I would agree. I wouldn't spin up a separate domain for this. If the requirement were truly there, I wouldn't just do a separate domain, I would do a separate forest unless the people who were getting the domain didn't mind not having any admin rights in that domain.
Having the separate domain isn't going to buy anything if the company is bought out, it isn't like you can pick it up and run off with it, resourced kept in the same OU of the mother domain gives the same benefits. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Monday, November 24, 2003 12:06 PM To: '[EMAIL PROTECTED]' The only part I see that may be a good reason to have a separate domain is the policy requirement. If you have to have different policies that can't be applied to the whole domain (such as password policies) then you'll want a separate domain. The rest is a good candidate for an OU in my opinion. Deeper understanding would have to be had to know for sure however. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 8:23 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Design question All, I've lurked on this list for a long time now - and it's been a real learning experience... Thanks to all of you!! Now I'm finally in a position to have something to put to the list - I'm afraid I'm still running an NT domain... But that is about to change :-> We have (fairly) recently been bought out by a company who are in the process of migrating to AD (to allow them to use Exchange 2000). I (and some others) have been asked to justify why we / they should create a separate domain in their forest to migrate our business into. I've come up with a number of reasons (detailed below) - but first, some background.... :-> "My Domain" NT 4.0 with some Win2K member servers, mixed Win2K and NT4.0 PC's (APPLICATION.RLI) Exchange 5.5 One way trust with FOONT001 (we trust them) Approx 300 Users and 40 Servers "Their domain(s)" NT 4.0 with some Win2K member servers, mixed Win2K and NT4.0 PC's (FOONT001)(our domain trusts this one). Win2K Forest, Empty root domain (FOOGROUP.NET) 1 sub-domain (FOO.FOOGROUP.NET) Exchange 2000 - migration underway from mainframe based system (Memo) Approx 5000-6000 Users and 500+ Servers Company Structure: Us: We are an offshore finance house - pensions and investments mostly to far-east customers. To maintain this status we have to show a level of "off-shoreness" to the authorities. IT has historically been provided in-house, with little reliance on parent company. Group: Centralised IT structure, heavy use of Citrix and web-based apps provided from head office. Tend to have little or no IT presence in "remote" offices. What we are leaning towards is that we create another sub-domain (FOOI.FOOGROUP.NET) and migrate our domain into this. They are suggesting that we migrate into FOONT001 - and will ultimately be assimilated into FOO.FOOGROUP.NET. I'm trying to avoid the pain and suffering for our users of a double migration Reasons for separate domain: 1. Ease of migration - one step, at our pace - we "control" the sub-domain, so we control the migration. Consolidation into one domain at a later date would be relatively easy. 2. Ease of separation in the event we are sold off. We are an entirely separate business unit - and could be sold easily and at short notice. 3. Separate policies - as a part of our offshore status, we are sometimes subjected to different regulatory requirements. Based on my understanding, GP's are (to an extent) domain specific - so we could implement different password requirements for example, if required. Basically, does my argument seem sensible - or should we be looking to create an OU for us? Or something else entirely? Sorry for the long post - Any comments / suggestions / flames / help would be gratefully received - and I'd be happy to clarify anything. Thanks in advance Jack List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
