I work in a small department of an worldwide company. The networks are all on NT4. 75% of the NT domains are managed by the data center.
My department's network is a single flat NT4 domain with a one way trust relationship with our data center for exchange services. We are self sufficient and run like a small company without the bureacracy of the datacenter. We manage cash flow and trading. When there is a problem, we get it done quickly/effectively.
The company is in the early stages of migrating to AD from NT4.0
The data center's AD plan is to setup one forest for the whole company. This forest would envelop all the current NT4 domains throughout the company worldwide under their umbrella. Making it easier for them to admin over.
However I don't have much confidence in their direction. In their first migration meeting they were more concerned with applications being impacted by AD. I felt they should have attempted to understand the existing NT4 domains and trust layout. They are too ambitious and overconfident.
Seems like they want to not just overhaul the whole network layout but also operational procedures.
I fear there maybe a security risk by going the data center's direction. They say my users will have the ability to log on to any company PC overseas and get their stuff.
I think this a huge risk as I have no users that travel overseas and I don't want any potential hacker accessing our network as we have sensitive data. I do not like the idea of any kind of my network information whether its data, or computer names being replicated overseas. Also the idea that big brother data center would know the admin password have admin rights over my dept's network doesn't sit well either.
Also I worry that our operational procedures will be impacted (i.e. If my current LAN admins need to call someone in the data center and cut a ticket to add a replacement Traders PC to the domain , this is time we can't lose)
I do not know much about AD so feel free to comment.
I want to see if I can present a valid business/technical case to request that my NT domain becomes its own forest with a trust to the bigger data center forest for Exchange services.
I would like to hear if anyone has any ideas on the advantages of having my own forest vs being under an OU under the single forest.
Thanks for reading.
My department's network is a single flat NT4 domain with a one way trust relationship with our data center for exchange services. We are self sufficient and run like a small company without the bureacracy of the datacenter. We manage cash flow and trading. When there is a problem, we get it done quickly/effectively.
The company is in the early stages of migrating to AD from NT4.0
The data center's AD plan is to setup one forest for the whole company. This forest would envelop all the current NT4 domains throughout the company worldwide under their umbrella. Making it easier for them to admin over.
However I don't have much confidence in their direction. In their first migration meeting they were more concerned with applications being impacted by AD. I felt they should have attempted to understand the existing NT4 domains and trust layout. They are too ambitious and overconfident.
Seems like they want to not just overhaul the whole network layout but also operational procedures.
I fear there maybe a security risk by going the data center's direction. They say my users will have the ability to log on to any company PC overseas and get their stuff.
I think this a huge risk as I have no users that travel overseas and I don't want any potential hacker accessing our network as we have sensitive data. I do not like the idea of any kind of my network information whether its data, or computer names being replicated overseas. Also the idea that big brother data center would know the admin password have admin rights over my dept's network doesn't sit well either.
Also I worry that our operational procedures will be impacted (i.e. If my current LAN admins need to call someone in the data center and cut a ticket to add a replacement Traders PC to the domain , this is time we can't lose)
I do not know much about AD so feel free to comment.
I want to see if I can present a valid business/technical case to request that my NT domain becomes its own forest with a trust to the bigger data center forest for Exchange services.
I would like to hear if anyone has any ideas on the advantages of having my own forest vs being under an OU under the single forest.
Thanks for reading.