In building our new Active Directory structure I’m planning on deploying our forest with two domains, the root domain being a “security” domain, with no users (except a couple MIS people for administration), but with a number of our servers, and a second domain on the tree for users and client machines. The reasons I’ve heard for doing this is to protect the Schema, and the various Administrator groups from being compromised by people who can log into the domain. Is there anything else that doing this will protect? I’m going to have to have a nice bullet point list to present to prove to management that it’s worth their while to spend $10,000 to build an almost unused domain.
Brad Martin Go Daddy Software 480.505.8800 ext. 250
|
- RE: [ActiveDir] Security Domain Brad Martin
- RE: [ActiveDir] Security Domain Gil Kirkpatrick