During an acquisition you have an opportunity to revisit your domain structure in addition to bringing the new business into the fold. How you go about this depends on the business and its goals. Is the newly acquired entity going to be fully merged into the parent company? Is it going to operate as a semi-independent business unit? Is there a possibility there will be additional future acquisitions or divestitures?
The two most common solutions we see are moving all users and computers to the parent company’s domain and creating a trust between the existing domains. Bringing the acquired company’s users into your domain is a simple solution. However, if there are a large number of employees, you are setting yourself up for a future cleanup. Implementing trust between the existing domains is a faster, upfront fix. However, the main problem with this method is you are taking on an old, unfamiliar Active Directory that may not be in the best health
Creating an entirely new domain and migrating everyone to it has its pros and cons as well. Not only does this have the potential to get costly, but depending on the size of your business, it can get messy as well. Another thing to consider is the possibility of acquiring another company – then you’re right back where you started. Nevertheless, you gain a huge benefit: everyone is a part of the same organization, and everyone trusts it.
The Microsoft solution is to use an Active Directory Forest to implement a root domain followed by child domains for the business units. You can then stand up different child domains. The child and parent domains have trust between one another, and you can continually add child domains as acquisitions come, and keep access regulated. You can also easily break off child domains without altering the original domain itself. This method is work intensive upfront but makes acquisitions and divestures easier in the future.
However, this adds a layer of complexity. While you have a nice, organized domain structure, you have a built-in dependency. The child domains are dependent on the root domain. If you were to divest a business unit, you would be required to provide a domain controller from the root domain.
An option we like is the use of External Trusts between independent domains. You can build independent domains with a contiguous name space (ex. us.taylorco.com and eu.taylorco.com). This is not harder to manage, provides better security, and makes it easier to add/remove domains from your infrastructure.
There are a lot of options, and a little work upfront can save you a lot of headaches later.