Looking for guidance here. I have 7 departments, each at different locations, that will be running a physical stack that include separate VxRail running NSX-T, and VIO. Initially the plan was for each department/location would run there own forest domain, but that has since changed and security is pushing for a single forest as well as that we need all users to authenticate across all of the locations. Two of the departments have already built their stack with the FQDN of their "department" forest domain. NSX-T and VIO don't have any dependency on the actual domain as they do not get joined. I also understand how to remove the vCenter/PSC from the domain, but that it is not supported to change the actual FQDN of the vCenter/PSC. I would like to understand what dependencies outside of DNS there are? If none, would there be any drawback to just hosting those department domain names in DNS zones in a new single forest domain so there would be no change to the FDQN of the vCenter/PSC? We do have two physical servers at each department that we could promote to domain controllers in the new single forest domain. Also, would I be able to add those vCenter/PSC's to the new domain and add it as an identity source for authentication?