We are redesigning windows infrastructure. Our new design will include a single 2003 forest with 25 child domains. FROM 25 forest to one forest and 25 child domains. The problem i have is our network infrastructure, currently has a firewall on every vlan, which they say is best practice? The designs from MS and talking to MS directly says NO firewall between domains in a single forest and NO nat'ed address. WELL network group say MS is crazy. The security group doesnt want IPSEC because they can't sniff it. AND the NETWORK group doesnt want to open all the port neccessary across the firewall "which are all internal by the way, we are not asking them to open across firewalls outside the company."
AND NOW FOR THE QUESTION: Does anyone have a single forest multiple child domain design, that i can talk to and see how you handled the network? THIS leads into another project which is single sign on for the company.