Multiple forests pros and cons – active directory planning windows server 2008 electricity storage association


Seeing multiple forests in a medium-sized business is not uncommon. One of my AD DS clients had about 2,000 people and six forests. They used one for production, one for development, two for extranet applications, and two for development that mimicked the extranet production forests. gas ark This was a good, secure design for them. Although not every organization will need to go to this extreme, I often recommend that you have a separate forest in which to test changes to AD DS and software interaction. Creating a secondary version of your production environment will allow you to test changes before they are implemented within your production environment. gas in babies home remedies Most companies that have a test environment have far fewer problems within their infrastructure than those that "shoot from the hip." We’ve all experienced how a service pack or hotfix has caused instability within a network.

I also like to recommend using a development forest if an organization has developers who need to test their software prior to implementing it within the production forest. gas in back and stomach Developers need their own forest if they require excess privileges or if they touch AD DS. Often developers think they need Domain Admin access and a domain controller under their desk. It is never a good idea to give anyone this much power over your forest. t gas terengganu As I mentioned in the "Schema" section earlier, changes to the schema are not easily undone. Although AD DS in Windows Server 2003 and 2008 is a great deal friendlier than prior versions when it comes to modifying the schema, you should never make any changes without first testing the implementation to determine the ramifications.

I always recommend that developers do their work in a separate forest or, if possible, on virtual-machine technology. Running a virtual system on an existing system is an easy way to mimic the production environment. The drawback is that the computer on which you are running the virtual system needs enough horsepower to run multiple operating systems at the same time. gas bijoux soho Two premier virtual system software applications are available for free. Microsoft’s Virtual Server 2005 R2 is available at and EMC’s VMWare Server is available at

I also briefly mentioned a forest used for extranet applications. This is one area in which you will need to determine the level of security you require for users who access your infrastructure across the Internet. Some organizations will implement for their perimeter network a completely separate forest from the one they use within their internal network. ortega y gasset obras completas This adds an additional layer of security to your design. If you were to use the same forest in both locations, you could run the risk of exposing information about your internal network if someone were to hack into your perimeter network. electricity for refrigeration heating and air conditioning answer key There are other options available, depending on the level of access you need to grant to the external users. In later chapters I will discuss Active Directory Federation Services (AD FS) and Active Directory Lightweight Directory Services ( AD LDS).

Figure 3.4 is a flowchart that will assist you in making decisions for your forest design. gas zeta costa rica Within this flowchart, take into account isolation and autonomy needs, and choose the best forest design based on the needs of the organization. Table 3.1 shows the advantages and disadvantages of using a single forest. Table 3.2 compares the multiple-forest pros and cons.