Why be a Child Domain?

Departments at Virginia Tech that plan to implement Windows 2000 should consider joining the Virginia Tech Windows 2000 Active Directory directory service as a child domain.

Benefits of being a child domain:

  • Centralized, secure, AD-integrated administration of Microsoft's Dynamic DNS. Because DNS is the primary locator service in Active Directory, it plays an extremely important role in any successful implementation of Windows 2000. Within Virginia Tech's Windows 2000 AD directory service, DDNS is administered from the root domain, Hokies. CNS has allocated the w2k.vt.edu namespace to the Hokies DDNS servers and passes requests for address resolutions within that namespace to Hokies. Hokies has forwarders to CNS DNS servers, so that requests made within w2k.vt.edu for computers outside of the namespace can be fulfilled, and visa versa. The diagram below illustrates how workstations within Active Directory exist simultaneously within the vt.edu and w2k.vt.edu namespaces.
    Virginia Tech's DNS

    Use of Microsoft's DDNS is required for successful implementation of AD partly because some records contain unusual characters which CNS's DNS servers won't pass.

  • Sub administration of your DNS domain within the w2k.vt.edu namespace. This gives child domain administrators the ability to create or delete CNAME records for their domain. Click here for details.
  • Consistent implementation through enforcement of the Child Domain Usage Requirements. Active Directory replication across domains and two-way, transitive trusts provide functionality for Windows 2000 domains, but also increases their inter-dependence. The Child Domain Usage Requirements are designed to protect you from erratic administration of a domain that you are tied to through AD.
  • If your users need access to resources secured by a Hokies account, such as Banner develop instances, then they need to be in a domain that has a trust relationship with Hokies. Since trusts will not be established with other AD root domains, you will need to join Virginia Tech's Active Directory directory service as a child domain to establish a two-way, transitive trust.
  • Participation in Virginia Tech's Active Directory directory service. Without this participation, you would not have access to objects or information stored within the directory. Trusts will not be established with other trees or forests because of the cost of replication traffic across the network and recommendations from Microsoft.
  • The expertise, experience, and support of the Virginia Tech Windows 2000 staff.