Question : Hosted AD Domain Service - a best practice ?

Is it recommended practice to host multiple unrelated Companies on a single Microsoft Active Directory Domain, with Read-Only domain controllers located at each Company ? Are there provisions with Server 2008 read-only domain controllers to prevent enumeration of all domain users or groups such as when assigning user or group permissions on a file server of one company.

Answer : Hosted AD Domain Service - a best practice ?

Read-only DCs are used for security purposes since they are read-only and not be edited.

http://technet.microsoft.com/en-us/library/cc732801(WS.10).aspx

Having the VPNs wide opened could have some security risk they could lock them down a little.

Really though having RODCs at the sites gives the best security in a hosted environment currently in AD what other solution could a hosted company supply with a AD structure. Most of the provisions taken seem to be secure except the wide open VPN.

Also, most likely no one has domain admin rights except for the Host company if there are any admins that are part of the hosted company they are most likely Admins that have deletgated permissions which means they have been locked down to do only certain admin procedures.

Random Solutions

Differences between full versions and "Click-to-Run" versions of MS Office

XP won't load in Normal Run Mode

Can I use DFS to replicate VM's between two MS Hyper-V Servers?

sqlplus insert into select script

Update field in table with unbound field on form.

Outlook 2007 starts minimised & will not open into a window

VMware new install

Time out and my script

Running CEICW to install SSL Certificate

Automatic drawing of every Row/Line graph in EXCEL