multi tenant active directory design
Posted on 2014-08-03
I am currently at a Managed IT Services Company.
Currently they have a totally separated AD/Network for each customer and internal environments (UAT, DEV, Prod).
This makes it VERY hard to manage as you have to RDP on to that server to get on to another server.
Same for the different internal environments, to me UAT testing is irrelevant as the ADs are so out of date with the production, you cant take in to account the way AD is on the testing.
We may have a chance to greenfields the whole thing. What would be the best way to architecture it.
Single domain forest with child domains.
Single AD with each managed company having its own OU
Different domains with trust relationships setup
Different domains with trust for the company's, then internal one domain with subdomains for the different environments with one way AD replication. that way Dev people cant affect GPOs for prod
To me a picture is worth a thousand words. So any input with diagrams would be great