Newbie Q: 3 companies - 1 server

[Arxitektwn]

Evening,

if I wanted to run 3 companies with different domains on the same AD server
what is the best way forward? I need them to be as separate as possible but
without buying 3 servers!

Any advice?

Kou

 

[Herb Martin]

if I wanted to run 3 companies with different domains on the same AD
server

what is the best way forward? I need them to be as separate as possible but
without buying 3 servers!

You can't do it with Win2000 or Win2003.

You need at least one server as DC for each domain minimum.
(You might run some 3rd party virtual server to run 3 Win2000
DCs, but all you save there is hardware and it's not supported.)

Hardware is cheap. A $400 (or less) machine makes a great
DC for small domains.

Buy 3.

 

[Brian Desmond [MVP]]

You cannot do this. A server can only serve one AD Domain.

--
--Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us
Http://www.wpcp.org

Beta #469090

 

[Robert Moir]

Thank you Brian,

what would be the recommended way? Make one 'super' domain and treat
the 3 companies as sub domains or just make each company an OU?

Well as "Sub domains" (assume you mean child domains) would mean 4 domains
(the root and the 3 companies) and each would require its own AD server, I'd
say that doesn't meet your "one server" requirement.

 

[Arxitektwn]

Thanks Robert,

so there is no way of achieving this with a single server??

Kou

 

[Paul McGuire]

You could purchase VMware and possibly accomplishment your goal. would be
very complex. Virtual Machine software works good for two but never tried
3.

HTH

Paul McGuire
(e-mail address removed)

 

[Eric Chamberlain]

If you are asking this question, you need to further research the impact of
trying to combine companies in a common forest. It is generally a bad idea
and opens up a large number of security issues.

Otherwise, use VMware and setup three virtual machines.

 

[Arxitektwn]

Thanks everyone,

need to recap:

instead of going with 5-10 physical server boxes or using virtual machines
for every single company... a cheap solution would still be to treat every
company as an OU under a master domain right? (and additionally if they
require extra extra security they could buy their own server...)


Kou

 

[Brian Desmond [MVP]]

OUs would work. If the company obtains its own server, you could setup a
child domain with that server. I'm not sure what sort of security gain you
think you'll find, though.

--
--Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us
Http://www.wpcp.org

Beta #469090

 

[Arxitektwn]

Thanks Brian,

following the logic of you get what you pay for and this group only can
afford one DC I will need to go for that! The only security I am hoping this
setup will guarantee is that they will not be able to browse each other's
shares...Surely OUs can cope with that...

Kou

 

[Arxitektwn]

Thanks Rob,

fortunately this is not my network... I am fortunate enough to buy my own HW
as required. This is a side thing I need to set up for a customer's customer
so I donnot have a say on how they spend their budget!

Thanks for the useful feedback... thats what I needed to hear!

Kou

 

[Herb Martin]

following the logic of you get what you pay for and this group only can

afford one DC I will need to go for that! The only security I am hoping this
setup will guarantee is that they will not be able to browse each other's
shares...Surely OUs can cope with that...

All you need for THIS is Security GROUPS (not OUs) and
Share + NTFS permissions. Even NT 3.51 can do this.

Even with multiple domains, you can mess up the permissions
and end up with inappropriate sharing.

Set the permissions and it works.