Announcement

Collapse
No announcement yet.

Active Directory Design

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active Directory Design

    I was hoping for some white papers etc on the following

    We presently have a single forest with one domain. We are having another company join us and are unsure if we want to make a child domain for them or break off into another complete forest, or even perhaps an empty root forest domain. I was looking for some up to date documents, white papers, guides etc that might help us determine what is the best way to go about this and also the benefits and disadvantages of each way.

    Cheers

  • #2
    Re: Active Directory Design

    If you're going to join their network infrastructure I suppose they have some AD structure also. Then you can make forrest trust for example.

    Or... If you are going to build new NOS with your new company, you could for example create new site, place DC on site and have one domain forrest with two sites (main office and new company).

    Comment


    • #3
      Re: Active Directory Design

      We arent doing anything until we learn more the benefits and disadvantages of each, this is just a research phase, not implemenation

      Comment


      • #4
        Re: Active Directory Design

        Originally posted by zoddy View Post
        We arent doing anything until we learn more the benefits and disadvantages of each, this is just a research phase, not implemenation

        That's the way to go.

        The first things you need to decide, is how the newly aquired company is going fit in your company.

        Is that company going to be assimilated into your comapny?

        Is that company going to keep it's own indepent management structure, in a way that might be on the market for sale again?

        Etc, etc.

        Take all pro's and cons in persective, build a business plan and calculate the costs of all possible senario's.

        Almost everything is possible from a technical point of view, but it are the costs and so the one who pays the bills which will decide what is feasible.
        [Powershell]
        Start-DayDream
        Set-Location Malibu Beach
        Get-Drink
        Lay-Back
        Start-Sleep
        ....
        Wake-Up!
        Resume-Service
        Write-Warning
        [/Powershell]

        BLOG: Therealshrimp.blogspot.com

        Comment


        • #5
          Re: Active Directory Design

          Originally posted by zoddy View Post
          I was hoping for some white papers etc on the following

          We presently have a single forest with one domain. We are having another company join us and are unsure if we want to make a child domain for them or break off into another complete forest, or even perhaps an empty root forest domain. I was looking for some up to date documents, white papers, guides etc that might help us determine what is the best way to go about this and also the benefits and disadvantages of each way.

          Cheers
          Under all the companies we acquired we joined them all to our existing Domain, in my opinion the best thing would be to join them to your existing domain (Domain Migration) and try avoiding having multiple Domains if it fits the Business needs.

          Comment


          • #6
            Re: Active Directory Design

            First, good idea to think about what you will do before doing it - a lot of people skip that step.

            One important thing to think about is, if using Windows 2000 or 2003, that you can't have different password policies in the same domain. So if corporate policies dictate that password policies are different in both divisions, you will have no choice but to go with a multiple domain design, with or without a root domain, depending on other things.

            I'm not a fan of having multiple domains unless absolutely required as a single domain structure usually has all the flexibility you need through the use of OUs and delegation, and it will remain simpler to manage, and require less domains.

            You also have to think about who's going to manage IT for that "other" company joining you. Is it possible that they will keep their existing IT department? Will they get merged with you? If so, remember that having them as domain admins in the same forest as you requires a lot of trust, even if it is in separate domains. In a case where you can't trust them (ie: the companies will continue to operate separately, no common management etc..) - use separate forests, domains, and establish some kind of identity federation where needed. (or restrictive trusts)
            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

            Comment

            Working...
            X