Well, really, I'd say the long and the short of it is about security boundaries.
I know that the army used to stand-up a gazillion NT domains whereas the Navy had a single domain - purely because of the difference in how they viewed security boundaries. >From a scaling perspective, there is almost never a reason to stand up a >separate forest anymore. The only real reason is for separation of security. >It is trivial, within a child domain, to compromise the enterprise domain and >then have access to all domains in the forest. This is why the forest is the >security boundary. From: Jon Harris [mailto:[email protected]] Sent: Thursday, December 03, 2009 10:26 AM To: NT System Admin Issues Subject: Re: Windows Child Domain Not that I can give you a real answer but that would depend on which Server OS you are using and the functional levels. There have been a number of changes between 2003 and 2008 that have changed this answer. Jon On Thu, Dec 3, 2009 at 10:19 AM, Fogarty, Richard R CTR USA USASOC <[email protected]<mailto:[email protected]>> wrote: Can anyone explain to me when one would / should use a Child domain as opposed to setting up a new domain/forest? Rick ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
