Single Forest/Single Domain utilizing OU/Sites - Is it Secure
Posted on 2009-12-18
We have 3 administrators all having the same role (all trusted)
We have 3 separate single forest/single domains (staff.domain, lab.domain, and public.domain) to accommodate 3 separate functional areas (staff, labs and public). Each functional area has no access to the other areas all separated by vlans.
Each forest/domain has two 2003 server domain controllers. It was set up initially this way as a way to restrict access from each other.
Staff is made up of one subnet, public has 3 subnets and labs have 2 subnets. Each functional area has own resources and policies.
We are in the process of redesigning network. We now have Windows 2008 R2. Without compromising security between the functional areas, is it possible to redesign to create a single forest with a single domain using OUs and sites? Total objects among all 3 domains are less than 1000.
Most documentation is geared at large geographical companies over WANS. I am having a difficult time applying to our small environment. We do not use Exchange. Any suggestions would be most appreciated. I can provide additional info.
What would be the pros/cons or if even feasible.