We are in the process of testing a trust relationship with a sister company. The end goal is to have users from our domain be able to authenticate with systems/databases in the other domain, without the need of separate accounts for each domain. For the purpose of my question, we are ABC domain and they are XYZ domain.
We are in the same building, but the networks are separated via internal firewalls and distinct routing configurations. Some connections have been made to allow access to a few services on each network.
The admins of XYZ domain have requested that we create a child domain (test.ABC.com) and they will create the same on their side (test.XYZ.com) for testing. They are a mixed NT/2000/2003 AD environment and we are a native mode Windows 2000 environment.
They have multiple domains in production with a single forest root. We have a single domain that is our forest root.
We would rather not create a test child domain, if we can avoid it. We'd prefer to setup a separate domain (ABCtest.com) and test the trust relationship first with that domain.
Can anyone give me any valid, compelling reasons (given the facts above) why we would bother creating a child domain within our production forest just to test a trust relationship? We would prefer not to.
Thanks in advance for any feedback. :grin: