A Tale of Two Domains

  • There's a particular site we support which has its own domain. Things have been that way since we acquired it a couple of years ago. We've had talks about killing that domain altogether but have not done it because it has not been a priority. The remaining 5 sites we have all operate on one domain, but the only domain controllers are at our main site (call it site A). I know it sounds ridiculous already, but bear with me here.

    The site in question (call it site 😵 is its own entity but is owned by the same owners as the company where I work (site A). As it stands, site X has a Server 2003 SBS that is acting as the master domain controller for and a Server 2012 DC that is completely virtual on the ESXi host at that site for redundancy. Site X has its own file server as well as some VMs running Engineering applications on Windows 7. All of these are on site X's domain.

    As far as workstations at site X go, we have a mix of stations on site X's domain and those on site A's domain. The only things site X really does not have to stand completely on its own would be the Exchange server and company intranet (both hosted at site A and part of site A's domain). Since site X has been operating more and more on its own within the last 6 months, they really have no need to access resources at site A other than the two I mention here (no access needed to file servers at site A, etc.).

    Based on the fact that site X has become so operationally independent from site A, I could see the case for keeping the domain for site X, moving all workstations over there not on that domain to it, and just creating a domain trust between it and the domain for site A. It would be a great deal easier since we would not have to change domains on all the servers at site X. But, there is simplicity in having everything on a single domain.

    I realize what we have is a complete mess, and we need to change everything one way or another. I was looking to get some insight as to which way to go here (keep site X on its own domain vs moving everything to the same domain as site A). Let me also throw in that we know site X as an entity is about to change its name (some point in the not so distant future). The site is not being acquired but changed up a bit to give it a fresh look to customers (and I think because of some legal battles that happened post-acquisition).

    What would you do here, and why would you do it? What are the reasons you've had multiple domains in place?

  • @NetworkNerd I would hold off on changes until the new name is implmented and then change Site X to a new domain based on the new name and migrate everything to that. I would also dump the SBS 2003 at the same time if at all possible.

    Basically make anew domain and not a migration from the old one.

  • It sounds like your company's becoming not just a single company, but a bit of a holdings firm/small conglomerate. What's normal for those setups is to have a centralized domain and infrastructure for the entire group, Each division could have its own base OU and have delegated permissions off of that. You could have Site A and Site X as separate entities within the companygroup.com domain, for example. With a modern AD environment, there's no reason to have more than one domain. It'd be a little bit of work to get it all implemented, but not that difficult.

  • A single domain across both sites with a DC at each feels better at a first read. Very simple but keeping traffic from going over the WAN except as failover.

Log in to reply