Two Companies one One Active Directory

Flipp
Flipp used Ask the Experts™
on
I have just taken on essentially one network, which provides for two independent companies. SBS 2008 Standard is the only Server with all AD Objects currently in same OUs - there are no conflicts of names until now.

Two Email Policies are in effect which manages the email domain side of things and filters on Organisation.

Company1 have a shared mailbox called 'admin', but Company2 also want the same. I can simply change the name to 'Company1 Admin' and 'Company2 Admin' and then modify the email addresses per policies above, but this seems a bit long winded.

I have not had to consider multiple companies under one AD tree before so looking for some hand holding/guidance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:
You cannot really have two domain names, but you can host multiple e-mail domains:
http://sbs.seandaniel.com/2008/10/hosting-multiple-domains-on-sbs.html

Author

Commented:
Yes I have referenced Sean's article for the multiple e-mail domains - very useful, but I am still a bit lost as far as management of Active Directory in general.
Top Expert 2013

Commented:
There should be no mention of the second domain in AD. The only evidence of the second domain is within the Exchange management console. One of the limitations of SBS is single domain and no trusts with other domains.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
I understand that there is to be only one Domain - "Domain1".

Currently Company1 and Company2 logon to Domain1, which is absolutely fine. The difficulty I face is that Company1 and Company2 both have similar requirements when it comes to requests like "I would like a new email address admin@company1.com to be delivered to User1", and "I would like a new email address admin@company2.com to be delivered to User2".

The above requires two AD objects - currently I rename each object from 'admin' to 'Company1 Admin'.
Top Expert 2013

Commented:
Sorry I think I get you now. You cannot have the same e-mail prefix for both domains, i.e. admin@company1, and admin@company2. You would have to differentiate them somehow such as you have done. I know of no way of automating this.

Author

Commented:
Going beyond just an email prefix, I am trying to prepare both companies for growth but to have the ability to leave the other, so having a good architecture is essential for when it comes time to separate.

Has anyone had to manage two companies in this manner?

I have not used AD Sites before, but could this be a viable solution?
Top Expert 2013

Commented:
AD sites and services is for managing multiple sites but with SBS only one domain, with DC's at multiple locations using multiple subnets.
You cannot add the second domain anywhere in AD. SBS is a single domain server.
Adam BrownSenior Systems Admin
Top Expert 2010
Commented:
In the situation where the companies *might* eventually go their separate ways, you are much better off utilizing a dual forest setup with a trust in between if they need it. Any time you have two companies working off of the same Forest, you're in for a major major headache if the companies part ways. It is a lot more expensive, since you have to have a server for both companies (At a minimum) to do it, and it could increase your workload because you'd have to manage two different AD forests, though. It's a whole lot more flexible and will greatly increase growth potential for each company. Since you are limited on the number of users you can have in an SBS domain, you have a hard limit on how many employees each company can feasibly use. Having an SBS server for each company basically doubles that limit.
If they need access to one the other company's files, you should still be able to set up a trust between forests, but I don't really work with SBS so not 100% on if you can do trusts in it.
Top Expert 2013
Commented:
You can't do it with multiple SBS servers, they will not support trusts.

The design constraints are similar to previous versions of Windows Small Business Server. They are:
No more than 75 users or devices
The Standard Edition server must be the root domain controller of the forest
The Standard Edition server must hold the flexible single master operations (FSMO) roles
The Standard Edition server must be a global catalog
There can be no inter-forest trusts or child domains
Terminal Services Application Mode is disabled on Standard Edition server
The Premium Edition server must be a member server or additional domain controller of an SBS 2008 network
from: http://technet.microsoft.com/en-us/sbs/cc817589.aspx

Author

Commented:
Thanks guys - so based upon the constraints for SBS, are there any recommendations on how to architect AD for two companies?

Sean's article on multiple e-mail domains is useful for the same company and multiple domains, but what about if those domains are for different companies? I can still set them up and use a filter according to a field in AD such as Organisation, but creates a lot of overhead manual labour.
Top Expert 2013

Commented:
NO.
You have the wrong server product for managing this. It is not possible with SBS.

Author

Commented:
Unfortunately the previous provider spec'd out their new Server with SBS 2008 and I will need to manage until some time late next year when I think the companies will split.

Any advice using existing technology?
Top Expert 2013

Commented:
With a single SBS you can only manage 1 domain. Exchange can handle receiving mail for multiple domains.

Author

Commented:
No solution found.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial