Home > Active Directory > AD DS Forest Models

AD DS Forest Models

Continuing on the theory concept – let’s take a look at another kind of models regarding the AD DS design; Forest Models.

The following text and images are all copied from the Microsoft 70-647 2nd Edition Training Kit.

Organizational Forest Model

In the organizational forest model, user accounts and resources exist in the same forest and are managed separately. The organizational forest model is used to provide service autonomy, service isolation, or data isolation.

Use the organizational forest model when you need to provide exclusive or inclusive control of the AD DS infrastructure or when you need to prevent administrators from controlling or viewing a subset of data in the directory or on member computers joined to the directory.

The figure below illustrates the organizational forest model.

Organizational Forest Model

Resource Forest Model

In the resource forest model, a separate forest is used to manage resources. Resource forests do not contain user accounts other than those required for services. Forest trusts are established so that users from other forests can access the resources contained in the resource forest. Resource forests, illustrated in the figure below, provide service isolation.

Use the resource forest model when you need to provide exclusive control of the AD DS infrastructure.

Resource Forest Model

Restricted Access Forest Model

In the restricted access forest model, illustrated in the figure below, a separate forest is created to contain user accounts and data that must be isolated from the rest of the organization. Restricted access forests provide data isolation.

Use the restricted access forest model when you need to prevent administrators from controlling or viewing a subset of data in the directory or on member computers joined to the directory.

Restricted Forest Model

Categories: Active Directory
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 252 other followers

%d bloggers like this: