You might choose a multi-forest architecture for several reasons, including organizational,operational, or regulatory requirements. For example, part of an organization may need to implement certain constraints on the security of the forest that don’t apply to all areas of the organization.
An important concept in forest design is the scope of authority for the service administrator.By participating in an Active Directory forest, the forest owner and thereby the service administrators have control of and access to all data within the forest.
The logical structure of Active Directory enables you to have either autonomy or isolation.
An autonomous structure has control of resources, but others at a higher level may also have control. Two types of autonomy exist: service and data.
Service autonomy means that individual control is exerted over service management, in whole or in part. Data autonomy means control over the data in the directory, in whole or in part, although it can also mean control over all or part of member computers.
An isolation scenario grants exclusive control over a resource, with no higher-power authorities involved in the resource’s management. Like with the autonomy scenario, you can use isolation for both service and data isolation. Service isolation means that no other authority or administrators have control over services, whereas data isolation means that no other authority or administrators can control or even view data in the directory, including member computers.
---------------
NOTE: AUTONOMY VERSUS ISOLATION
Autonomy is a less expensive scenario to implement than isolation.
---------------
Choosing the logical structure is an important step in designing an Active Directory solution and dictates whether the design will include multiple forests. For example, in a scenario requiring isolation, multiple forests will be needed because that’s the only way to limit control over AD DS resources.
Table 4-1 lists the three forest design models. An organization will likely use a combination of these models.
TABLE 4-1 Forest design models
-----------------
Note: MORE INFO MULTIPLE FORESTS
See w for additional considerations for multiple forests. Even though this document contains information on previous Windows versions, the concepts are still the same; this document was also cross-referenced from some of the Windows Server 2012 documentation.
------------------
