There are few situations when client has only one AD environment which they want to use for Sandbox as well as Production. So In this sort of scenario we should follow below mentioned approach :-
- We should have 2 instances of IQ Service installed on the AD Server.
- We should definitely have two separate service account for AD domains.
- One service account will be used to install and register one instance of IQ Service and should only have access to provision to a single Test OU(sandbox testing).
- Other service account will be used to install and register another instance of IQ Service and will have access to provision to multiple OU or domain for production. Just as a safety precaution.
