Announcement

Collapse
No announcement yet.

Create domain under root domain or leaf domain?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Create domain under root domain or leaf domain?

    All,

    I have a root domain R and a leaf domain L. They are both production but the root domain is the forest and no user really authenticates to it (everyone uses L). We need to add a development domain and the requirement is that anyone from L should be able to access resources on the new DEV domain but no one from DEV should be able to access resources on L. I am just wondering where is the best place to create the DEV domain (under R or under L)? Not sure if it makes even any differences. What would be the advantages?

  • #2
    Re: Create domain under root domain or leaf domain?

    create a new leaf domain under the forest.
    have the new leaf domain trust the existing leaf domain, but do not allow the existing leaf domain to trust the new domain.

    (I think - I'd really like it if someone could confirm as I've only just recently covered this...)
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Create domain under root domain or leaf domain?

      Hey hey hey this isn't Novell no calling child domains leafs!

      buy yea, make a new child under the root and change the trusts to a one-way between the two child domains.

      Comment


      • #4
        Re: Create domain under root domain or leaf domain?

        Originally posted by Garen View Post
        Hey hey hey this isn't Novell no calling child domains leafs!

        buy yea, make a new child under the root and change the trusts to a one-way between the two child domains.
        I was waiting for someone to call out Novell on this one.

        Comment


        • #5
          Re: Create domain under root domain or leaf domain?

          Personally I would create your dev environment in a seperate forest and configure a one-way trust.

          Comment


          • #6
            Re: Create domain under root domain or leaf domain?

            Originally posted by Garen View Post
            buy yea, make a new child under the root and change the trusts to a one-way between the two child domains.
            This is not supported - trusts between domains in forest have to be bi-directional.

            If the requirement is to have one-way access, new forest with unidirectional trust is the way to go.
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: Create domain under root domain or leaf domain?

              Originally posted by Hanley View Post
              Personally I would create your dev environment in a seperate forest and configure a one-way trust.
              Second this. This is going to give you the isolation you require.

              -Jason
              MCSA/MCSE 2K3,MCITP:ESA,MCTS x 4,VCP x 2

              Comment


              • #8
                Re: Create domain under root domain or leaf domain?

                Thank you all. I did create a separate forest for dev as I don't want to mix anything with prod. I was also thinking that if a change needs to be made at the forest level (such as definition of class or attributes), it will not affect prod...

                Thanks again.

                Comment

                Working...
                X