Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Joining an existing Active Directory forest vs. creating a new one

SearchExchange.com expert Peter terSteeg helps an Exchange administrator assess the privacy and security implications of joining an existing U.S. Army Active Directory forest versus creating a separate one.

Our agency is trying to weigh the pros and cons of migrating to the U.S. Army Active Directory (AD) forest. We may try to justify becoming our own forest. We're concerned about privacy of records. Will the U.S. Army's AD administrator be able to view our agency's records if we join its forest?
If you are concerned about privacy and the absolute guarantee of security boundaries, I would consider implementing your own forest. Then you have absolute control, without the concern of the forest enterprise admins. If you need to limit their access into your domain -- assuming you stay a part of their implementation -- you should insist on a comprehensive auditing process to ensure that you maintain the security boundary you desire.

Do you have comments on this Ask the Expert Q&A? Let us know.

This was last published in June 2006

Dig Deeper on Exchange Server Deployment and Migration Advice

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.