I have a network with several different subnets/departments.
Do i need to create several domains, each with organizational units for their managers and staff( domains are MAIN, ADMIN and STAFF)
It seems more simple to have just one domain on the network, and create organizational units for each department, and then apply group policies to each dept. (policies will grant/deny access to specific servers).
Could you please enlighten me on the need fo more than one domain? thanks
2007-01-07 03:40:39 · 1 answers · asked by Alex M 1 in Computers & Internet ➔ Computer Networking
I'd stick with a single domain and use OUs to sort resources. Multiple domains introduces added complexity to your network and unless you have thousands of users at many locations it won't do a whole lot for you. You'll need to add at least two domain controllers and two DNS servers (DNS can be on the same box as the DCs though) for every child domain.
Group policy isn't the best way to control security settings though. I'd use Global Groups for that with Local Goups on the resource machines. If you do go with a multi-domain model you'll need to use Universal Groups to assign security permissions across domain barriers.
2007-01-07 03:53:04 · answer #1 · answered by Bostonian In MO 7 · 0⤊ 0⤋