We are a small southern college. We are in the midst of an Active Directory design. The question that has been posed to the design team is whether or not we should maintain a single Active Directory domain for all students, faculty and Staff, or should we maintain separate domains...namely, one for students (several thousand) and one for faculty and staff (about a thousand).
Our contention is that a single domain should be fine. We'd really prefer this as an Exchange system is also being implemented and we'd prefer a single Exchange organization, rather than multiple. Additionally, we believe students can easily be maintained in a separate OU, and adequate security measures and GPO's can be employed to maintain security.
Personally, it appears to me, that the practice of deploying a separate AD domain in such circumstances is less prevalent than it once was, mainly b/c the feeling is that both security and manageability can be satisfied by deploying a single directory.
I was hoping for feedback. Especially anyone who is currently or has worked for a college who at one time or another had to do the same thing. Are there any big minuses from our thoughts on this matter? Any thing we should keep in mind?