Creating domain for 2 sites or use subdomains?

[Az SH]

Hello,

I would like to setup new W2K domain for 2 different location connected
using Leased line. Each site has Exchange 2003 server and ISA 2000 server.
Right now, I already have internet domain name, let's say abc.com.my. My
plan is to have 2 Domain controllers, 1 ISA2K and 1 Exchange 2003 servers in
HQ while my branch office will have 1 Domain controller, 1 ISA2K and 1
Exchange 2003 servers. My HQ staff is around 100 while branch office staff
is around 50 people.

My question is:

1) Should I create one domain span multiple sites, for example abc.com.local
?

OR

2) Should I create subdomains for each site, for example, HQ.abc.com.my and
Branch.abc.com.my?

I would like to know which method is better and what's the pros and cons of
both methods. I would like to have one easier model to maintain without any
problem later on.

Thanks for ay advice,
Az SH

 

[Mike Aubert]

If there is only one central point of administrative authority go for a
single domain - it's easier to manage. You can still create multiple
organizational units and delegate control over the organizational units to
particular administrators, if necessary.

Also, if you had two domains (abc.local and branch.abc.local) you would need
a minimum of four domain controllers - two for the parent domain and two for
the child domain. This is because if the single domain controller in the
child domain failed, you would lose all the data in the child domain (since
the last backup) and users from the child domain would not be able to
authenticate to a domain controller. In contrast, if you only had a single
domain and the domain controller at the branch office failed, users at the
branch office could still authenticate to a domain controller in the main
office. This means you could use the 2-1 domain controller setup you
describe.

The only real reason you would want to setup two domains is if you need
different password policies (password length, maximum age, complexity, etc.)
for different users. Sometimes another reason for two domains is when you
have multiple points of administrative authority (such as when a company has
multiple IT groups for different departments) - although this problem
usually ends up meaning separate forests, but that's a whole other issue.

Short answer: go with one domain unless you have a *good* reason not to.

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
(e-mail address removed)

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.