New domain (child or new forest)?

Discussion in 'Active Directory' started by jktat, Dec 4, 2009.

  1. jktat

    jktat Guest

    We have a single active directory domain (internal.com). We need to setup a
    second domain that will be accessed from the outside for non-employee users
    (external.com). If we do not want the external.com domain to have any access
    to the internal.com domain, shouldn't we create a "Domain in a new forest?"

    Creating a "Child domain in an existing domain tree," or a "Domain tree in
    an existing forest" will allow a two way trust between the root domain and
    the child domain correct?
     
    jktat, Dec 4, 2009
    #1
    1. Advertisements

  2. Howdie!
    Yeah, you should create a new forest for this. The security boundary is
    the forest, not the domain.

    What type of access do they need, then? Why would you need to
    authenticate them? What services do they access?

    Cheers,
    Florian
    --
    Microsoft MVP - Group Policy
    eMail: prename [at] frickelsoft [dot] net.
    blog: http://www.frickelsoft.net/blog.
    ANY advice you get on the Newsgroups should be tested thoroughly in your
    lab.
     
    Florian Frommherz [MVP], Dec 4, 2009
    #2
    1. Advertisements

  3. jktat

    jktat Guest

    Not sure how this works yet, but we have a medical system that will
    automatically add users to this new domain(forest) so that they can access
    their medical info and billing online. Thanks for your reply.

     
    jktat, Dec 4, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.