Educause Security Discussion mailing list archives
MSFT Domain Controller: One Forest for servers and user/computer management, or two isolated forests?
From: Marmina Abdel Malek <marmina () AUCEGYPT EDU>
Date: Wed, 4 Nov 2009 13:05:44 +0200
Dear Colleagues, We are currently studying the restructring of university domain controller and I need your advice: - We have around 250 servers (80% windows servers) hosting applications (web servers, CMS, ERP, LMS, etc...) - We have around 8000 computer on campus (85% windows, 15% MAC/others) The case: we need to centralize the management of the around 200 servers by joining a domain controller for pushing patches, inventory, etc). As for end PC, we need to join them to a domain to push softwares, updates, policies, remote support, centralized authentication, group policies, roaming profiles, etc.. *The question:* Should we build 2 forests (isolated from each other): one for servers and and one for user/computer management? Or should we have one forest with 2 sub doamin? *Concerns:* I'm afraid that if the user/computer domain was compromised, an intruder might be able to propagate to the servers domain and compromise the whole infrastructure. Please advise.... Best Regards, Marmina Abdel-Malek IT Security Officer The American University in Cairo Tel : +202-2615-3561 Fax: +202-2797-4909 Email: marmina () aucegypt edu web: www.aucegypt.edu
Current thread:
- MSFT Domain Controller: One Forest for servers and user/computer management, or two isolated forests? Marmina Abdel Malek (Nov 04)