Two domains vs. one = multi-site company

Experienced in basic AD but not too much multi-site work...
Have a client who just purchased a small company in another state.  Client has typical small office AD setup already (less than 30 PCs).  New site only has about 8 machines and no existing server.
Client desires to operate "as one" with equal access to all network resources.

My plan was just to add a new DC to the domain for the new location (with a different subnet) across a VPN (both locations have good internet connections), utilizing GPOs to optimize profile redirection, etc.  Intended to replicate most shares between locations.

An experienced engineer in our company insists that we risk a great deal by sticking with the single domain vs. establishing multiple domains within the forest and using trust relationships.  He feels that losing connection between the sites can cause significant issues for the domain.

My research seems to show this line of thinking is out of date for most situations in a company this size without serious security restrictions - assuming the new site is setup properly with Global Catalogs, solid GPOs, etc.

Opinions?
mlmslexAsked:
Who is Participating?
 
convergintConnect With a Mentor Commented:
We have over 30 sites in a few countries on one domain, it's not an issue.  The sites have varying connection options (VPN, MPLS, etc).  There are even lots of sites without connectivity to each other as there's no business reason.  We use DFS and another piece of software for file replication.

As long as each DC in each site can replicate to the schema master fairly reliability you won't have any issues.  With the new server 2012, you can have read only domain controllers and limited AD replication for small remote sites to alleviate security issues too.  Now if each site could go offline for months, that would be an issue.

There's no reason you can't use multiple domain and if there are plans in the future for dramatically expanding/splitting the company, then multiple domains could be useful for future proofing.  I would personally not bother with how small of your organization size is.

The other key is planning your subnets well for allow for expansion and remove conflicts.  For example you might find its fine using a 192.168.1.x/24 subnet for HQ but once you get large and have VPNs, etc you might find it limiting.
0
 
mlmslexAuthor Commented:
Sounds great.  Appreciate the advice.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
There is a danger if the the sites lose connectivity... FOR 60 DAYS.  If your sites are disconnected for 60 days, I'd be terminating your employment.  Indeed, if the sites lost connectivity for more than a week I'd probably be firing you.

Put simply, you want a SINGLE domain.
0
All Courses

From novice to tech pro — start learning today.