Sign in to follow this  
Followers 0
3aFaReeT

Windows Domain Architecture for our scenario

5 posts in this topic

Dear All,

I?ve a scenario and I would need your advises

We are an airport company; where we will be putting our computers to be used by our staff as well as other tenants. We are building everything from scratch.

What would be the best way to build our domain controller structure? Considering manageability, administration, security, etc?

  • Shall we have all the users created in the same domain? Separate OUs only?
  • Shall we consider child domain for other tenants?
  • Shall we build two separate domains? With or without trust?

Considering there will be many services/applications which should be used by both; our staff as well as other tenants.

I would really appreciate your inputs

Share this post


Link to post
Share on other sites

"We are an airport company"

What does that mean?

You have not mentioned why you even think you need a domain?

"as well as other tenants"

Why would tenants have anything to do with your domain? Do you support their computers, their network?

This sounds like some stupid class/test question without any actual info to base anything off of.

Share this post


Link to post
Share on other sites

Multi-domain setups are a thing of the past.

Start with a single domain. Windows 2008 offers various ways to implement security/manageability without creating multiple domains.

For slow links you could create site. For sites that require a separate DC to handle the local login request for that area a RODC can help with security.

You can easily restrict other tenants to only be able to change accounts in a single OU for instance.

I would suggest to get a good book about implementing AD. Maybe do a 70-640 exam...

1 person likes this

Share this post


Link to post
Share on other sites

^^^^^^^ Do what he said ^^^^^^^

Share this post


Link to post
Share on other sites

I'm with budman, this sounds very examish. Besides, if your given the task of building what starts to sound like a fairly complex AD infrastructure the last place I would expect the person designing AD to be posting such a general question on a public forum.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.