We currently have a single forrest single domain. We are an international group of companies, and we have two clear IT administrative groups which reside in different countries and are responsible for our own subset of companies. So let’s say we have company KFC in the USA and company KFC in UK. USA also has completely separate companies ABC and CBA which only USA KFC are responsible for administering, and in the UK we have a completely separate company ZZZ which only UK administers. While KFC in the USA and UK have the same business model, the only real affiliation they have between each other is they are owned by the same owners. All other said companies have the same owner but they are their own independent company with no shared business model or anything. We (USA and Uk) clash a lot because we are in the same domain so what affects one often has some impact on the other, or at least must go through global change control, and KFC UK feels they don’t have full autonomy over their area of administration. I’m thinking we should look to split our single forest single domain into multiple domains, one each for kfc USA, kfc UK, ABC,CBA and ZZZ, but keep them in the one forest. We still want to maintain global governance to ensure we all are in alignment with each other (policy, security etc) , and be able to help each other out occasionally so someone in the USA could perform administrative duties in the UK if ever needed. I think having multiple domains will give clear administrative boundaries and proposed changes in one domain won’t cause an international crisis for the other domain. Is this a valid use case for splitting our domain into multiple domains? And what would the strategy look like to accomplish this? I’m thinking we create a new domain in the forest and then we’d have to touch/ automate every computer in this proposed domain to join them to this new domain. We also have a single azure tenancy we’d need to split up, and then use azure lighthouse to easily manage the multiple tenancies for things like global azure governance and defender policies etc. Question is, is this a valid architecture goal for our situation or would this not be a recommended path to go down? If not recommended then why not? There would be some short term pain in splitting them out but we’d end up in a better position to self govern our administrative boundaries without trying to coordinate an international panel of big wigs any time we want to do some small ass change. But then, is having multiple domains in a forest an outdated architecture that we should be looking to avoid? Tell me your thoughts good reddit folk!