization and clearance, which can take weeks or even

months.

- schema changes (custom schema attributes for in house apps,

future growth of AD infrastructure)

 

- loss of Exchange organization and servers

- current organization would be consolidated into parent domain

Exchange organziation

 

 

Thanks for all the help.

[Guest Danny Sanders]

Re: Forest/Enterprise level admin vs. OU admin; migration, loss of privilege

 

Re: Forest/Enterprise level admin vs. OU admin; migration, loss of privilege

 

You might not loose your DCs. It's not unusual to have a DC/file server in a

branch office.

You probably don't want to hear this one, but at minimum less admin duties

at the remote office because they are now being handled by corporate, at

most, no admin needed at the remote office, just a user with a task pad and

delegated responsibilities.

 

hth

DDS

 

"kcsteele" <k.c.steele@gmail.com> wrote in message

news:474d45ea-9e1a-4d53-bf0e-957241b4449d@m44g2000hsc.googlegroups.com...

> Hi, I am currently tasked with documenting what would be lost if our

> current AD environment (single forest, single domain) were to be

> consolidated into a new forest as an OU with a different agency

> controlling that forest.

>

> I have started with some basic preliminary stuff, can anyone add to

> this?

>

> - loss of DCs

> - value of current investment in servers is minimized

> - forced to abide by password and kerberos policies implemented by

> administrators of the parent domain, as well as enforced group

> policies

> - loss of control

> - slower convergence w.r.t. required changes to the infrastructure

> - right now, if changes are needed at the domain/enterprise level,

> this can be effected immediately. in a delegated OU environment,

> these changes are restricted to only those who control the parent

> domain/forest, and any changes will have to go through the proper

> channels of authorization and clearance, which can take weeks or even

> months.

> - schema changes (custom schema attributes for in house apps,

> future growth of AD infrastructure)

>

> - loss of Exchange organization and servers

> - current organization would be consolidated into parent domain

> Exchange organziation

>

>

> Thanks for all the help.

[Guest kcsteele]

Re: Forest/Enterprise level admin vs. OU admin; migration, loss ofprivilege

 

Haha I know, this doesn't reflect badly on my work performance, more

like clueless management. It is probably not going to happen but my

boss is requesting the information regardless. I was hoping for more

of a technical view of exactly what other changes would be imminent

from a management perspective, not necessarily if I'll lose my job or

not. Or have I just about covered everything, I'm sure theres at least

a couple things I missed.

 

Thanks

 

On Jun 4, 11:06 am, "Danny Sanders" <DSand...@NOSPAMciber.com> wrote:

> You might not loose your DCs. It's not unusual to have a DC/file server in a

> branch office.

> You probably don't want to hear this one, but at minimum less admin duties

> at the remote office because they are now being handled by corporate, at

> most, no admin needed at the remote office, just a user with a task pad and

> delegated responsibilities.

>

> hth

> DDS

>

> "kcsteele" <k.c.ste...@gmail.com> wrote in message

>

> news:474d45ea-9e1a-4d53-bf0e-957241b4449d@m44g2000hsc.googlegroups.com...

>

>

>

> > Hi, I am currently tasked with documenting what would be lost if our

> > current AD environment (single forest, single domain) were to be

> > consolidated into a new forest as an OU with a different agency

> > controlling that forest.

>

> > I have started with some basic preliminary stuff, can anyone add to

> > this?

>

> > - loss of DCs

> > - value of current investment in servers is minimized

> > - forced to abide by password and kerberos policies implemented by

> > administrators of the parent domain, as well as enforced group

> > policies

> > - loss of control

> > - slower convergence w.r.t. required changes to the infrastructure

> > - right now, if changes are needed at the domain/enterprise level,

> > this can be effected immediately.  in a delegated OU environment,

> > these changes are restricted to only those who control the parent

> > domain/forest, and any changes will have to go through the proper

> > channels of authorization and clearance,  which can take weeks or even

> > months.

> > - schema changes (custom schema attributes for in house apps,

> > future growth of AD infrastructure)

>

> > - loss of Exchange organization and servers

> > - current organization would be consolidated into parent domain

> > Exchange organziation

>

> > Thanks for all the help.- Hide quoted text -

>

> - Show quoted text -