The network management process itself needs to be secured as part of your security design to prevent malicious users from employing administrative tools to gain access to your network.
Restrict use of administrative credentials on your network as much as possible through workstation restrictions, mandating the use of the RunAs function, and creating a second everyday use account for your administrative staff.
Be sure that any administrative tools that are not authorized for use on your network are disabled, especially the Telnet service and the ability for lower-level administrators to create their own MMC consoles.
Software Update Service (SUS) can act as an internal Windows Update solution for your Windows 2000, Windows XP, and Windows Server 2003 family computers.
Use the Microsoft Baseline Security Analyzer (MBSA) to identify any machines on your network that are not at the most current patch level.
Use Group Policy Software Installation settings to create more granular control over who receives software patches and updates and to manually update machines quickly if a critical patch is released.
Base your decision to create multiple domains within a single forest on whether you need to maintain a separate security boundary or Active Directory schema for either organization or business units. Use multiple domains or OUs to delegate some administrative responsibility while still maintaining a centrally administered network. If you need to maintain two discrete entities in terms of security and network management, multiple forests are the way to go.
Raising the domain or forest functional level allows you to implement security and administrative improvements, but it will not allow any Windows NT 4.0 or 2000 controllers to participate in the domain. Youll need to either upgrade all down-level controllers on your network or else demote them to standalone server status.
By default, Windows Server 2003 creates a two-way transitive trust relationship between all domains within a domain and between all domains in two forests that are linked by a two-way forest trust.