- Domain Design Overview
- Choosing Your Domain Namespace
- New Domain Design Features in Windows .NET Server 2003
- Choosing Your Domain Structure
- Single Domain Model
- Multiple Subdomain Model
- Multiple Trees in a Single Forest Model
- Federated Forests Design Model
- Peer-Root Domain Model
- Placeholder Domain Model
- Special-Purpose Domains
- Renaming an Active Directory Domain
- Best Practices
Placeholder Domain Model
The placeholder domain model, also known as the sterile parent domain model, deserves special mention because of its combination of a single namespace/multiple domain model and the peer-root model. Simply put, the placeholder domain model, shown in Figure 5.14, is composed of an unoccupied domain as the forest root, with multiple subdomains populated with user accounts and other objects.
There are two distinct advantages to this design. First, as with the peer-root model, the schema is separate from the user domains, thus limiting their exposure and helping to pro-tect the schema. Second, the namespace for the user accounts is consistent in the namespace, thus mitigating any potential political issues. In other words, because all users in all locations are at the same logical level in the domain structure, no one group will feel superior or inferior to another. This issue may seem trite, but the psychological nature of humans is finicky, and you may find that this design offers advantages for your organization.
Figure 5.14 Unpopulated placeholder domain.
Real-World Design Example
Company E is an architectural firm with major offices located in New York, Chicago, Los Angeles, Sao Paulo, Rio de Janeiro, Berlin, Paris, London, Tokyo, Singapore, and Hong Kong. Administration is centralized in New York, but regional administration takes place in Rio de Janeiro, London, and Tokyo. The company has recently migrated to Active Directory and has chosen to deploy a placeholder domain model for its organization that looks similar to Figure 5.15.
Figure 5.15 Complex Active Directory placeholder domain structure.
All users authenticate to geographically centric subdomains and are contained in OUs corresponding to their physical location. In addition, the administrators in New York have segregated the schema master function into the placeholder domain, limiting its exposure and have limited access to this domain to a small group of high-level administrators. Each domain is logically oriented as well to give the impression of autonomy to each geographical unit.