Ok brief outline;
We have a 2008 R2 and Win 7 network; the powers that be have purchased a suite of Apple PCs. I'm not an Apple user but am aware of issues around NTFS permissions being bypassed. So I want to segregate the Apple network. The Apple suppliers say they want to integrate the Apple clients into the AD domain to take advantage of server services and so users can access their home areas - fine.
They want to set up a 'golden triangle' where the OSX server manages the OSX clients and the AD server provides services like DNS, DHCP, Kebros authentication and home drive access.
So in an effort to secure the core network I thought that I may be able to set the Apple network up as a 'remote site'. Essentially within a the subnet where the Apples will reside create a DC and have that replicate through a firewall to the main domain. Apple get the services they need and I get peace of mind by being able to limit access via the firewall.
Am I barking up the wrong tree?
If this is indeed feasible can I then have the ability to map the user areas through the firewall to the primary domain?
The data will be over a 1gb link so bandwidth isn't the issue.
Many thanks in advance.