Best AD forest/domain structure for globally managed, but integrating existing computers with same names etc

Question

Hi,

I'm trying to think of the best forest/domain model that will help with:

• globally/centrally managed domain/computers/accounts etc
• joining existing computers all around the world to this domain (via regional DCs)
• avoiding renaming issues where some computers will have the same name

With one-forest/one-domain it seems there will have issues joining existing regional servers that have the same name, right? If there is web1.asia.corp.org and web1.us.corp.org, if I understand correctly I wouldn't be able to join them to a single domain. If you then take this example to a situation where there will be 1000s of computers around the world, with a high chance of names being the same, this one-domain approach doesn't seem practical. Would this be a scenario for child domains? Whenever I read about using child domains, the comments usually align with it not being needed or that it is generally a bad idea thesedays, but it would appear to resolve this specific issue.

Are there any other models where you can prevent the issue of computer names clashing? We don't need any other domain/boundary separation - all accounts/policies etc will be global, it's just this one issue is likely to cause a lot of problems, short of renaming all the servers (which given they are existing and in use, would be quite an amount of work).

Thanks!

Answer 1

Hi

If you accept to keep two device with same in same network , it can create a network conflict and DNS resolution conflict.
You should prevent two machines with same name in same network to avoid this kind of network conflict.

do you happen to have any good articles that explain management issues with child domains?

This article talk about some best practice if you choose to install a forest with multiple domain:

https://social.technet.microsoft.com/wiki/contents/articles/52587.active-directory-design-considerations-and-best-practices.aspx

Please don't forget to mark this reply as answer if it help you to fix your issue

Answer 2

Hi,

emphasized textWith one-forest/one-domain it seems there will have issues joining existing regional servers that have the same name, right?*

Yes , computer object must be different in same domain.

*Would this be a scenario for child domains? *

Create many domain to avoid name conflict , it's not the good approach. Imagine if you have 3 or more servers with same name, you have to create at least 3 domain just for this case. it will be complicated to manage your active directory environment.

I recommend you to start by define new naming convention rule for all your members machine (workstation and servers) to avoid this kind of name conflict. After that , you rename all workstations and servers in order to follow to this naming convention ,then you will be able migrate all machines to new forest with single domain.

Please don't forget to mark this reply as answer if it help you to fix your issue

Answer 3

Something here may help.
https://learn.microsoft.com/en-us/windows-server/remote/remote-access/ras/multisite/plan/step-2-plan-the-multisite-infrastructure

--please don't forget to Accept as answer if the reply is helpful--

Answer 4

Create many domain to avoid name conflict , it's not the good approach. Imagine if you have 3 or more servers with same name, you have to create at least 3 domain just for this case. it will be complicated to manage your active directory environment.

Yes it feels like a compromise either way - manage more domains, or rename a lot of existing servers that will cause issues etc. I thought child domains were relatively simple concepts though (compared to say two forest domains with trusts etc), do you happen to have any good articles that explain management issues with child domains?

Answer 5

Thanks ThameurBOURBITA - that's a really nice link I'd somehow not come across before. It leaves me conflicted though, even that describes splitting up regional large networks by domains (one forest multiple domains) - and that does align with our model (multiple existing regional networks with hundreds of computers).

We'll have to just determine which is going to be most beneficial to us in the long run and weigh up the domain management overhead vs aligning hundreds of existing computers to a common naming system etc. I would rather keep it simple so hopefully we can go down the naming route.