Identifying Potential Forest Owners

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Identify the groups within your organization that own and control the resources necessary to provide directory services to users on the network. These groups are considered potential forest owners.

The separation of service and data administration in Active Directory makes it possible for the infrastructure IT group or groups of an organization to manage the directory service, while local administrators in each group manage the data that belongs to their own groups. Potential forest owners have the required authority over the network infrastructure to deploy and support Active Directory.

For organizations that have one centralized infrastructure IT group, the IT group is generally the forest owner and therefore the potential forest owner for any future deployments. Organizations that include a number of independent infrastructure IT groups have a number of potential forest owners. If your organization already has an Active Directory infrastructure in place, then any current forest owners are also potential forest owners for new deployments.

Select one of the potential forest owners to act as the forest owner for each forest that you are considering for deployment. These potential forest owners are responsible for working with the design team to determine whether or not their forest will actually be deployed or if an alternate course of action, such as joining another existing forest, is a better use of the available resources and still meets their needs. The forest owner or owners in your organization are members of the Active Directory design team.