A Tale of Two Domains
-
There's a particular site we support which has its own domain. Things have been that way since we acquired it a couple of years ago. We've had talks about killing that domain altogether but have not done it because it has not been a priority. The remaining 5 sites we have all operate on one domain, but the only domain controllers are at our main site (call it site A). I know it sounds ridiculous already, but bear with me here.
The site in question (call it site X) is its own entity but is owned by the same owners as the company where I work (site A). As it stands, site X has a Server 2003 SBS that is acting as the master domain controller for and a Server 2012 DC that is completely virtual on the ESXi host at that site for redundancy. Site X has its own file server as well as some VMs running Engineering applications on Windows 7. All of these are on site X's domain.
As far as workstations at site X go, we have a mix of stations on site X's domain and those on site A's domain. The only things site X really does not have to stand completely on its own would be the Exchange server and company intranet (both hosted at site A and part of site A's domain). Since site X has been operating more and more on its own within the last 6 months, they really have no need to access resources at site A other than the two I mention here (no access needed to file servers at site A, etc.).
Based on the fact that site X has become so operationally independent from site A, I could see the case for keeping the domain for site X, moving all workstations over there not on that domain to it, and just creating a domain trust between it and the domain for site A. It would be a great deal easier since we would not have to change domains on all the servers at site X. But, there is simplicity in having everything on a single domain.
I realize what we have is a complete mess, and we need to change everything one way or another. I was looking to get some insight as to which way to go here (keep site X on its own domain vs moving everything to the same domain as site A). Let me also throw in that we know site X as an entity is about to change its name (some point in the not so distant future). The site is not being acquired but changed up a bit to give it a fresh look to customers (and I think because of some legal battles that happened post-acquisition).
What would you do here, and why would you do it? What are the reasons you've had multiple domains in place?
-
@NetworkNerd I would hold off on changes until the new name is implmented and then change Site X to a new domain based on the new name and migrate everything to that. I would also dump the SBS 2003 at the same time if at all possible.
Basically make anew domain and not a migration from the old one.
-
It sounds like your company's becoming not just a single company, but a bit of a holdings firm/small conglomerate. What's normal for those setups is to have a centralized domain and infrastructure for the entire group, Each division could have its own base OU and have delegated permissions off of that. You could have Site A and Site X as separate entities within the companygroup.com domain, for example. With a modern AD environment, there's no reason to have more than one domain. It'd be a little bit of work to get it all implemented, but not that difficult.
-
A single domain across both sites with a DC at each feels better at a first read. Very simple but keeping traffic from going over the WAN except as failover.
