AD Parent/CHild domains

Posted on 2011-10-30
Last Modified: 2012-05-12
I have seen some environments where they create a Parent AD domain and a child domain, but most of the objects are in the child domain. I don't know if the purpose of this design is just for Management or security purposes.

Any idea?
Question by:jskfan
    LVL 14

    Accepted Solution

    LVL 14

    Expert Comment

    by:Ehab Salem
    LVL 39

    Assisted Solution

    by:Krzysztof Pytko
    Yup, this kind of relation parent -> child domain is for "magement" functionality. You create forest root domain and then child domain(s) where all users and resources are created.

    This scenarion fits mostly to large companies because it needs to spend some more money for licences.
    And of course, it may be also treat as security reson. When you have no users and resources in parent domain then is lower possibility to do a mess during daily administration.

    If you have more questions, do not hesitate to ask.

    LVL 57

    Assisted Solution

    by:Mike Kline
    A big reason this was done in the past is because people used the empty root design because of security concerns.  The idea was to separate groups like the enterprise and schema admins.

    The common belief in the early days was that the domain was the security boundary but we now know that the forest is the boundary.

    Check out this article from 2002

    ...again common thinking back then and a lot of folks still believe it today.

    If you run into an empty root domain I'd just leave it as is.  Some people want to migrate but to me that is a lot of work to get rid of an empty root.



    Author Closing Comment

    thank you guys!

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    Learn about cloud computing and its benefits for small business owners.
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now