Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Joining an existing Active Directory forest vs. creating a new one

SearchExchange.com expert Peter terSteeg helps an Exchange administrator assess the privacy and security implications of joining an existing U.S. Army Active Directory forest versus creating a separate one.

Our agency is trying to weigh the pros and cons of migrating to the U.S. Army Active Directory (AD) forest. We may try to justify becoming our own forest. We're concerned about privacy of records. Will the U.S. Army's AD administrator be able to view our agency's records if we join its forest?
If you are concerned about privacy and the absolute guarantee of security boundaries, I would consider implementing your own forest. Then you have absolute control, without the concern of the forest enterprise admins. If you need to limit their access into your domain -- assuming you stay a part of their implementation -- you should insist on a comprehensive auditing process to ensure that you maintain the security boundary you desire.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from SearchExchange.com:

  • Expert Advice: Migrate Exchange 5.5 intact or install on new forest?
  • Expert Advice: Building an Exchange resource forest
  • Expert Advice: Synchronizing two Active Directory domains
  • Tip: Pros and cons of multiple Exchange Server organizations
  • Reference Center: Exchange Server and Active Directory tips and resources
  • Dig Deeper on Exchange Server setup and troubleshooting

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.