Hi, We currently are completely rebuilding our entire AD infrastructure, to include building out a new domain. We are a company of approximately 400 employees and with one site. We will potentially have 2-3 new sites in FY2012 and I was advised to create a single forest with multiple domain structure (parent with multiple child domains) to allow growth and to segment the additional sites. The reasoning provided has nothing to do with security or separating services. It is solely to segment the potential sites out for visual and logical purposes. With that being said, I feel this is incorrect and we should use a single domain with multiple sites for a company our size. I believe creating the additional domains will just create unneeded overhead and utilize needed resources. I am looking for support and justifications to provide to management as to why we should use a single domain to complete the migration. I have compiled some on my own, but I am hoping the forum can help generate some more and justify my reasoning. Can anyone provide feedback to this scenario and reasoning? I appreciate all responses and assistance with this. (The reason behind the migration includes having our domain name being public and the security risks and other issues this can cause) Thanks, John

Here a few in my opinion; If you have a centralized IT management then subdomains are not necessary. If the security will not be handled by the sites then a single domain makes sense. If the sites will have good connection to the main site then a single domain makes sense to me.

Always go with one domain, unless you have very good reasons (generally political) to go with more. In your situation, one domain is definitely best. Most of the few justifications for multiple domains in the past have been addressed by Windows Server 2008. Richard Mueller - MVP Directory Services

Multiple domains increases complexity and management overhead significantly. In your case, a single domain is the most desirable because everything is still centrally managed. Typically, legal/policy compliance issues force the multiple domain/forest models. -- Mike Burr Technology

Technically a single domain is all that's required in most cases, yours included going on the information given. If you are having a hard time selling this to management, or who ever else, then take it down to a discussion of cost and value. Ask them what extra value they believe will be achieved by the increased cost of running a multiple domain environment. Once it comes down to money the most cost effective solution is normally the one which will get the approval. To give you an example. At the company I work for we have 5000 users at 100+ sites worldwide in a single domain (originally about 20). This is with decentralised IT and very different business requirements in some locations. As long as your delegation is tight, your OU\GPO structure well designed and your sites\subnets\DC placement setup correctly a single domain can normally tick all the requirements. Best Regards Joe Dunn MBCS, MCITP:EA, MCSE, CCNA

All, Thanks for the excellent feedback. I believe with the knowledge and feedback provided I will be able to sell my case and hopefully win this battle.

Thanks Joe for the feedback. A real world scenario with the instance you provided not only solidifies my case, however provides valuable insight into what other companies are doing. We will definitely have a strong OU/GPO structure with well controlled delegation. Thanks again.