Strange Question

R

Robert Kamisky

Hi,
we have always had our own domain within our company and have always
maintained autonomy.

The company has just implemented a 2003 forest with the DNS namespace
company.com. We have always used department.company.com.

My question is whether we can setup a forest of our own with the name
department.company.com.

By convention department.company.com would be a child domain of company.com.
Would making department.company.com an indepentdent forest cause a problem?
Would there be a problem when we tried to create trusts between the forests?

Any adivce would be greatly appreciated!
 
R

Ryan Hanisco

Hi Robert,

You're looking at a Namespace/ DNS nightmare here. You can't have two
forests that have overlapping namespaces like that. You would have to make
it a child domain and deal with the parent/ child trust relationship and the
DNS domain forwarding associated with that.

You can do it, though, if you completely segment the networks and never have
a trust or overlap. The confusion and interop problems are not worth the
business risk. Remember, that appropriately planned security and monitoring
should mitigate any concerns you have about the trust relationship.Just make
sure that you are very explicit about resource permissions and use the
highsec security templates.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Multi forest and Citrix farm 1
Controlling Trust Traffic 1
AD/DNS Issue 6
Interforest between same dns naming contexts? 1
Migration Domain 3
Multiple single domains in multiple single forests 1
AD design question....again 4
Wndows 2000 and 2003 forests and domains 3

Top