Active Directory Design Guideline Changes

Hi folks,

After a bit of reading, best practice for Active Directory domain design and operations now suggests:

1. Only use Active Directory DNS domain names which you can register publically (and ideally, are already registered) – this means no more “company.local” DNS domain names

2. Don’t bother with empty forest root (“placeholder”) domains – they don’t help with migrations, demergers, security or anything else and are just a waste of two good Windows licences

3. Don’t create a Windows virtual machine template without SYSPREPing it first – otherwise, if it ends up being a DC, you’ve had it

4. NEVER snapshot a domain controller

5. NEVER clone a domain controller

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s