Active directory Domain trusts relationship question
Hello -
Having a complicates dilemma with AD environment here. I'm sitting in US in company.com Corporate domain. I am not managing this internal AD, corporate IT does that.
I am managing three outside customer facing domains comanyUS.int, companyUK.int and companyDE.int They are completely separate and being hosted outside data centers given countries.
I would like to centralize and manage all from one company.com domain for the reasons of dual authentication and policies. So users will know only one login users@company.com and manage security from there. Change passwords policies, group policies, etc. Make it more solid and secure.
What's the best way to accomplish that? Technologically and politically? IT won't give me access to theit AD and I don't really want to and they don't want to manage it either. Can it be segregated to a subdomain per OU or something? Or migrate into one forest? or what? Currently there is only on way trust from .com to outide .int domains.
Please advice.
Having a complicates dilemma with AD environment here. I'm sitting in US in company.com Corporate domain. I am not managing this internal AD, corporate IT does that.
I am managing three outside customer facing domains comanyUS.int, companyUK.int and companyDE.int They are completely separate and being hosted outside data centers given countries.
I would like to centralize and manage all from one company.com domain for the reasons of dual authentication and policies. So users will know only one login users@company.com and manage security from there. Change passwords policies, group policies, etc. Make it more solid and secure.
What's the best way to accomplish that? Technologically and politically? IT won't give me access to theit AD and I don't really want to and they don't want to manage it either. Can it be segregated to a subdomain per OU or something? Or migrate into one forest? or what? Currently there is only on way trust from .com to outide .int domains.
Please advice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again, dvt! You're right, I won't be able to push IT tto manage additional 3 domains for me. They are busy enough with .com corporate one.
So if I to create an entirely new forest that will be a new root domain and new logins for all the users. That would be a challenge also for all the external users.
Is there other way to segregate this?
Otherwise I will be stick into exporting/importing group policies as a part of security managements. Changing passwords, etc.
So if I to create an entirely new forest that will be a new root domain and new logins for all the users. That would be a challenge also for all the external users.
Is there other way to segregate this?
Otherwise I will be stick into exporting/importing group policies as a part of security managements. Changing passwords, etc.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the delay on this. Still looking into the options for this.
ASKER
Any other way to go around this?
Currently there is a one-way trust from .com to .int domains.