Re: Child Domain Structure
- From: Andy Wolsten <AndyWolsten@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Mar 2007 21:14:10 -0700
hi,
as a continuation of this thread i have some further thoughts.
the principle reason i presumed a child domain would be suitable is thus.
the location for the child is actually overseas and although the security of
the location is good we are very conscious that it is out of physical touch
and cannot be policed by administration on site. Using a child domain would
create a further security boundary and allow us to be more granular with
security. Does my reasoning make sense?
What do you guys think.
"Cary Shultz" wrote:
Andy,.
Generally speaking I would suggest that you stick with a single domain and
simply set up another Site in ADSS. I really do not see anything in what
you have written that screams out "child-domain". Create the correct
security groups, make the correct user account objects members of the
appropriate security groups and use Share/NTFS permissions to control access
to shared resources.
I see this sort of thing all the time (creating a child-domain when it
really is *probably* not necessary) and it is ultimately undone (by me).
Things usually work better after that (well, I would have to explain that
and will not at this time...time to go to bed).
--
Cary W. Shultz
Roanoke, VA 24012
"Andy Wolsten" <AndyWolsten@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1EE9AC9B-DADF-4103-BE3F-8ABAAA65A006@xxxxxxxxxxxxxxxx
Hi,
I currently have a domain mydomain.local and require to add a remote
location to our infrastructure. I am considering two options
1- adding the remote location with a dc to mydomain.local
2- creating a child domain remote.mydomain.local
Option 2 is prefered as there needs to be some security borders between
users at the remote location and those in the parent domain. There are
varous
users who only require access to that domain however, there are users who
will require access to resources at both locations and some resource
sharing
going on betwen domains.
- Can anyone suggest a DC/domain solution to provide a secure setup
- Would users in mydomain.local log be able to log in to computers etc at
remote.mydomain.local and access resources if option 2 is implemented
- Would users at the remote.mydomain.local be able to log in to
mydomain.local and access their global resources if option 2 is
implemented
or would users require two login accounts, one for each domain?
- Would there be a requirement for domain trusts to be activated between
the
two domains in order to share resources, shares, printers, folders etc?
- Would this be more acheivable simply using a single domain, adding the
remote site using option 1.
I hope all this makes sense.
Thanks
- References:
- Re: Child Domain Structure
- From: Cary Shultz
- Re: Child Domain Structure
- Prev by Date: Re: Single server domain name choice: avoid ".local"? figure out later?
- Next by Date: Re: user Authenication question
- Previous by thread: Re: Child Domain Structure
- Next by thread: Re: 2 domains 1 florest
- Index(es):
Relevant Pages
|
