Possible Administration Issue.

[Frater]

Hello Everybody,

I was worrying about some possible administration Issue on a
particular AD architecture.

My company is an Europe Branch of an US Company. And we are thinking
about the best way to integrate their AD.

First proposal was to be a part of some OU (I.E: Serveur\FR,
Workstation\FR ...), my question is what kind of problem can be
encountered with this type of architecture, knowing that we "should"
have admin right on those OU

And what about a Sub-Domain ? Same Issue ? Different ? (The link
between FR and US is a IPsec VPN).

Thanks for helping

Frater

 

[Laura E. Hunter \(MVP\)]

Typically you'll want to create a separate or child domain if your branch
has differing security requirements from the parent company, especially in
terms of password length or complexity requirements. Organizational Units
are a valid choice for delegating administration without creating the added
overhead and complexity of a separate domain. Within Active Directory, you
can address your logical network design (domain vs. OU) as a separate entity
from your physical design. Sites and domains do not need to exist in a
one-to-one relationship: you can have a single site that contains multiple
domains or a single domain that spans multiple sites. As long as you define
your subnets correctly withing AD Sites & Services, any AD-aware
applications and resources will attempt to use servers & services within the
local site before attempting to traverse a WAN link.

 

[Frater]

Thanks a lot Laura.