Problem:
I have a customer who has standalone Active Directories in multiple locations (they are not connected/related to each other) for managing users, distribution/security groups, computers, user roles and policies (GPO), etc. However, they want to centralize this and build a consolidated centralized Active Directory where they want to maintain all the objects. They also want to centralize access control. That is, they want to push out the policy changes from the central AD to the local ADs.
Questions:
- Is is doable in AD? if so, how? Can you please provide some references?
- Will the new AD become a forest and the standalone ADs will become child AD?
- Will it be possible to push out groups, GPOs to the child AD? (I believe the answer should be yes if #2 is true)
- Will any additional MS software/tools be needed to do this or AD itself has all the necesasry capabilities?
Thanks a lot in advance!
MN-WA