Designing Domains for Active Directory Security
After your organization decides whether to require more than one forest, you should design the domain structure for your organization. The forest is the ultimate security boundary in Active Directory. Domains, on the other hand, are limited security boundaries with respect to the autonomy of domain accounts and administration, although the forest root domain is a special case in domain security. As previously mentioned, the forest root domain is central to the forestwide Kerberos trusts and houses the enterprise administrative groups and accounts.
With the exception of the forest root domain, the Domain Admins security group has autonomous authority over all objects in the domain but has only user ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
