Hello List, I have a situation I would be interested in getting feedback from you all on. Our setup is Single Forest, Single domain, all W2K or later, DFL is W2K Native. We have a user population of around 14k and this domain is THE central AD service for the entire company. I am working with some colleagues on projects that are going to see a large number of users (around 7k) external to the company require AD type authentication (mainly for things like Share point and web based stuff). My preferred proposal is to create a second single forest single domain structure, place the services and external user accounts in it, and have our core domain be trusted by the external user domain so that internal users can access the service they need to. This will take time to document and procure hardware for, etc, so the business want justification as to why we shouldn't just add them to a dedicated OU. The reasons I am using thus far as follows:
1) I want to stipulate a more stringent password policy for external users 2) I want to prevent external users being members of the Authenticated Users group for our core domain 3) I want a clear line of demarcation between services/data used for external access and those provided for internal users What other issues/considerations have list reader come across when incorporating large amounts of external users? TIA, Brad This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
