Title: [ActiveDir] Trusting Domain SIDs
We are looking at redesigning our extranet and are considering a separate forest for the extranet users and eventually most of the resources needed for the extranet will be put into that forest. My thinking is that since a domain isn't a true security boundary and it really won't cost us more to bring up a forest vs. domain why not go with a separate forest. The users in the extranet forest won't necessarily need access to the internal systems but some of the machines will need to talk to internal servers so I assume at some point we will need a trust relationship.  My question is simply what am I missing and has anyone done similar setups?
 

Holland + Knight
 
Travis Abrams MCSE, GCIH
Systems Engineer
Holland & Knight LLP
 
NOTICE:  This e-mail is from a law firm, Holland & Knight LLP ("H&K"), and is intended solely for the use of the individual(s) to whom it is addressed.  If you believe you received this e-mail in error, please notify the sender immediately, delete the e-mail from your computer and do not copy or disclose it to anyone else.  If you are not an existing client of H&K, do not construe anything in this e-mail to make you a client unless it contains a specific statement to that effect and do not disclose anything to H&K in reply that you expect it to hold in confidence.  If you properly received this e-mail as a client, co-counsel or retained expert of H&K, you should maintain its contents in confidence in order to preserve the attorney-client or work product privilege that may be available to protect confidentiality.

 

Reply via email to