Active Directory Design Strategy - Child Domain versus OU
Posted on 2010-08-23
1) What are the pros and cons using ROOT DOMAIN>CHILD DOMAIN>OU'S versus ROOT DOMAIN>OU'S for individual sites in active directory?
2) Does one model scale better than the other?
3) Does one model work better for "absorbing" newly purchased companies and their domains?
4) Is one model more "secure" than the other - how so?
5) What model do you use/prefer and why?
Background: We are a growing company with nine sites that currently use a single root domain with sub-ou's for each site and then users, computers etc. The goal is to have each site have an IT team to manage their own users, computers etc. and group policy to be managed centrally. We would like to avoid having the site IT teams be domain admins.
I am looking for as detailed answers as possible please. I also know there may be no "correct" answer to some of these questions. I am looking for pros/cons and opinions. I will award points based on how detailed and how compelling your argument is.