What does your employer want?
If they want to be able to sell off the asset quickly and smoothly, a trusted peer forest is the way to go. If they want to save money now, then just build some OUs and go that direction.
Make sure that they know the differences though:
Moving 10-30 computers into a new domain isn't just a 2 minute move, unless you really don't care about the user's former profiles. 'Give them their e-mail' might sound really nice if you don't care about them either. Severing the users from their domain severs them from other things that are behind the scenes, their SID and the Exchange infrastructure (if you are using Exchange). Going with an OU to handle the computers and users is easy now, but it's not pretty or simple. Going with a separate peer domain/forest allows you to sever them very smoothly (break trust) and the users actually continue to work exactly as they did before, except that they can't access any resources on your existing domain.
I'll be honest... a lot of people are more concerned with saving money than they are in making sure that an asset has the capability to be completely independent of the parent organization.
My recommendation is based upon what several companies that I've worked for do when they start up divisions that might be spun off later or even with assets which they acquire.
On 7/12/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
I agree with Jorge but I think it pertinent to add that you would likely want to gain some perspective:You are asking about a configuration for something that "might" happen in the distant future or not to distant future. You're trying to future proof your design/deployment centered around 30 sec prins, possibly 60 if they bring computing hardware with them.Using an OU, you can satisfy today's needs, and you can adjust to whatever their future demands become. If they decide in the future to go with linux as their standard, then you'll not have wasted a moments time or a penny of hardware to satisfy what might have been. If they decide to go with Active Directory, what exactly do you want them to take with them? If you give them their own forest, you *could* just cut the ties and no worries. But the administrative headache that goes with that is formidable. It must be dealt with and it will always be different and require special handling, additional resources, and a different skill set than an OU would require. Separate forests offer few benefits from what I can see of this situation, but weigh that carefully.If they decide to split company and go their own way to a new AD forest, you can use migration utilities to give them the sec prins (if they wnat them; it would be easier to just create new ones IMHO) and give them their mail data and be done. 30 users is too small a number in my opinion to want to worry about separate forests etc.
On 7/12/06, Almeida Pinto, Jorge de < [EMAIL PROTECTED]> wrote:an OU with the objects needed for those people (users, groups, computers) would be enough. Imagine a domain with at least 2 DCs for just 30 peoples with no special requirements while other domain(s) exist
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
( Tel : +31-(0)40- 29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : <see sender address>
________________________________
From: [EMAIL PROTECTED] on behalf of Larry Wahlers
Sent: Wed 2006-07-12 19:18
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Planning for the future
Esteemed colleagues,
We have a radio station that is currently part of our denomination that
we want to finally put on our network. They are located about 20 miles
from our headquarters. However, there has been talk for many, many years
about selling off this radio station, but that hasn't come to pass yet.
My question is, if we put them in their own domain in our existing
forest, would that make it easier to get them into their own forest if
they should some day no longer be a part of us? If not, what's the best
way to plan for a possible future in which these 30 people might no
longer be working for us?
Many thanks in advance.
--
Larry Wahlers
Concordia Technologies
The Lutheran Church - Missouri Synod
mailto:[EMAIL PROTECTED]
direct office line: (314) 996-1876
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
