locked
Windows Server 2003 File Replication RRS feed

  • 問題

  •  

    I hv several remote site that need to perform file replication. Currently, all the remote site using different domain name. Additional, remote site will not access the resource except the replicate file. I hv read the document in technet that server for file replication must be in the same domain. Is there hv any best practice for my case?

    2008年8月15日 上午 01:33

解答

  • Dear Customer,

     

    Thanks for your update.

     

    Please help me collect more information, they can narrow the issue down and help us diagnose the cause:

    1. You should check the event log. See if it provides any hint to the problem.

    Please let me know the information above so that I can provide further assistance on this problem.

    Sincerely,
    Tom Zhang

     

    2008年9月10日 上午 09:20
    版主

所有回覆

  • Dear Customer,

     

    Thanks for posting here!

     

    From your post, I understand that you would like to know the reason to create multiple domains in a forest. If I have misunderstood your concern, please let me know.

     

    As we know, when creating multiple domains, we usually create a dedicated forest root domain. This root domain is a domain that is created specifically to function as the forest root. It does not contain any user accounts other than the service administrator accounts for the forest root domain, and it does not represent any region in your domain structure. All other domains in the forest are children of the dedicated forest root domain.

     

    Using a dedicated forest root provides the following advantages:

     

    - Operational separation of forest service administrators from domain service administrators. In a single domain environment, members of the Domain Admins or built-in Administrators groups can use standard tools and procedures to make themselves members of the Enterprise Admins and Schema Admins groups. In a forest that uses a dedicated forest root domain, members of the Domain Admins or built-in Administrators groups in the regional domains cannot make themselves members of the forest-level service administrator groups by using standard tools and procedures.

     

    Warning: Because a domain is not a security boundary, it is possible for a malicious service administrator, such as a member of the Domain Admins group, to use nonstandard tools and procedures to gain full access to any domain in the forest or to any computer in the forest. For example, service administrators in a nonroot domain can make themselves members of the Enterprise Admins or Schema Admins group.

     

    - Protection from operational changes in other domains. A dedicated forest root domain does not represent a particular region in your domain structure. For this reason, it is not affected by reorganizations or other changes that result in the renaming or restructuring of domains.

     

    - Serves as a neutral root so that no region appears to be subordinate to another region. Some organizations might prefer to avoid the appearance that one country/region is subordinate to another country/region in the namespace. When you use a dedicated forest root domain, all regional domains can be peers in the domain hierarchy.

     

     

    In a multiple regional domain environment in which a dedicated forest root is used, the replication of the forest root domain has minimal impact on the network infrastructure. This is because the forest root only hosts the service administrator accounts. The majority of the user accounts in the forest and other domain-specific data is stored in the regional domains.

     

    One disadvantage to using a dedicated forest root domain is that it creates additional management overhead to support the additional domain.

     

    For more details, please refer to the following MS article:

     

    Choosing a Regional or Dedicated Forest Root Domain

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/17b3cf15-4fb2-4b6a-994a-4d9e52593c12.mspx

     

     

    Additional Information:

    =======

     

    Multiple Forest Considerations in Windows 2000 and Windows Server 2003

    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/activedirectory/mtfstwp.mspx

     

     

    Hope the information above is useful.

     

    Sincerely,

    Tom Zhang, MCSE 2003

    2008年8月19日 上午 07:39
    版主
  •  

    As i am using 03server (non R2 version). My file replication base on DFS, can File replication work on cross domain struction? Because when i create DFS root, all of the share folder should be under the same domain.
    2008年8月20日 上午 06:02
  • Dear Customer,

     

    Thanks for your update.

     

    Please help me collect more information, they can narrow the issue down and help us diagnose the cause:

    1. You should check the event log. See if it provides any hint to the problem.

    Please let me know the information above so that I can provide further assistance on this problem.

    Sincerely,
    Tom Zhang

     

    2008年9月10日 上午 09:20
    版主