Chapter 2: Establishing Secure Active Directory Boundaries

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2

Active Directory provides an infrastructure that can support an organization’s need for isolation and autonomy, while enabling collaboration among people and organizations. IT planners must determine precisely their need for isolation, autonomy, and collaboration; understand the security implications of delegating administration; and be aware of the tradeoffs in a directory infrastructure.

The guidelines for making directory infrastructure decisions are overviewed in this chapter as a context for assessing security risks to Active Directory boundaries. However, complete Active Directory deployment information is not within the scope of this guide. For detailed planning, designing, and deployment information for Active Directory in Windows Server 2003, see “Designing the Active Directory Logical Structure” in Designing and Deploying Directory and Security Services of the Windows Server 2003 Deployment Kit (or see “Designing the Active Directory Logical Structure” on the Web at https://go.microsoft.com/fwlink/?LinkId=4723).