?
Solved

Recommendations for managing two companies on same Domain

Posted on 2010-09-06
10
Medium Priority
?
468 Views
Last Modified: 2012-05-10
I am setting up a SBS 2008 for two businesses, but am looking for any best practices from anyone. My past has only included working with a single company for a single so doing some research.
0
Comment
Question by:Flipp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 200 total points
ID: 33614397
Well, I would consider this a bad idea - one company is going to have pain when they separate.

But, for the moment, I would treat them as two separate departments.  Create groups for each company, setup two Domains in Exchange and set the default e-mail addresses appropriately.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614603
The companies do work quite close already, and yes I agree it is not the best practice in theory.

Unless there are show stopping circumstances, I will continue to manage both businesses (who physically are in the same premises) with the one SBS 2008.

I have already started separating them with Security Groups and Email Policies, but since I am new to SBS 2008 I wanted to see if I should also look at creating new roles for each etc.

When you say setup two domains in exchange, do you mean to setup two authoritative domains?
0
 
LVL 7

Expert Comment

by:ieden
ID: 33614608
If you can afford it, create a parent domain and two child domains. (Corp.com, company1.corp.com and company2.corp.com) Then formulate trust.  http://support.microsoft.com/kb/255248
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 33614681
ieden, that is impossible - SBS does not support sub/child domains.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614683
Probably at this stage, since we have already deployed the server to the client, they would not be interested in investing additional money in my time to set this up.

But I think this is good advice.
0
 
LVL 6

Author Comment

by:Flipp
ID: 33614689
ANy other ideas then?
0
 
LVL 8

Expert Comment

by:PeteEngineer
ID: 33614699
0
 
LVL 7

Accepted Solution

by:
ieden earned 600 total points
ID: 33617116
My advice would be to create a structure that looks something like this:
OU=Corp
 OU=Company1
  OU=Finance
   OU=Computers
  OU=Marketing
   OU=Computers
  OU=Sales
   OU=Computers
 OU=Company2
  OU=Finance
   OU=Computers
  OU=Marketing
   OU=Computers
  OU=Sales
   OU=Computers
 OU=SharedResources
  OU=Servers
  OU=OtherGroups

With a setup like this, you can create groups with Company specific prefixes like; 1engineers, 2 engineers, 1Representatives, 2 Representatives... Etc...

I would create groups that include "AllUsersCompany1 and AllUsersCompany2" While groups like Domain Users have automatic membership, these newly created "SuperGroups" could be used to administer access to shares that should only be accessible by one company or another.

No doubt, there will be pain while setting this up. I recommend roles based groups and assign access by job description and not individual user. Get with HR to make your groups closely resemble the job descriptions they are using for payroll.

Also, create groups for the expressed purpose of sharing info between the companies. (Share, 1MktShareRead, 1MktShareMod, 2MktShareRead, 2MktShareMod) Never assign "Full Control" to an end user of Job Description. Modify is adequate!

If there are issues with users accessing files they couldn't access before after logically planning this with departments and HR, get change control to cover your heiny and have a manager sign off on it from both departments. Always cover your assets.

Good luck!
0
 
LVL 5

Assisted Solution

by:DanMar
DanMar earned 200 total points
ID: 33624375
You can merely add a new domain name to the Exchange User email policy for the new company and ensure DNS MX records are pointing to the same IP as your main domain name.
This was you can assign default company names to employees according to which company there are with and have the same server hosting everything.  As far as administration, you can split up the users into different OUs, groups etc. if you need to lock things down i.e. permissions to shares etc. as the Authenticated Users group will include both companies.
0
 
LVL 5

Expert Comment

by:DanMar
ID: 33624385
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question