1) What are the pros and cons using ROOT DOMAIN>CHILD DOMAIN>OU'S versus ROOT DOMAIN>OU'S for individual sites in active directory?
2) Does one model scale better than the other?
3) Does one model work better for "absorbing" newly purchased companies and their domains?
4) Is one model more "secure" than the other - how so?
5) What model do you use/prefer and why?
Background: We are a growing company with nine sites that currently use a single root domain with sub-ou's for each site and then users, computers etc. The goal is to have each site have an IT team to manage their own users, computers etc. and group policy to be managed centrally. We would like to avoid having the site IT teams be domain admins.
I am looking for as detailed answers as possible please. I also know there may be no "correct" answer to some of these questions. I am looking for pros/cons and opinions. I will award points based on how detailed and how compelling your argument is.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL