hi all
im after some advice if thats ok. the company im working with is part of a larger corporation, but we are looking at leaving and making a go of it on our own. one question that has been asked is what we want to do with regards to AD. Regardless of whether we start a new or move, wed look at creating domain trust relationships to ensure that we can still use the shared resources.
the way i see it is that we have 3 options:
-
stay as we are – doesnt help us wanting to go alone
-
move our child domain out of the forest
-
start our own AD domain from scratch
i guess the easy solution would be to do option 2, given that all guids and permissions would transfer across, however AD has been untouched and unloved for a very long time, at least 20 years, and by doing this we would being over all of the legacy policies etc.
if we moved to a complete fresh AD domain, yes there would be pain in having to recreate all of the user accounts, machine acocunts, policies, and then permissions, but would that be a better way to do things?
and i guess the last part of this, is AD the best way to go? if im going to look at a clean slate should i look at something different?