RE: [ActiveDir] Domains in a Forest

[Joe]

That is simply a new tree in your forest, pretty basic. It doesn't have to be disjoint (neither netbios to AD name nor AD domain name to machine domain suffix).   If you want true admin level security boundaries though, you are talking separate forests.   My running recommendation for AD is you have one set of Admins for all domains. No such thing as splitting up a forest securely among admins for different domains.     joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Friday, October 24, 2003 1:25 PM To: [EMAIL PROTECTED] Let's say I have a domain called DomainA.com and now my organization is talking with another organization who would like to have DomainB.com. Management at both organizations would like "pretty seamless" access to each other's resources while maintaining their own identities...i.e, DomainB does not want to be DomainB.DomainA.com.   My first thoughts are to have a forest with both domains in it (Forest containing DomainA.com and DomainB.com)...but how easy/hard is that to implement when DomainA.com already exists and you need to create/add DomainB.com to the forest?     I'm stepping into new territory here and would appreciate any suggestions, comments etc. concerning this. I'm researching this on the web and I know from past discussions on this list that I'm bound to learn something new here! If you need more info, let me know.   r/ Lou