Srinivas,
Compared with WINNT 4.0 there is often no reason to have sub-domains ( aka
child domains ) in WIN2000. As you have discovered, you can make very good
use of Organizational Units for management purposes. A lot of WINNT 4.0
admins have problems with this once they migrate over to WIN2000. You can,
for example, have one company that has a presence in several cities or
countries and still have 'yourcompany.com' instead of
'atlanta.yourcompany.com' and philadelphia.yourcompany.com' and
'portland.yourcomany.com', etc. You simply make use of Active Directory
Sites and Services ( ADSS ). You can simply create an OU for each location
and put all of the user account objects and computer account objects in the
appropriate OU. Or, you can create OUs that fit the way your company does
things. You use OUs for management purposes ( by placing all of the user
account objects in a specific OU and then assigning/linking a GPO to that
OU, for example ).
Having said this, I would be remiss if I did not say that there often are
reasons for having sub-domains. One such reason is a password policy.
Remember that the password policy is domain-wide. If the guys in Finance
want a super secure password requirement that does not make sense for the
rest of the company ( I know! I know! ) the you would create a sub-domain
for the finance department and create the password policy that they want for
the 'finance.yourcompany.com' domain.
Remember that at the top there is the forest. The forest is comprised of
domain trees.
HTH,
Cary