Hi, In my opinion you need more answers before on deciding what the main structure will be... Answer the following quiestions first... * How is each company located worldwide (same continent, different continent)? * Does the info from each company to be available everywhere? * What are the chances one of those companies will be sold, or what are the chances the main company will buy other companies that should be integrated into AD * Which company is the main company? Are the other subsidiaries? Are all companies equal and are these just working together? * From those companies.."who are the service admins" (the admins that manage DC, sites, replication, DNS, etc-> in other words the AD related services and its data) * From those companies.."who are the data admins" (the admins that manage users, groups, member servers, etc) * Does each company have or need its own password policy? Remember that the AD FOREST is the security boundary and that EACH service admin within a forest MUST be equally trusted! No matter how deep you are in some child domain you will have the possibility of "gaining" enterprise admin privileges. Don't forget about the physical security of each DC. Secure each DC! * if you have one set of servioce admins -> one forest! * if you have multiple sets of service admins and the different sets do not trust each other -> forest per service admin set * If each company needs its own password policy and it differs from the others -> 1 domain per password policy (although there exist products that can implement multiple password policies within one domain) * If each company is located in different continents and the info of each company does not need to be everywhere you could created a domain per company to control replication. In the first days of AD this was a good reason. Although still used by some companies this is not mandatory as replication in w2k3 AD is very enhanced examples are linked value replication, no full replication for GCs on PAS change * If the main company has intention to sell one of those companies in the future it is easier if each company has its own domain. Not mandatory, but easier. The same applies if it has the intention to buy other companies..... buy...sell... buy...sell etc. * Concerning the child domains or the domain trees..... Although the name is different (companyA.com | companyB.com | companyC.com against companyA.com | companyB.companyA.com | companyC.companyA.com or companyA.root.com | companyB.root.com | companyC.root.com ), technically there is no difference. Remember that the first domain created in the forest is the forest root domain and that domain is VERY important. If that one dies.... bye bye forest. The only different is politics and feelings. Child domain can give people the feeling they are part of a hierarchy. It is only a structure with NO hierarchy! * An empty forest root could be created if each company is equal and two of them do not accept that one is the forest root * Multiple companies can exist in the same forest and use the same exchange org and have different e-mail addresses (different recipient policies based on lets say some attribute) Does this help? Cheers, #JORGE#
________________________________ From: [EMAIL PROTECTED] on behalf of Semsem-Karawan Sent: Sat 7/23/2005 9:54 PM To: [email protected] Subject: [ActiveDir] Active Directory-Please Advice Dear All; Hi , my name is Osama, i am 29 years old. i want to ask one questions & i need some help from you . on what basis , i am choosing to have or to Make Child Domain , or New Domain Tree in the exsiting forest , or create New forest ? on what basis ? ========================================== I am asking this questions because, i have 3 companies & and each one has its own SMTP domain name , and its register outside. We are planing to have network and connect each company We already consult 3 Microsoft Partener company and some of them are saying make the 2 companies as Child Domian , from the Parent domain. Some of them said , no make each company as New Domain Tree and its exisiting in the same forest . ===================== Actually we will have only one exchange server will be responsible about the 3 companies as well. Can any one tell me his advice . THanks in Advanced. Osama Ahmed Sameer List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
