Archived from groups: microsoft.public.win2000.active_directory (More info?)
Hello;
I work for a school board, in an IT department. My department presently
maintains administrative users in an nt 4 domain. Our nt4 users (approx 500),
all have email accounts on exchange servers (there are 3 of them...1 backend
and 2 frontend) which are located in the root domain of an active directory
forest.
The root domain of this forest contains a child domain which is administered
by a different department who take care of instructional users.
The instructional group feel that an empty root domain scenario would be the
most secure way to go. They would like administrative users to be migrated to
a child domain of the root as well (like themselves). Our department would
still maintain the empty root domain.
Would the instructional department somehow be more secure from us if we
followed the empty root scenario as opposed to some other scenario where the
root is not empty and contains the admin users?
I do know that if the schema becomes corrupt, it would affect the whole
forest. Would maintaining the admin users in the root put it more at risk
than if they were in a child domain?
Has anyone actually heard of an organizations schema corrupting due to a
security breach? Anything is possible of course but has it happened? Has it
happened on an empty root domain?
I have read other threads on this community site regarding this topic but
the above questions still haunt me.
Thank you if you can enlighten me further.
Paul B.
Hello;
I work for a school board, in an IT department. My department presently
maintains administrative users in an nt 4 domain. Our nt4 users (approx 500),
all have email accounts on exchange servers (there are 3 of them...1 backend
and 2 frontend) which are located in the root domain of an active directory
forest.
The root domain of this forest contains a child domain which is administered
by a different department who take care of instructional users.
The instructional group feel that an empty root domain scenario would be the
most secure way to go. They would like administrative users to be migrated to
a child domain of the root as well (like themselves). Our department would
still maintain the empty root domain.
Would the instructional department somehow be more secure from us if we
followed the empty root scenario as opposed to some other scenario where the
root is not empty and contains the admin users?
I do know that if the schema becomes corrupt, it would affect the whole
forest. Would maintaining the admin users in the root put it more at risk
than if they were in a child domain?
Has anyone actually heard of an organizations schema corrupting due to a
security breach? Anything is possible of course but has it happened? Has it
happened on an empty root domain?
I have read other threads on this community site regarding this topic but
the above questions still haunt me.
Thank you if you can enlighten me further.
Paul B.
Facebook
Twitter
Instagram