Kevin Remde's IT Pro Weblog


Best of Q&A from Webcast: Best Practices for Designing the Active Directory Structure

  • Comments 2
  • Likes

Holding some real power!


Below I’ve pasted an edited and cleaned up copy of the Q&A from the webcast I delivered on March 20th: Best Practices for Designing the Active Directory Structure

BIG thank you to Chris Henley for handling the Q&A on the backend, and who’s work this really represents.


Questions and Answers:

“Will this webcast be available for download at a later time?”

Yes it will, you can go to

“Is there a good definitive resource for Active Directory Deployments?”

Good Question! I like the Active Directory Deployment Guide located here

“What about Desktop Deployments?”

I always use the info located on the followign link.

“Are there any other webcasts that focus on Active Directory?”

There are tons. I would Recommend Michael Murphy's Active Directory Series as a great resource or Chris Henley's Migrating to Active Directory and of course Kevin Remde's Administration series. Links to these can be found here:

“If application requires different schema, would it be better to use ADAM and provision using something like IIFP?”

That is a good possibility. You could also of course run separate Forests.  It really depends on network requirements. It is certainly nice that we have the ADAM option.

“Most of the AD designing concepts applies to ADAM as well?

In theory yes.  However, ADAM generally is used to provide AD access to applications and not to build network hierarchy. See the following

“I'm looking for standard policies to apply on kiosk machines, do we have set of policies can be downloaded from web?”

Start with this interactive GPMC training which illustrates the use of policy on a KIOSK. Then you can begin making your own choices for configuration.

“Will we be able to download this webcast for viewing?”

“Yes, you will be able to access this webcast on demand and have the ability to download in 24 hours at

“What Program are you using to get this nice graphics - Sorry for the off the wall question ;)”

It is actually just a PowerPoint presentation.

“Application( Outlook 11) is looking for GC or PDC to open??”

I believe it is looking for a simple domain controller only.

“What if all DCs are also GCs?”

It really depends on the size and the structure of the organization.  

“We want to use DFS at all branch locations. Would you recommend a DC at those locations to limit traffic across the WAN link?”

Interesting question. If you think about it, putting a DC at a branch office would actually increase the total traffic because it would add replication traffic. The traffic reductions would come from authentication traffic. Unfortunately there is no right or wrong answer. Yo need to look at the traffic on your network and then make the decision.

“Always in my segment, a user always have to press retry to open Outlook (DC2 is a in the segment)what U think is wrong??”

It sounds like a rpc issue try the information here.;en-us;325930

“Hey Kevin - Where are you getting your Circles and Domain graphics?”

We have a content development team that does all of the initial creation for us, so I really don't know how they perform that graphical magic.


  • We run Server 2003 here at Cherry Hill East High School and I need to get word
    to all the students about a change that is happening here without printing 2200
    flyers. I did this before but to only about 20 students. I manually went into
    each students profile and drilled down to their startup directory and inserted
    a .bmp file so when they logged into the domain, paint would start because of
    the extention od the image file and show the message.bmp. Now I have to do this
    but not to 20 students but to 2200. Is their a script available or can you tell
    me how to do this? I was in AD and saw a object the said "Install this program
    at login" I read the discription and it said file or program. I tried it out
    but still waiting to see if it worked.

    Any feedback would be appreciated!!

  • I don't know of a script off-hand, but I think you're on the right track.  A logon script can assigned using Group Policy to all users (based on the OU or to the domain or site you link the policy object to).  I don't know if simply putting a .bmp file in place of the policy script would work (having not tried it), but certainly a one-line batch file that launches some application that displays your message (launching Paint with the required bitmap file loaded) would do the trick.  

    Anyone else have a suggestion?

Blog - Post Feedback Form(CAPTCHA)
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment