• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 478
  • Last Modified:

Recommendations for managing two companies on same Domain

I am setting up a SBS 2008 for two businesses, but am looking for any best practices from anyone. My past has only included working with a single company for a single so doing some research.
0
Flipp
Asked:
Flipp
  • 3
  • 2
  • 2
  • +2
3 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Well, I would consider this a bad idea - one company is going to have pain when they separate.

But, for the moment, I would treat them as two separate departments.  Create groups for each company, setup two Domains in Exchange and set the default e-mail addresses appropriately.
0
 
FlippAuthor Commented:
The companies do work quite close already, and yes I agree it is not the best practice in theory.

Unless there are show stopping circumstances, I will continue to manage both businesses (who physically are in the same premises) with the one SBS 2008.

I have already started separating them with Security Groups and Email Policies, but since I am new to SBS 2008 I wanted to see if I should also look at creating new roles for each etc.

When you say setup two domains in exchange, do you mean to setup two authoritative domains?
0
 
iedenCommented:
If you can afford it, create a parent domain and two child domains. (Corp.com, company1.corp.com and company2.corp.com) Then formulate trust.  http://support.microsoft.com/kb/255248
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
ieden, that is impossible - SBS does not support sub/child domains.
0
 
FlippAuthor Commented:
Probably at this stage, since we have already deployed the server to the client, they would not be interested in investing additional money in my time to set this up.

But I think this is good advice.
0
 
FlippAuthor Commented:
ANy other ideas then?
0
 
iedenCommented:
My advice would be to create a structure that looks something like this:
OU=Corp
 OU=Company1
  OU=Finance
   OU=Computers
  OU=Marketing
   OU=Computers
  OU=Sales
   OU=Computers
 OU=Company2
  OU=Finance
   OU=Computers
  OU=Marketing
   OU=Computers
  OU=Sales
   OU=Computers
 OU=SharedResources
  OU=Servers
  OU=OtherGroups

With a setup like this, you can create groups with Company specific prefixes like; 1engineers, 2 engineers, 1Representatives, 2 Representatives... Etc...

I would create groups that include "AllUsersCompany1 and AllUsersCompany2" While groups like Domain Users have automatic membership, these newly created "SuperGroups" could be used to administer access to shares that should only be accessible by one company or another.

No doubt, there will be pain while setting this up. I recommend roles based groups and assign access by job description and not individual user. Get with HR to make your groups closely resemble the job descriptions they are using for payroll.

Also, create groups for the expressed purpose of sharing info between the companies. (Share, 1MktShareRead, 1MktShareMod, 2MktShareRead, 2MktShareMod) Never assign "Full Control" to an end user of Job Description. Modify is adequate!

If there are issues with users accessing files they couldn't access before after logically planning this with departments and HR, get change control to cover your heiny and have a manager sign off on it from both departments. Always cover your assets.

Good luck!
0
 
DanMarCommented:
You can merely add a new domain name to the Exchange User email policy for the new company and ensure DNS MX records are pointing to the same IP as your main domain name.
This was you can assign default company names to employees according to which company there are with and have the same server hosting everything.  As far as administration, you can split up the users into different OUs, groups etc. if you need to lock things down i.e. permissions to shares etc. as the Authenticated Users group will include both companies.
0
 
DanMarCommented:
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now