Planning Forest Root Domain Controller Placement

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Forest root domain controllers are needed to create trust paths for clients that need to access resources in domains other than their own. Place forest root domain controllers at locations that host datacenters and in hub locations. If users in a given location need to access resources from other domains in the same location, and the network availability between the datacenter and the user location is unreliable, then you can either add a forest root domain controller in the location or create a shortcut trust between the two domains. It is more cost efficient to create a shortcut trust between the domains unless you have other reasons to place a forest root domain controller in that location.

Shortcut trusts help to optimize authentication requests made from users located in either domain. For more information about how to create shortcut trusts between domains, see "Create a shortcut trust" in Help and Support Center for Windows Server 2003.

For a worksheet to assist you in documenting your forest root domain controller placement, see "Domain Controller Placement" (DSSTOPO_4.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Domain Controller Placement" on the Web at https://www.microsoft.com/reskit). For an example of a completed Domain Controller Placement worksheet, see "Example: Determining Domain Controller Placement" later in this chapter.

You need to refer to this information when you create the forest root domain. For more information about deploying the forest root domain, see "Deploying the Windows Server 2003 Forest Root Domain" in this book.