asked on

Adding a Child Domain v.s. Second forest

We are adding a new remote facility and are trying to determine whether to add a Child Domain to our existing forest or create a secondary forest. I understand the security of the forest and only doing a one way trust for security of corporate file data, but what are the pros/cons of a child domain as far as the data being accessible under the schema, password recoverability (hacking). What are others doing when setting up far away offices in regards to maintaining a highly secure network?

vmdude

What are the domain and forest functional levels?

It depends on what you are looking to secure against. Creating a separate forest for a branch office needs careful consideration. For example there will be an extra overhead for maintaining two forests even with trusts. If it is part of the same company, I would go for the child domain personally.
Another option would be to deploy a read only domain controller at the remote site and have it part of the same domain. That is usually a good way to secure a branch location.

Sarang Tinguria

As per you previous question Create a child domain and provide the task delegation
there will ease of management

bergquistcompany

ASKER

Is there risk however with the child domain in having the schema information available to the branch office? How much data is available through a child domain?

So if we were adding offices in say South Pole, North Pole, Alaska and Hawaii it would be more common to add child domains for branch offices that you want to wrap some more security around corporate data to limit the branch office technicians abilities v.s. another forest? When you say more overhead what else?

ASKER CERTIFIED SOLUTION

vmdude

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial