My company has acquired another businesses in the last year or so. Currently there is a need to integrate the networks to start to look at group wide access to certain systems. We have just laid the MPLS links down and need a solution RE AD/Domain integration. There is a need for SSO where possible, some access to shared data, however one org is a legal firm and the other holds credit card data so there are compliance/segregation requirements. We cannot merge domains as each entity needs to remain its own brand.
So I guess we are at design/architecture decision point. It seems there are 2 options:
A/ Put trusts between the existing domains/forests (security/domain admin headaches?)
B/ Create a new domain for the holding company and place shared resources there. Then put non-transitive trusts from the existing domains to it to ensure segregation.
Is there a best practice in this scenario? (Ie - when a holding company acquires new companies and needs to add them to the corp network but keep segregation for compliance/legal requirements?
My first question on here so thanks for your help.