Re: AD Design
- From: "Anthony" <anthony.spam@xxxxxxxxxxxxxx>
- Date: Mon, 11 Sep 2006 21:45:45 +0100
If you are the only admins, then multi-domains does not achieve anything
(much). If you share admin with your clients, then sharing the same forest
exposes each company to the others, which they may not have had in mind when
using you.
You also need to think about physical security, since you are exposing each
client to the security of the weakest site. So if you went down the domain
sharing route, you might want to look at the hardening of the DC, e.g BIOS
password
Anthony
"Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx> wrote in message
news:Oxs99yd1GHA.4264@xxxxxxxxxxxxxxxxxxxxxxx
It's possible, but not recommended. If these are different companies,
there's major security considerations that need to be taken. Multiple
domains in the same forest aren't recommended if we're talking about
different sets of service admins or if there's confidential data in any of
the domains.
Single forests that share a contiguous namespace is fine, but somewhat
rare.
Check out the Designing and deploying directory and security services book
(Google -there's an online soft copy).
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- References:
- AD Design
- From: Gort
- Re: AD Design
- From: Paul Williams [MVP]
- AD Design
- Prev by Date: Re: Add Windows 2003 server to Windows 2000 mixed mode server
- Next by Date: Re: Permissions on a file server- how to reconcile sharing and securit
- Previous by thread: Re: AD Design
- Next by thread: Re: AD Design
- Index(es):
Relevant Pages
|
