Ask the Expert

Joining an existing Active Directory forest vs. creating a new one

Our agency is trying to weigh the pros and cons of migrating to the U.S. Army Active Directory (AD) forest. We may try to justify becoming our own forest. We're concerned about privacy of records. Will the U.S. Army's AD administrator be able to view our agency's records if we join its forest?

    Requires Free Membership to View

If you are concerned about privacy and the absolute guarantee of security boundaries, I would consider implementing your own forest. Then you have absolute control, without the concern of the forest enterprise admins. If you need to limit their access into your domain -- assuming you stay a part of their implementation -- you should insist on a comprehensive auditing process to ensure that you maintain the security boundary you desire.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from SearchExchange.com:

  • Expert Advice: Migrate Exchange 5.5 intact or install on new forest?
  • Expert Advice: Building an Exchange resource forest
  • Expert Advice: Synchronizing two Active Directory domains
  • Tip: Pros and cons of multiple Exchange Server organizations
  • Reference Center: Exchange Server and Active Directory tips and resources
  • This was first published in June 2006

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: