Sign in

    Windows 2000/2003: Multiple Forests Considerations White Paper

    This paper describes the conditions that warrant creating more than one Active Directory forest for a single enterprise, including security, legal, pilot, and business mergers and divestitures.
    • Version:


      File Name:


      Date Published:


      File Size:

      533 KB

        Although the majority of small- and medium-sized organizations deploy a single Active Directory directory service forest to manage their Microsoft® Windows networks, deployment history demonstrates that a significant portion (approximately 30%) of large organizations find themselves in an environment that requires multiple Active Directory forests for the reasons listed below:
        • Service autonomy: The nature of the structure or operation requires full control of delivery of the directory service.
        • Service isolation: The nature of the structure or operation requires full protection from interference with delivery of the directory service.
        • Data isolation: Legal ramifications require full protection from interference with directory data.
        • Pilot deployments: These forest deployments provide a protected test environment in which to roll out production plans before upgrading the working infrastructure. Members of the pilot forest require interaction with the production forest.
        • Grass roots deployments: Certain departments in a larger company decide to deploy their own forest for development and testing reasons. Interaction is required between those forests and the primary network management infrastructure of the organization.
        • Mergers and acquisitions: Companies that have separate Active Directory deployments and are merged or acquired by other companies must determine how these two deployments will interact and whether they will remain separate or be subsumed into a single network management infrastructure.
        • Divestitures: When a segment of a large organization spins off into a separate company and deploys its own management infrastructure, the parent and child companies must determine what level of interaction is desired between the two forests, and for how long.
    • Supported Operating System

      Windows 2000, Windows Server 2003

        • Microsoft Word or Word Viewer
        1. Click the Download link to start the download.
        2. Do one of the following:
          • To start the installation immediately, click Open or Run this program from its current location.
          • To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
    • Additional Information
        This guide presents an overview of the effort and infrastructure that might be required to enable collaboration among multiple Active Directory forests.

        Summary: This guide provides information about the features that can be deployed across forests and the effects on total cost of ownership of deploying each feature. The main topics are: Multiforest Deployments, Additional Costs of Deploying Multiple Forests, and Additional Configuration for Cross-Forest Functionality.