New active directory for group of comapnies

Question

The situation - one group of small comapnies.
The main DC will be located at the cloud.
each company will have 1 dc or 2 in office replicated from cloud.

what is the best way to implement the new active directory ?

each company with separate domain? one domain with OU's?

I want each company to have admin domain separated and a master admin ...

and to allow specific users from one company to access other resources in other company.

Which way is more secure/reliable ?

I want to create admin for each company so the admin will be able to install softwares/ change premmisions only for specific company and still have super admin - which
option is more easy to manage?

Answer 1

You should most likely ask your question in the Active Directory forum located at https://learn.microsoft.com/en-us/answers/topics/windows-active-directory.html That is where the Active Directory experts are.

They are better equipped to discuss pros and cons of the different configurations you are asking about.

Answer 2

Hello,
Thank you for posting here.

Based on the description, we can set up root domain with DCs and child domains with DCs.

Root domain is the headquarters. Each sub company is in a child domain so that each company has admin domain separated.

For more information, we can refer to the links below.

Child domain Benefits in large environment
https://social.technet.microsoft.com/Forums/en-US/0d8321ed-c0b7-4f60-902e-8fdfa76f95ae/child-domain-benefits-in-large-environment?forum=winserverDS

Install a New Windows Server 2012 Active Directory Child or Tree Domain (Level 200)
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-a-new-windows-server-2012-active-directory-child-or-tree-domain--level-200-?redirectedfrom=MSDN

How Domains and Forests Work
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783351(v=ws.10)?redirectedfrom=MSDN

Best Regards,
Daisy Zhou