Windows Domain Architecture for our scenario

[3aFaReeT]

Dear All,

I?ve a scenario and I would need your advises

We are an airport company; where we will be putting our computers to be used by our staff as well as other tenants. We are building everything from scratch.

What would be the best way to build our domain controller structure? Considering manageability, administration, security, etc?

• Shall we have all the users created in the same domain? Separate OUs only?
  
• Shall we consider child domain for other tenants?
  
• Shall we build two separate domains? With or without trust?
  

Considering there will be many services/applications which should be used by both; our staff as well as other tenants.

I would really appreciate your inputs

[+BudMan MVC]

"We are an airport company"

What does that mean?

You have not mentioned why you even think you need a domain?

"as well as other tenants"

Why would tenants have anything to do with your domain? Do you support their computers, their network?

This sounds like some stupid class/test question without any actual info to base anything off of.

[Sjokkel]

Multi-domain setups are a thing of the past.

Start with a single domain. Windows 2008 offers various ways to implement security/manageability without creating multiple domains.

For slow links you could create site. For sites that require a separate DC to handle the local login request for that area a RODC can help with security.

You can easily restrict other tenants to only be able to change accounts in a single OU for instance.

I would suggest to get a good book about implementing AD. Maybe do a 70-640 exam...

[Vinny4]

^^^^^^^ Do what he said ^^^^^^^

[]SK[]

I'm with budman, this sounds very examish. Besides, if your given the task of building what starts to sound like a fairly complex AD infrastructure the last place I would expect the person designing AD to be posting such a general question on a public forum.