Hi, we have a simple Win2k3R2 AD (mycompany.com) with two DCs operating at our home office and one remote DC at our Disaster Recovery site. All three DCs are integrated DNS servers and are global catalog servers. We have a Win2k3R2/FTP (IIS FTP) server that is a member of the domain but it also has local user accounts that are used for granting access to FTP sites that our clients need for posting and retrieving files. For security reasons we do not want clients to have domain user accounts. Our goal is to have a way to offer redundancy for the user accounts and eliminate the single point of failure with having the accounts be local server accounts but also keep the internal production domain secure and separate from client access. To achieve this we are exploring the idea of creating either a child domain (client.mycompany.com) or another forest (newforestname.com) and creating user accounts in that domain to be used for granting access to the FTP server. Our theory is that this setup would offer the redundancy we want for the user accounts and also making upgrades of the server much easier with not having to create all the client ftp accounts again. Are their recommendations for either scenario, caveats to be aware of or other recommendations that were not mentioned? One question that comes to mind if we were to create another forest, I am unsure if the ftp server could keep its existing domain name ftp.mycompany.com or would it have to be ftp.newforestname.com? I hope I posted this to the correct forum and that I offered enough details for what we are trying to accomplish. Any thoughts or suggestions would be greatly appreciated.

Hi, please ask this question in Directory Services forum, you might get better answers there. http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads Please refer the link of this discussion while posting, so that later on moderator can merge the threads.Thanks !

Hi, please ask this question in Directory Services forum, you might get better answers there. http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads Please refer the link of this discussion while posting, so that later on moderator can merge the threads.Thanks !

Done. Posted here: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/de26f4b9-c9be-45c2-885f-2634cc5b07a3 Thank you.

Done. Posted here: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/de26f4b9-c9be-45c2-885f-2634cc5b07a3 Thank you.