Currently we have a single AD forest environment. All Dev/UAT/SIT/Prod application environments reside in this production version of AD (i.e. contoso.com). We are talking about creating new forests to separate the different environments. Something like this:
Prod= contoso.com UAT=contosouat.com Dev=contosodev.com I really like this from a risk perspective. Having the ability to test a change in AD and having that separation between the environments. Wanted to know if anyone has this type of setup, and if so some of the lessons learned from moving to this type of model. Things that I'm thinking about are trusts and user accounts. Would we allow trusts between the 3 environments so you could have the developers use a single set of credentials for all 3? This would ease the pain of a migration significantly, but your are giving up some of the benefit of the separation for testing AD changes if you do that. Also the thought of migrating applications through attrition. Don't force the existing application to migrate, but force them to put the next version into it. So over the next 3 years most of the applications will be moved over. Thanks Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected] The Guardian Life Insurance Company of America www.guardianlife.com ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
<<image/jpeg>>
