Summary

At this point, you should be familiar with the requirements for designing the forest structure. Starting with the service and data isolation and autonomy requirements, you can select the appropriate high-level design options. Although a lot of information is in this chapter, all of it needs to be addressed if you are going to design an efficient directory service structure. An inefficient design creates additional administrative overhead and problems when the design is implemented.

Make sure you identify who the data and service administrators are and where they need to be granted rights and permissions. Once you have determined who the administrators are and what level of control they need within the Active Directory design, determining the number of forests should be easy.

Once you have decided upon the number of forests you need to develop the root domain, domain names , and trust relationships. When developing the Active Directory infrastructure, the primary rule is to start out simple and add complexity only if it is absolutely required. The more complexity added to the design, the more administrative overhead you have when you go to implement and use the directory service.

In the next chapter, we are going to discuss the domain structure within our design. We ll compare the benefits of using a single domain to using multiple domains. Depending on the administration model you are using, you may be forced to have more than one domain. Other factors, such as the security policies, will also affect the design. But remember the forest design rules, they will show up again when designing domains.