Why? What's the driving force behind the move to separate forests rather than separate domains (that's effectively what you're doing). While there are reasons that could drive that, there are a lot of reasons to avoid it as well. Documenting the reasons goes a long way towards determining the structure.
If you're going to share resources, you will need to set up forest trusts and allow plenty of stuff between them. At that point you may as well have a single forest; it's much easier. If there's any need for any shared resources, I'd be looking at a single forest model and working through the management concerns one by one. I'd actually probably start with a single domain model and have to prove why it couldn't work. The issues are often political rather than technical. *********************** Charlie Kaiser [email protected] Kingman, AZ *********************** > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Thursday, February 18, 2010 8:48 AM > To: NT System Admin Issues > Subject: network topology > > I work for a small company that is a collection of small > companies. Currently one domain with offices in several > locations in 2 states, Ok and Az. Owners want to create > separate domains, not child domains. Each division would have > their own DC's and independent AD structure. I am hoping > someone can just give "big picture" yes/no's to where we are > trying to go. More typically it would be setup like this: > [email protected](parent co); [email protected]; [email protected] > and [email protected]. What we want looks more like this: > [email protected]; [email protected], etc. > > 1. Can we do this without being stupid on one physical > network(all offices currently connected with IPSEC tunnels, > use VLAN switching to separate domains) 2. Can we setup co1 > domain as "management" domain and give exchange access to > members of other domains; central AV management, etc...? > > LOTS of details not provided, IK, just getting started here. > We are currently running w2k3 servers and E2k3. New domains > will be created on W2k8R2 servers and E2K7. > > Thanks for any help/discussion. > > Jeff > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
