S
SebyP
Hello everyone,
Background: our company just created a subsidiary in another region (Middle East), so we need to start building up the infrastructure there. After doing some quick checks I have discovered that turning up a new server and joining it to the existing domain effectively means that all LDAP information (user structure, information, password hashes, etc.) will also be replicated there. Naturally, this is something that we don't really want, as we would prefer to have things separated also from a security point of view.
I've been doing some searching and it seems that there are two possible solutions for this challenge:
We plan to use Windows Server 2016 to achieve this. Another important aspect is that at the remote site we will have an administrator that should manage only the Middle East territory, not the one in the HQ.
My question is: what is the best setup to go forward and why?
Thanks,
Seb
Continue reading...
Background: our company just created a subsidiary in another region (Middle East), so we need to start building up the infrastructure there. After doing some quick checks I have discovered that turning up a new server and joining it to the existing domain effectively means that all LDAP information (user structure, information, password hashes, etc.) will also be replicated there. Naturally, this is something that we don't really want, as we would prefer to have things separated also from a security point of view.
I've been doing some searching and it seems that there are two possible solutions for this challenge:
- Forest and child domains (e.g. corp as the root domain, territory_1.corp as the first child domain and territory_2.corp as the second child domain)
- Trust between two separated domains (also found something related to federation, but it's not clear to me if this is a mechanism to configure trust between two domains or it's a standalone configuration with additional implications)
We plan to use Windows Server 2016 to achieve this. Another important aspect is that at the remote site we will have an administrator that should manage only the Middle East territory, not the one in the HQ.
My question is: what is the best setup to go forward and why?
Thanks,
Seb
Continue reading...