[dnandoo]

I would like to get some opinions on how to design the following 2008 AD structure.

Company has Headquarters in Toronto (including IT dept)
-40 different locations across Canada (no AD configured)
-aquired a separate company with 4 locations (2003 AD in use)
-looking to expand into the UK

Ideally would like to set up Toronto headquarters as the centralized location.

Any thoughts or ideas on a design layout?
This is completely new design layout.

Thanks in advanced.

[chuckhole]

I was the project lead in our AD structure and design which has locations all over the world. The best thing you can do first is plan, talk, get options, plan some more. Being the Enterprse Administrator has a high level of responsibility to all of your colleagues. Talk to them all and solicit their opinions. We standardized on every naming convention you could think of. Don't reinvent the wheel, used established standards such as country codes.

Draw out the political and physical structure of your company. How is the WAN to be connected? What are the connection speeds of your links? Is your IT centralized or decentralized? Do you need to allow room for aquistions? Do these acquisitions need to maintain complete autonomy? Is the company publicly traded? Under how many stock symbols? Does it need to be divided as such? How many public web sites do you support? We matched our internal DNS names to our external DNS names except external is .COM and internal is .NET and also registered the internal name as a safety measure. We did not want internal DNS names being inadvertently delivered as email to an unknown entity.

To get an idea of the physical part of it, draw out your company based on the following:
Corporate headquarters, coporate entities, wholly owned subsidiaries, divisions and branches.
Then draw out the political structure as well. Not just where the corporate decision making is made but also the IT decision making. Will you need to delegate security?

Your DNS structure should match your larger entities and the AD Sites will be the locations (based on WAN structure) and the OU structrue would match your division structure on down.

For example, ours is a single Forest that represents the top level corporate entity with a top level DNS zone. Then there are three child DNS zones that are the top level geophysical and political zones - Americas (North, Central and South), EMEA (Europe, Middle East and Africa) and Apac (Asia Pacific, India, China, Russia and Australia).

From there, each AD Site matches a physical location with a WAN link. This is where the topology lives. Network ID's are assigned to physical sites in AD so that when a new DC is promoted, it will automatically be placed into the Site hierarchy based on its IP address. This is also where you assign transport types to each site and also configure the replication topology based on connection reliability and speed.

For example, our Site in Nigeria has very poor but very expensive Satellite connections so replication is kept to a minimum with long intervals but our connections in the countries with a good communications infrastructure are replicated at much shorter intervals.

Back to naming conventions, here is what we standardized:
Domain names, domain controllers, servers (and by type), PC's, laptops, mobile devices, printers, copiers, time clocks, switches, routers, video conferencing devices, UPS's, IP phones, device controllers (such as server DRAC's), wireless access points, etc. If it connects to the network, give it a name and make it a standard. Remember that the last part of the name is DNS and AD. Organization and structure is the key to success. Plan for success.

[dnandoo]

Thanks chuckhole,
Any chance you have diagram views of the layout?
Just trying to get a better grasp on how the Forest and domains are setup in the Ad directory you described.

Thanks again

[chuckhole]

PM me your email address and I will send you a diagram.