Login restrictions for multiple Active Directory sites: OU or multi-domain?

Question

Login restrictions for multiple Active Directory sites: OU or multi-domain?

I am planning an Active Directory structure from scratch for an organization with multiple sites. The fundamental point is that a user belonging to site A, if he / she gets to site B, cannot log in at all .

At the same time, when the workplace of most users is defined and corrected, a small number of users should go to several sites (2-4, but not on each site).

Question: reading documents I cannot clearly understand whether only one domain with many departments can use this behavior, or I definitely need several subdomains.

Any help or hint would be appreciated, thank you very much for your time, br, ted

+4

active-directory

Ted mckullogh Dec 19 '12 at 12:08

source share

1 answer

Gaz winter · Answer 1 · 2012-12-19T12:15:13+0000

You can do this with one domain, and then configure specific groups to which you also add people.

Thus, you can make the administrator log in to all sites without problems, etc. But users can be in certain groups of sites that have access only to their site.

Subdomains are fine, but in my opinion they can be a little messy.

I think that there is no right or wrong answer, its just how you want to organize it and how much time you want to spend on maintaining AD.

Login restrictions for multiple Active Directory sites: OU or multi-domain?

More articles: