Designing Forests for Active Directory Security
The forest is the largest management unit of Active Directory as well as the ultimate unit of autonomy and isolation of authority. Active Directory design begins with answering the question, “How many forests will my organization require?” The answer to this question is based on security considerations for autonomy and isolation of authority. Characteristics of forests and security considerations that can affect your design include the following:
Enterprise administration boundaries and isolation of authority
Default permissions and schema control
Global Catalog boundaries
Domain trust requirements
Domain controller isolation
Enterprise Administration Boundaries and Isolation of Authority
The forest ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.