Multi domain VS new child domain
Hi,
I need to create a new domain solution to support developer environments. Actually, the support of the actual domain (root domain) is managed externally from other company and they works very slow... the manager of developers needs to change that dependency to guarantee the fast deployment of new virtual machines (domain joined), creation of new users or groups andthe independent definition of GPO rules.
The identified requirements are:
- Maintain the atual Forest and Domain Functional Level (Windows Server 2008 R2)
- Independent / Autonomy management on the 2 domains (the atual company manage the root domain and other IT admins manage the new domain)
- “Domain admins” of the actual domain doesn’t have access to new domain or vice versa.
- Use the atual user login (atualdomain\user) to access the environment of the new domain.
The possibilities are:
- Creation of a new independent domain (newdomain) and a trust relationship with atual domain.
- Creation of a new child domain in the atual forest.
I need to represent this 2 possibilities in 2 tables, like this example:
> Multi domain
Disadvantages |Advantages
1 - a |1 - a
2 - b |2 - b
3 - ... |3 - ...
> Child domain
Disadvantages |Advantages
1 - a |1 - a
2 - b |2 - b
3 - ... |3 - ...
Can you help me in that scenario?
Thanks.
I need to create a new domain solution to support developer environments. Actually, the support of the actual domain (root domain) is managed externally from other company and they works very slow... the manager of developers needs to change that dependency to guarantee the fast deployment of new virtual machines (domain joined), creation of new users or groups andthe independent definition of GPO rules.
The identified requirements are:
- Maintain the atual Forest and Domain Functional Level (Windows Server 2008 R2)
- Independent / Autonomy management on the 2 domains (the atual company manage the root domain and other IT admins manage the new domain)
- “Domain admins” of the actual domain doesn’t have access to new domain or vice versa.
- Use the atual user login (atualdomain\user) to access the environment of the new domain.
The possibilities are:
- Creation of a new independent domain (newdomain) and a trust relationship with atual domain.
- Creation of a new child domain in the atual forest.
I need to represent this 2 possibilities in 2 tables, like this example:
> Multi domain
Disadvantages |Advantages
1 - a |1 - a
2 - b |2 - b
3 - ... |3 - ...
> Child domain
Disadvantages |Advantages
1 - a |1 - a
2 - b |2 - b
3 - ... |3 - ...
Can you help me in that scenario?
Thanks.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In general, most of the requirements can be better set by properly delegating rights. That is generally the best option. You can get delegated access to create OU, create users, create computers, create groups, create GPO, and manage all of those items. This can be done in the existing domain.
Creating a child domain or a new forest will require new domain controllers, among other things. Trusts will need to be managed. It's more complicated.
A child domain is not a REAL security boundary. Domain/enterprise admins from the parent domain can always seize control of the child domain. If that is a strict requirement, only the separate forest is a solution. Given that you still trust the people managing your production domain to manage your production domain, I don't see the issue that they can cause mischief in the development environment to be a concern, as they already have access to most critical assets.
Creating a child domain or a new forest will require new domain controllers, among other things. Trusts will need to be managed. It's more complicated.
A child domain is not a REAL security boundary. Domain/enterprise admins from the parent domain can always seize control of the child domain. If that is a strict requirement, only the separate forest is a solution. Given that you still trust the people managing your production domain to manage your production domain, I don't see the issue that they can cause mischief in the development environment to be a concern, as they already have access to most critical assets.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial