Brad, We are implementing the same forest/domain structure as you are (ie, separate for external user access) and for the same purpose. We do not have a trust to the internal "core" domain/forest; internal users who need access to the extranet domain must have separate accounts.
The other tweak I've done is to have the external user accounts in a separate OU with the business unit doing some of the account provisioning. A major issue, I think, is to ensure lifecycle management of these external user accounts, just as you would internal--otherwise a lot of junk could accumulate rather quickly. AL Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com ---------------------------------------------- "Cry 'Havoc!' and let slip the dogs of war" - Anthony, in Julius Caesar III i. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad Sent: Thursday, November 10, 2005 4:04 AM To: [email protected] Subject: RE: [ActiveDir] Incorporating external users....... Just as an update..... We have decided on an additional and new separate Forest/Domain infastructure to host external user accounts... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: 08 November 2005 22:24 To: [email protected] Subject: RE: [ActiveDir] Incorporating external users....... > [mailto:[EMAIL PROTECTED] On Behalf Of Susan > Bradley, CPA aka Ebitz - SBS Rocks [MVP] > > Windows 2003 r2 Enterprise [not standard] [and not a free upgrade] > Excepting for customers with Software Assurance, and you only need the enterprise version on the Federation Servers and Federation Server Proxies. Ulf List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?4318150) This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
