what are the best practices to create Active Directory structure for a Enterprise where we have multiple sub organizations

Vinay Negi 1 Reputation point
2021-12-28T23:19:10.987+00:00

Hi,

We have an existing active directory setup (including DC ADC) in India with 2000 users but as our organization growing we need future ready AD structure which can cover our multiple subsidiary companies. We want to segregate each company's domain/sub domain name and separate network range.

So if my organization using sss.com AD Domain in India and we want to connect newly acquired subsidiary companies abc, efg, xyz with existing one. So, what are the best practices for AD structure

shall we go for tree structure, where sss.com will have 3 child domains abc.sss.com efg.sss.com xyz.sss.com and they will share users whenever required.

or shall we go for separate DCs abc.com efg.com xyz.com and configure trust between them for user and information sharing

what are the best practices and how the network subnet, DNS and DHCP will be configured for these new sub company's DC/Child DC. We are looking for a future ready structure where we can add remove other sub companies and manage IT infra quite easily

Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,932 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
657 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
516 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,396 Reputation points
    2021-12-29T16:32:29.357+00:00

    Hello @Vinay Negi

    there is no really a golden rule for this, but it depends on the features and architecture advantages. Subdomains will make easier to access information accross the main domain (shared folders, application databases) and simplier administration (domain Admins will be able to manage all the subdomain directory).

    On the other hand, separated domains will increase security, by segregating services such as DHCP, DNS Zones, etc, but at the same time will increase the complexity of manageability (different Domain Admins or cross domain permissions) and as well access to information (cross domain bindings and permissions)

    Hope this helps with your query,

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments