Solved

Recommendations for managing two companies on same Domain

Posted on 2010-09-06
10
455 Views
Last Modified: 2012-05-10
I am setting up a SBS 2008 for two businesses, but am looking for any best practices from anyone. My past has only included working with a single company for a single so doing some research.
0
Comment
Question by:Flipp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 33614397
Well, I would consider this a bad idea - one company is going to have pain when they separate.

But, for the moment, I would treat them as two separate departments.  Create groups for each company, setup two Domains in Exchange and set the default e-mail addresses appropriately.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614603
The companies do work quite close already, and yes I agree it is not the best practice in theory.

Unless there are show stopping circumstances, I will continue to manage both businesses (who physically are in the same premises) with the one SBS 2008.

I have already started separating them with Security Groups and Email Policies, but since I am new to SBS 2008 I wanted to see if I should also look at creating new roles for each etc.

When you say setup two domains in exchange, do you mean to setup two authoritative domains?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33614608
If you can afford it, create a parent domain and two child domains. (Corp.com, company1.corp.com and company2.corp.com) Then formulate trust.  http://support.microsoft.com/kb/255248
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 33614681
ieden, that is impossible - SBS does not support sub/child domains.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614683
Probably at this stage, since we have already deployed the server to the client, they would not be interested in investing additional money in my time to set this up.

But I think this is good advice.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614689
ANy other ideas then?
0
 
LVL 8

Expert Comment

by:PeteEngineer
ID: 33614699
0
 
LVL 7

Accepted Solution

by:
ieden earned 150 total points
ID: 33617116
My advice would be to create a structure that looks something like this:
OU=Corp
 OU=Company1
  OU=Finance
   OU=Computers
  OU=Marketing
   OU=Computers
  OU=Sales
   OU=Computers
 OU=Company2
  OU=Finance
   OU=Computers
  OU=Marketing
   OU=Computers
  OU=Sales
   OU=Computers
 OU=SharedResources
  OU=Servers
  OU=OtherGroups

With a setup like this, you can create groups with Company specific prefixes like; 1engineers, 2 engineers, 1Representatives, 2 Representatives... Etc...

I would create groups that include "AllUsersCompany1 and AllUsersCompany2" While groups like Domain Users have automatic membership, these newly created "SuperGroups" could be used to administer access to shares that should only be accessible by one company or another.

No doubt, there will be pain while setting this up. I recommend roles based groups and assign access by job description and not individual user. Get with HR to make your groups closely resemble the job descriptions they are using for payroll.

Also, create groups for the expressed purpose of sharing info between the companies. (Share, 1MktShareRead, 1MktShareMod, 2MktShareRead, 2MktShareMod) Never assign "Full Control" to an end user of Job Description. Modify is adequate!

If there are issues with users accessing files they couldn't access before after logically planning this with departments and HR, get change control to cover your heiny and have a manager sign off on it from both departments. Always cover your assets.

Good luck!
0
 
LVL 5

Assisted Solution

by:DanMar
DanMar earned 50 total points
ID: 33624375
You can merely add a new domain name to the Exchange User email policy for the new company and ensure DNS MX records are pointing to the same IP as your main domain name.
This was you can assign default company names to employees according to which company there are with and have the same server hosting everything.  As far as administration, you can split up the users into different OUs, groups etc. if you need to lock things down i.e. permissions to shares etc. as the Authenticated Users group will include both companies.
0
 
LVL 5

Expert Comment

by:DanMar
ID: 33624385
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question