Q

Joining an existing Active Directory forest vs. creating a new one

SearchExchange.com expert Peter terSteeg helps an Exchange administrator assess the privacy and security implications of joining an existing U.S. Army Active Directory forest versus creating a separate one.

This Content Component encountered an error
Our agency is trying to weigh the pros and cons of migrating to the U.S. Army Active Directory (AD) forest. We may try to justify becoming our own forest. We're concerned about privacy of records. Will the U.S. Army's AD administrator be able to view our agency's records if we join its forest?
If you are concerned about privacy and the absolute guarantee of security boundaries, I would consider implementing your own forest. Then you have absolute control, without the concern of the forest enterprise admins. If you need to limit their access into your domain -- assuming you stay a part of their implementation -- you should insist on a comprehensive auditing process to ensure that you maintain the security boundary you desire.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from SearchExchange.com:

  • Expert Advice: Migrate Exchange 5.5 intact or install on new forest?
  • Expert Advice: Building an Exchange resource forest
  • Expert Advice: Synchronizing two Active Directory domains
  • Tip: Pros and cons of multiple Exchange Server organizations
  • Reference Center: Exchange Server and Active Directory tips and resources
  • This was first published in June 2006

    Dig deeper on Exchange Server Deployment and Migration Advice

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchWindowsServer

    SearchEnterpriseDesktop

    SearchCloudComputing

    SearchSQLServer

    Close