We have an application we host in a third party data center for our clients. We have multiple clients running the same application on several racks of servers. Most of our clients require that our servers be SAS70 compliant.
Currently each server has it's own set of users and security settings that need to be configured. We are creating scripts to do this, but what would be the risks/advantages of joining all the servers to the domain for User Management and Group policy for enforcing security settings?
The rational of some is that if the DC is hacked the whole network would be compromised where as if one stand alone hosted server is hacked everything else should be safe.
Most of the time, centralized authentication leads to better password policies. You can use group policies to enforce security configurations.
It will also make use of management tools and auditing tools much easier. Is a domain really less safe than tools to push out settings ? If your scripts are compromised, couldn't all the machines be hacked?
You may want to make a client domain that trusts your internal domain, but make sure your internal one doesn't trust the client domain..