Re: Chnages to Company Structure - Need to Create New Domains/Subdomains could do with pointing in the right direction

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I am not an Exchange expert but the Exchange store could manage multiple
domains within a single store.

You should be able to authenticate from one domain to another and gain
access to resources even if you aren't sitting in front of a workstation
that isn't within your domain.

Company to look forward to is a tough thing to define. You can get a slick
person telling you how great they are, etc... My one suggestion to you is
get references from current customers and make sure they have some type of
Microsoft credentials (Certs of compliance, etc...).

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Sean" <sean@xxxxxxxxxx> wrote in message
news:ugSI$NvlHHA.4904@xxxxxxxxxxxxxxxxxxxxxxx
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:OpiC0qulHHA.588@xxxxxxxxxxxxxxxxxxxxxxx
You can have a single forest with multiple domains but you can only have
one Exchange forest per Active Directory forest.

We don't currently run Exchange but I am looking to move to this platform
in the future, in this scenario would exchange be able to service users on
any domain in the forest?


Not sure about the being creative in dns means?

Just have some aliases like server1.company2 > server1.company1 or
whatever

You don't need to have contiguous name space with in a single forest, you
can have:
widgets.com
acme.com
cantilevers.com
south.cantilevers.com

All above could be domains within a single forest

And end users would be able to log onto whichever domain they are a member
of? I've only ever run single company domains for years I haven't really
had much call for remembering any theory about forests and their
relationship.

Maybe I'm a little out of my depth here, my role is one of those where you
don't get to concentrate on one area. :(

What sort of company should I be looking for to farm out consultancy on
this if needs be?

Cheers again for your input

Sean





http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Sean" <sean@xxxxxxxxxx> wrote in message
news:OfAavnulHHA.4552@xxxxxxxxxxxxxxxxxxxxxxx
Hi Paul and thanks for your answer,

To clarify the companies in question will be entirely separate
companies, their own domain for email contact, when they log on they log
on to their domain not ours, they have their own databases and their
file server space which is segregated from other companies data.

Is this doable by keeping one Active Directory Structure and being
Creative with DNS? I don't think so as when users log on they will still
be logging on to our domain, this isn't something we want.

Sean

The only people who require access are accounts for reporting and IS for
systems stuff.
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:uneLkbulHHA.1820@xxxxxxxxxxxxxxxxxxxxxxx
You can't make a domain above the current one, the current one is your
forest root, you could create another with a new distinct name space
within the same forest.

You can create a separate domain for each company or you can use a
single domain with separate ou's for manageability. The simpler the
forest structure the simpler the management of the forest. Not sure
why you would need to create separate domains from what I have seen
companies are attempting to consolidate to fewer domains, so if you can
manage from a single domain that would be best (In my opinion). You
could create a separate OU for each company and grant an administrator
for this OU to each company so they could manage the objects in there
respective area. This way you can manage the forest yet each company
has some control over their systems.


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Sean" <sean@xxxxxxxxxx> wrote in message
news:OKe1yLulHHA.4032@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

We have recently started to purchase some of our smaller competitors
to increase our profile regionally, however the businesses position is
that these companies remain separate entities but we also centralise
all data in our datacentre by giving the satellite regional offices TS
Clients and a nice fat vpn to us.

In essence the parent company becomes and ASP for all those companies
that are part of our group.

We currently have a single windows 2000 domain in which I have
extensively configured policy via Active Directory. What I would like
to do is create a domain above this one for the Group and Group
Service Departments like Accounts, IS, etc. and have each child
company in its own domain.

Firstly I'd like to ask is this the best way of doing this? If not
what IS best practise in the industry?

If the plan I have stated is a sound one could someone point me in the
direction of a resource that can help me achieve my goal?

Thank you

Sean











.

Relevant Pages

  • Re: gracefully removing a child domain
    ... forest and using ADMT to transfer their accounts prior to cut over? ... Then with Exchange, you have to figure out what to do with the mailboxes. ... would be beneficial, of small, a migration would be easier to clean out the ... PPT Presentation - Active Directory Design and Deployment- Tales of the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Expanding Organisation and Exchange Questions
    ... a Forest Root and a Child Production Domain (Used ... Exchange 2003 is used for a number of mail domains and the server resides ... separate company that although allowed to share IT resources must appear ...
    (microsoft.public.exchange.admin)
  • Re: Multiple Exchange 2007 Orgs in One AD Forest?
    ... No you can't Forest can only have 1 Exchange org. ... "An Exchange organization can span only a single Active Directory ...
    (microsoft.public.exchange.admin)
  • Re: Can develop across forest, just cant install (was: Need to be a schema admin just to install???)
    ... I was told by an MS Exchange engineer that they ... The bottom line is the install checks the presense of the schema against ... external forest in the DMZ, while the developers are in an internal ... The Active Directory Schema must be modified and this user account ...
    (microsoft.public.exchange.development)
  • Re: Need to be a schema admin just to install management tools???
    ... forest in the DMZ, while the developers are in an internal forest that is ... Exchange 2003 currently. ... The Active Directory Schema must be modified and this user account has ... Global updates need to be made to Active Directory, ...
    (microsoft.public.exchange.development)