Multi domain VS new child domain
I need to create a new domain solution to support developer environments. Actually, the support of the actual domain (root domain) is managed externally from other company and they works very slow... the manager of developers needs to change that dependency to guarantee the fast deployment of new virtual machines (domain joined), creation of new users or groups andthe independent definition of GPO rules.
The identified requirements are:
- Maintain the atual Forest and Domain Functional Level (Windows Server 2008 R2)
- Independent / Autonomy management on the 2 domains (the atual company manage the root domain and other IT admins manage the new domain)
- “Domain admins” of the actual domain doesn’t have access to new domain or vice versa.
- Use the atual user login (atualdomain\user) to access the environment of the new domain.
The possibilities are:
- Creation of a new independent domain (newdomain) and a trust relationship with atual domain.
- Creation of a new child domain in the atual forest.
I need to represent this 2 possibilities in 2 tables, like this example:
> Multi domain
Disadvantages |Advantages
1 - a |1 - a
2 - b |2 - b
3 - ... |3 - ...
> Child domain
Disadvantages |Advantages
1 - a |1 - a
2 - b |2 - b
3 - ... |3 - ...
Can you help me in that scenario?
Thanks.
Who is Participating?
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
Experts Exchange Solution brought to you by
Creating a child domain or a new forest will require new domain controllers, among other things. Trusts will need to be managed. It's more complicated.
A child domain is not a REAL security boundary. Domain/enterprise admins from the parent domain can always seize control of the child domain. If that is a strict requirement, only the separate forest is a solution. Given that you still trust the people managing your production domain to manage your production domain, I don't see the issue that they can cause mischief in the development environment to be a concern, as they already have access to most critical assets.