I hope everyone is safe in this pandemic situation.
My organization located in India, We have an AD forest name called "in.company.net" and Main DC located in Branch A.
Active directory users are integrated with office 365 by using the AAD tool and we don't have on-premise exchange servers. So all the mailboxes in the cloud.
My organization has 200+ USA users who already created in the "in.company.net" domain, basically, those 200 people Located in the US region, and those 200+ laptops are in the workgroup we have not added them into the domain(in.company.net) yet because we don't have a domain controller in US office.
Now my management asking us (IT TEAM) to manage those laptops (US LAPTOPS) that should be added into the domain and we should restrict the laptops using group policies as same as india.
We have a site-to-site connection to the US office from India, but if we create a child domain at the US branch, users can be logged in to the "in.company.net" domain since we have a forest name as "in.company.net".
To overcome this, we planned to create a tree domain called "us.company.net" and wanted to establish the Trust relationship between two domains (us.mouritech.net and incompany.net)
But again users need to be login to laptop using in.company.net\username because the USA user is already created in the "in.company.net" domain.
What the challenges we might face and how can we mitigate those?
Note: I know the forest name should be "company.net". but it was already created long back now I can't rename or changing it causes many issues as we have many applications are integrated with Active directory.