Identifying Forest Design Requirements

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

In order to create a forest design for your organization, you must identify the business requirements that your directory structure needs to accommodate. This involves determining how much autonomy the groups in your organization need to manage their network resources, and whether each group needs to isolate their resources on the network from other groups.

Active Directory enables you to design a directory infrastructure that accommodates multiple groups within an organization that have unique management requirements, and to achieve structural and operational independence between groups as needed.

Groups in your organization might have some of the following types of requirements:

  • Organizational structure requirements. Parts of an organization might participate in a shared infrastructure to save costs, but require the ability to operate independently from the rest of the organization. For example, a research group within a large organization might need to maintain control over all of their own research data.

  • Operational requirements. One part of an organization might place unique constraints on the directory service configuration, availability, or security, or use applications that place unique constraints on the directory. Examples are found in:

    • Military organizations.

    • Hosting scenarios.

    • Organizations that maintain a directory that is available both internally and externally (publicly accessible by users on the Internet).

  • Legal requirements. Some organizations have legal requirements to operate in a specific way, such as by restricting access to certain information as specified in a business contract. Failure to meet these requirements can result in loss of the contract and possibly legal action. These requirements commonly apply to the following types of organizations:

    • Financial institutions that need to maintain private client financial records.

    • Defense contractors that are working on classified military projects.

    • Government organizations that maintain top secret data.

Part of identifying your forest design requirements involves identifying the degree to which groups in your organization can trust the potential forest owners and their service administrators, and identifying the autonomy and isolation requirements for each group in your organization.