Having a complicates dilemma with AD environment here. I'm sitting in US in company.com Corporate domain. I am not managing this internal AD, corporate IT does that.
I am managing three outside customer facing domains comanyUS.int, companyUK.int and companyDE.int They are completely separate and being hosted outside data centers given countries.
I would like to centralize and manage all from one company.com domain for the reasons of dual authentication and policies. So users will know only one login firstname.lastname@example.org and manage security from there. Change passwords policies, group policies, etc. Make it more solid and secure.
What's the best way to accomplish that? Technologically and politically? IT won't give me access to theit AD and I don't really want to and they don't want to manage it either. Can it be segregated to a subdomain per OU or something? Or migrate into one forest? or what? Currently there is only on way trust from .com to outide .int domains.