Domain Dilema

Morning Guys, hope you can help.

We have just taken over a company in North America they have no domain structure, no
Exchange server etc and have about 15 offices spread across Canada and US.

We in the UK have 12 offices connected by a MPLS system (VPN) in a single
Windows 2003 domain called ABC.local. (Forest root domain)

We have 6 exchange servers with domain controllers at each office.
We are going to implement a domain in North America with exchange servers etc.

From the UK we want to admin both domains, but North America needs only to admin
Its domain.

We need to share Exchange GAL's and possibly other resources. Also the entire company will use the email address @abc.com

My main question is do we make the North American domain a sub domain of abc.local
Say ABCNA.local?

Do we create a separate domains and setup trusts?

I think in the idea word we would have the ABC.local forest root and then 2 regional domains of NAABC.local and UKABC.local unfortunately all objects exchange servers etc are in the abc.local root domain.

Not sure which ids the bet way to proceed, earlier posts recommend adding NA to abc.local domain.

Any ideas would be greatly appreciated

Thanks

LVL 3
georgestarkAsked:
Who is Participating?
 
Jay_Jay70Connect With a Mentor Commented:
sure it would work, it will be a good fun migration that is going to be expensive, risky and painful, but yes it will work, the root domain structure is actually very cool having it empty...but its a waste of hardware in my opinion (i was faced with this same challenge so i have looked at it all before)

If your boss is going to be stubborn and is over cautious, then he is going to bite himself.....he needs to really take a look at his concerns and justify them..,.he is making a simple, easy task into a huge mess....for absolutely no reason......

I can tell you straight off the bat, you guys dont need child domains, its simply a waste f time and effort :) but you know this already, its your boss we need to talk to :)
0
 
partymarty84Commented:
If you require different security policies between NA and UK then have a subdomain.

Otherwise keep them in the domain and create sites and control replication this way.
0
 
tigermattCommented:
You say that North America should only be able to manage their own domain. Therefore, I would say you should go for a subdomain of your main domain, keeping all your UK objects in the root domain and having the NA domain branching off. Therefore, as an admin in the root domain you can manage both the root and sub-domain.

-tigermatt
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Jay_Jay70Commented:
Take a look here first
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_22929412.html?cid=236#a20192401

I discussed this situation previously....What you need to figure out first is business lines, whilst AD is a technical Tool, it is also designed to be built around your business lines.....

So, once you have checked that link, and can give me an idea of how your company will be sitting, i can share some ideas....most of the time a Single AD is the way to go with OU management, and delegation of control supplied

James
0
 
georgestarkAuthor Commented:
Guys
Thanks for your response
Jay that was my original post I have updated it with some extra info, your prevouis answer were great but the NA IT manager is concerned about permissions on domain controllers and exchange servers etc.
can we move DC's and Exchange servers users computers into a NA OU, create  account say NAAdmin grant that account full access for that OU only. cant see it with Servers.
exchange organization global settings and reciepients, DC replicate to other DC,s
Hope this makes sense.

If we did go for a child domain would we still get one exchange organization we need this as we have one email address

Thanks in advance

George
0
 
Jay_Jay70Commented:
Oh Hey mate i didnt even realise this was you - my apologies :)

i dont like the idea of moving DC's out of their root container, however it can be done...you have to be quite careful what you do with them policy wise....but yes, moving them into different OU's and granting access that way is an ok way to secure them....

As for child domain, yes, you can still have single organisation
0
 
georgestarkAuthor Commented:
Thanks Jay
Food for thought, i think we would like to add NA to our domain but the question of seperste IT departments and security is a issue not for us in the UK as we control all the doamin but the NA ITdepartment are a concern. it woul be nice to keep the abc.local domain for everyone instead of having a abc.local for the UK and NAabc.local for NA. the only thing we need to definatly keep is the single exchange organization as both UK and NA will be using the @abc.com email address.

again thanks for all your help on this and any further comment woud be appreciated.

George
0
 
Jay_Jay70Commented:
I still think your best bet is to use the delegation of control wizard on an OU...

This way you keep ABC.LOCAL as the single domain, and admins in the NA branch only have access to what you give them through the wizard, on the OU you specify...Maybe i am missing something here??

Cheers Bud
0
 
georgestarkAuthor Commented:
Jay
those are my thought exactly, the problem i sm thinking of is it NA IT make a chnage to say permissions on a Dc it will replicate to all servers. also because of the time zones NA IT need access to diagnose or fix issues.
i hope this makes sense.

Georgestark
0
 
Jay_Jay70Commented:
i wouldnt be letting them near the DC's...servers yes....but give them the adminpak and let them access just their OU's...problem solved.....create an emergency account for them if they need it to access DC's where you cant
0
 
georgestarkAuthor Commented:
Jay
thi sgets worse.
My boss wans to create 2 new sub domains UK.abc.local and NA.abc.local.
we then move all objects, servers, exchange servers from the root domain abc.local into the uk.abc.local leaving abc.local empty i dont know if this is even possible. we then have all exchage servers NAS servers Dc's OU's etc in the new subdomain and add servers where needed in the NA domain.

would this work?

Again your comments would be appreciated.

Warren
0
 
georgestarkAuthor Commented:
Jay

Sorry for the long delay, this project is still on hold at the moment, I will re-address this when the time comes.

Again thanks for all your help on this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.