Rob, Whether they are a second domain, or a child doesn't really matter from a security and control standpoint. The domain that has the Enterprise Admins group is the one that's ultimately in control... In all other instances, the domain trusts between two domains are the same as the trust between parent and child domains... Security can be set separately in the child (password complexity, PW aging, etc) just as if it was a separate domain... In other words, it's purely semantics on which way it appears and the only ones who would ever know the difference are the server (account, email, etc) admins (once you set up the UPN addresses the way you want them).
The only thing I'm not 100% sure on (someone please correct me if I'm wrong!)... If you're joining an existing NT4 domain to an already existing AD forest, you may only have the option to bring it on as a child... You may not have the option to make it a separate domain in the same forest (I haven't done it for so long, it's a bit hazy)... The only other way to move the accounts would be with the ADMT... Joe Pochedley Weiler's Law - Nothing is impossible for the man who doesn't have to do it himself. -----Original Message----- From: Weatherly, Rob [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 4:40 PM To: NT 2000 Discussions Subject: RE: Difference Between Child and New Domain As far as I knew that was really the only difference I can't think of much else that is different I told that the name space doesn't have anything to do with it You can have "stupid-dumb-idiots.com" on the internet and still have "WeThinkWeAreSmart.co.uk" internally. They don't care they want that name space. So we are looking for supporting docs as to why they should be a child domain. We want a child domain for better management and security control over what they do. -------------------------------- Rob Weatherly -------------------------------- -----Original Message----- From: Chris H [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 4:31 PM To: NT 2000 Discussions Subject: Re: Difference Between Child and New Domain IMO the one thing gained (or not) by the seperate domain is the ability to apply a differing set of security guidelines to those users. For instance, we have a seperate domain for our Mexico office as we apply more strict security there on the users and computers. ----- Original Message ----- From: "Weatherly, Rob" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]> Sent: Tuesday, August 12, 2003 4:19 PM Subject: RE: Difference Between Child and New Domain I completely agree with trying to keep everything in one domain. In this case we actually have to have a second domain. They want to be set up as a second domain in the same forest. We want to set them up as a child domain. The problem is we are having trouble finding documentation to support either or. The reason they want a second domain is because they want to maintain the internet namespace internally (company.co.uk). -------------------------------- Rob Weatherly -------------------------------- -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 12, 2003 4:01 PM To: NT 2000 Discussions Subject: RE: Difference Between Child and New Domain My personal belief is that it doesn't matter either way, although I prefer to keep it as a single domain rather than two. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Weatherly, Rob [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 12, 2003 3:31 PM > To: NT 2000 Discussions > Subject: RE: Difference Between Child and New Domain > > > Wow!! I guess this question was too tuff for everyone > > -------------------------------- > Rob Weatherly > -------------------------------- > > -----Original Message----- > From: Gonzalez, Alex > Sent: Tuesday, August 12, 2003 8:58 AM > To: NT 2000 Discussions > Subject: Difference Between Child and New Domain > > > > I was wondering if anyone could tell me some of the > differences between > setting up a child domain and setting up a new domain in the > same forest > in Windows 2000 Active Directory. We have a company that we own that > wants to finally implement Windows 2000 and join our forest > but it is up > in the air as to whether we should have them become a child domain or > become a new domain in the same forest. If they become a child domain > they would become them.us.com. If they become a new domain > in the same > forest they become them.co.uk. The reason they want to do this is to > stay current with their Internet name space which I told them is not > necessary. Any help would be appreciated. > > Thanks!! > > > ------ > You are subscribed as [EMAIL PROTECTED] > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&tex t_mode=&la ng=english To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=e nglish To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=english To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=english To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=english To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=english To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
