Multi-child domain vs multi-child domain with new tree
Posted on 2010-11-12
I start a Windows 2008 R2 Datacenter with a corporated AD Forest that will host many customer Domain.
Each domain will need to be entirely independant for the others, meaning that all accounts, security, Exchange, Terminal server, AD etc...must not be view or available to the other domains.
Important, these domain must be linked to the corporated Forest because they will be monitor by SCCM that will be installed on the Root Domain.
For now i have 2 child domain(not with new tree) and it goes well ,but the trouble is that Exchange 2010 see all the AD account of the other domain and this is bad.
There is no way to remove transitive replication on the root domain.
So my question is, "What is the best way to configure the security of my actual setup or what is the best way to restart my entire Forest considering that many independant Domain will be install in the corporate Forest in the futur?"