[windows2000] AD Design Question

  • From: Aaron Dokey <adokey@xxxxxxxxxxxx>
  • To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
  • Date: Mon, 18 Nov 2002 14:16:01 -0500

I'm in the process of planning a AD migration and I've got a question.  I've
got a DMZ that currently has it's own NT4 domain with two domain
controllers.  That domain has a one-way trust to my main networks domain.
When I migrate to AD what is the best solution?  Should I make the DMZ it's
own forest and do a trust between the two?  Or, should I make the DMZ a tree
inside of my main forest?  What's best for security sake?  I've got to have
some sort of trust because I need to be able to authenticate off of the main
networks domain for some web applications.  



Aaron Dokey - MIS
Reid Tool Supply
2265 Black Creek Rd.
Muskegon, MI   49444 
(231) 777-3951
(231) 767-3772 (Direct)

To Unsubscribe, set digest or vacation
mode or view archives use the below link.


Other related posts:

  • » [windows2000] AD Design Question