I have an issue I'm looking into and want to bounce some ideas of fellow experts. Trying to answer a question for a company that is a division of a larger company. The current 2008R2 AD infrastructure the company uses is subdomain X.DOMAIN.COM. This is part of an obviously larger domain DOMAIN.COM with a very complex setup of dependencies between subdomain and root groups and trusts.
The future possibility is that division X might split off on it's own with no further association with the parent. So the question is what becomes of the AD infrastructure? If I was to build a new domain from scratch it would be very complicated trying to find all the dependencies, even if I was to import the accounts that I knew. If allowed, would be better to:
A) Set up our own DCs that replicate X.DOMAIN.COM and DOMAIN.COM and then sever the connection to the parent? Hopefully that would mean we don't have to rejoin all systems to the domain. At the point I'd rename the domain unless there is a reason to leave it.
B) Set up a new domain ~1000 users and untold # of groups? Then we have to rejoin all systems to the domain.
C) Correct me if I am wrong, but it isn't possible to simply split off our existing DCs and function as X.DOMAIN.COM standalone?
This is simply AD accounts, there are no Exchange server or other AD integrated services to complicate things.