what are the best practices to create Active Directory structure for a Enterprise where we have multiple sub organizations

Question

Hi,

We have an existing active directory setup (including DC ADC) in India with 2000 users but as our organization growing we need future ready AD structure which can cover our multiple subsidiary companies. We want to segregate each company's domain/sub domain name and separate network range.

So if my organization using sss.com AD Domain in India and we want to connect newly acquired subsidiary companies abc, efg, xyz with existing one. So, what are the best practices for AD structure

shall we go for tree structure, where sss.com will have 3 child domains abc.sss.com efg.sss.com xyz.sss.com and they will share users whenever required.

or shall we go for separate DCs abc.com efg.com xyz.com and configure trust between them for user and information sharing

what are the best practices and how the network subnet, DNS and DHCP will be configured for these new sub company's DC/Child DC. We are looking for a future ready structure where we can add remove other sub companies and manage IT infra quite easily

Thanks

Answer 1

Hello @Vinay Negi

there is no really a golden rule for this, but it depends on the features and architecture advantages. Subdomains will make easier to access information accross the main domain (shared folders, application databases) and simplier administration (domain Admins will be able to manage all the subdomain directory).

On the other hand, separated domains will increase security, by segregating services such as DHCP, DNS Zones, etc, but at the same time will increase the complexity of manageability (different Domain Admins or cross domain permissions) and as well access to information (cross domain bindings and permissions)

Hope this helps with your query,

--If the reply is helpful, please Upvote and Accept as answer--