The forest is the largest management unit of Active Directory as well as the ultimate unit of autonomy and isolation of authority. Active Directory design begins with answering the question, “How many forests will my organization require?” The answer to this question is based on security considerations for autonomy and isolation of authority. Characteristics of forests and security considerations that can affect your design include the following:
Enterprise administration boundaries and isolation of authority
Default permissions and schema control
Global Catalog boundaries
Domain trust requirements
Domain controller isolation
The forest ...