I know i should be able to find this, but i haven't found a good discussion.
I need to build a hosted environment - hosted Active Directory is the easiest way to explain it, for user auth. It would be nice to have have a structure like:
mycloud.com with admin accounts, and each customer would be a subdomain - client1.mycloud.com; client2.mycloud.com, etc. But the problem i see with this is the inherent 2 way trusts if all domains are part of one forest.
So the logical solution seems to be multiple forests with one domain each - and each of these customers forests would trust the admin forest - so that admin accounts to do work in all customer domains. But of course, now I have all the infrastructure and maintenance required for forests for each customer. The other draw back is the naming relationship doesn't exist that i specified in the beginning.
If I did the multiple forest model, could i create DNS alias entries for the DCs that made it look like they were related - client1.mycloud.com and issue SSL certs to the DCs for LDAP and other services, or would the DCs not be happy with this?
Are there better solutions? Any links would be helpful.
