Migrate to 2003 across 3 Networks connected by WAN

[Vince0000]

Hello All...
Question for you if you don't mind...

Let's say I have 3 Networks LocationA (Main Office), LocationB and LocationC all connected with a WAN and running NT4. (We recently just migrated the Main Office to Server 2003 and would like to migrate the next location but need to confirm the structure on doing so...)

My question is how should we structure the Domain with all 3 locations...?

1 Forest with 3 domains?
3 Forests with 3 Domains?
Child Domain of an Existing Domain?

What security Pro's and Con's is there to each type of structure...

Were thinking we should have 1 Forest with 3 Seperate Domains as we do not want Location "B" and Location "C" to have the admin security to get into Location "A" were there not supposed to be etc. Is this the correct structure to use?

I'll continue after a few responses if there is not enough information here.

Thanks alot in advance!
Vince


you get the idea...

 

[ntinlin]

Security boundary in AD is the forest not the domain.

It all really depends what it is you want the site admins to be able to do, password changes etc. could be delegated to them for an OU for each site for instance.

Might be better to think about working from the bottom up, ie they are normal users with certain extended rights over the accts. of their local users rather than domain admins

 

[swabs]

sounds to me like you would want to have 1 domain with 3 sites. Then you can delegate permissions based on OU's as stated by ntinlin.