Active Directory, 5th Edition by Brian Desmond, Joe Richards, Robbie Allen, Alistair G. Lowe-Norris

The emphasis of this chapter is on planning the structure of your Active Directory installation. Specifically, we will look at the forest and domain tree layout as well as the organizational unit (OU) structure. While it was extremely common (and often necessary) to design a forest with numerous domains when Windows 2000 came about, that need has largely dissipated. We’ll explore how you can reduce the number of domains that you require for Active Directory while gaining administrative control over sections of the Active Directory domain namespace using organizational units. The purpose of this chapter is to help you create a domain namespace design. That includes all the domains you will need, the forest and domain-tree hierarchies, and the contents of those domains in terms of organizational units and even users, computers, and groups.

When designing a forest, remember that there are often multiple good answers to forest design for any given company. There is no “best” design for all situations. Microsoft has provided great flexibility in what can be done, which can turn around and bite you with indecision about how you should implement AD. It isn’t unusual for two engineers to have two very different designs for the same company that are both good for completely different reasons. Simply document all recommended designs and let the decision makers decide together which one will be the best for long-term operations. Overall, ...