Solved

Recommendations for managing two companies on same Domain

Posted on 2010-09-06
10
448 Views
Last Modified: 2012-05-10
I am setting up a SBS 2008 for two businesses, but am looking for any best practices from anyone. My past has only included working with a single company for a single so doing some research.
0
Comment
Question by:Flipp
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 33614397
Well, I would consider this a bad idea - one company is going to have pain when they separate.

But, for the moment, I would treat them as two separate departments.  Create groups for each company, setup two Domains in Exchange and set the default e-mail addresses appropriately.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614603
The companies do work quite close already, and yes I agree it is not the best practice in theory.

Unless there are show stopping circumstances, I will continue to manage both businesses (who physically are in the same premises) with the one SBS 2008.

I have already started separating them with Security Groups and Email Policies, but since I am new to SBS 2008 I wanted to see if I should also look at creating new roles for each etc.

When you say setup two domains in exchange, do you mean to setup two authoritative domains?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33614608
If you can afford it, create a parent domain and two child domains. (Corp.com, company1.corp.com and company2.corp.com) Then formulate trust.  http://support.microsoft.com/kb/255248
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 33614681
ieden, that is impossible - SBS does not support sub/child domains.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614683
Probably at this stage, since we have already deployed the server to the client, they would not be interested in investing additional money in my time to set this up.

But I think this is good advice.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614689
ANy other ideas then?
0
 
LVL 8

Expert Comment

by:PeteEngineer
ID: 33614699
0
 
LVL 7

Accepted Solution

by:
ieden earned 150 total points
ID: 33617116
My advice would be to create a structure that looks something like this:
OU=Corp
 OU=Company1
  OU=Finance
   OU=Computers
  OU=Marketing
   OU=Computers
  OU=Sales
   OU=Computers
 OU=Company2
  OU=Finance
   OU=Computers
  OU=Marketing
   OU=Computers
  OU=Sales
   OU=Computers
 OU=SharedResources
  OU=Servers
  OU=OtherGroups

With a setup like this, you can create groups with Company specific prefixes like; 1engineers, 2 engineers, 1Representatives, 2 Representatives... Etc...

I would create groups that include "AllUsersCompany1 and AllUsersCompany2" While groups like Domain Users have automatic membership, these newly created "SuperGroups" could be used to administer access to shares that should only be accessible by one company or another.

No doubt, there will be pain while setting this up. I recommend roles based groups and assign access by job description and not individual user. Get with HR to make your groups closely resemble the job descriptions they are using for payroll.

Also, create groups for the expressed purpose of sharing info between the companies. (Share, 1MktShareRead, 1MktShareMod, 2MktShareRead, 2MktShareMod) Never assign "Full Control" to an end user of Job Description. Modify is adequate!

If there are issues with users accessing files they couldn't access before after logically planning this with departments and HR, get change control to cover your heiny and have a manager sign off on it from both departments. Always cover your assets.

Good luck!
0
 
LVL 5

Assisted Solution

by:DanMar
DanMar earned 50 total points
ID: 33624375
You can merely add a new domain name to the Exchange User email policy for the new company and ensure DNS MX records are pointing to the same IP as your main domain name.
This was you can assign default company names to employees according to which company there are with and have the same server hosting everything.  As far as administration, you can split up the users into different OUs, groups etc. if you need to lock things down i.e. permissions to shares etc. as the Authenticated Users group will include both companies.
0
 
LVL 5

Expert Comment

by:DanMar
ID: 33624385
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question