Microsoft® Windows® Security Resource Kit, Second Edition

Designing Forests for Active Directory Security

The forest is the largest management unit of Active Directory as well as the ultimate unit of autonomy and isolation of authority. Active Directory design begins with answering the question, “How many forests will my organization require?” The answer to this question is based on security considerations for autonomy and isolation of authority. Characteristics of forests and security considerations that can affect your design include the following:

Enterprise administration boundaries and isolation of authority
Default permissions and schema control
Global Catalog boundaries
Domain trust requirements
Domain controller isolation

Enterprise Administration Boundaries and Isolation of Authority

The forest ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team

Designing Forests for Active Directory Security

Enterprise Administration Boundaries and Isolation of Authority

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly