1 00:00:06,420 --> 00:00:12,180 Many organizations can function adequately with a single ADT as domain. 2 00:00:12,480 --> 00:00:21,630 However some organizations have requirements that necessitate the deployment of multiple domains. 3 00:00:21,630 --> 00:00:29,310 These requirements can include domain replication requirements in some cases organizations have several 4 00:00:29,310 --> 00:00:38,850 large offices that are connected by slow or unreliable white area networks the network connections might 5 00:00:38,850 --> 00:00:47,170 not have enough bandwidth to support a tedious replication of the domain partition in such cases installing 6 00:00:47,190 --> 00:00:52,680 a separate Active Directory Domain in each office might be better. 7 00:00:52,680 --> 00:00:56,870 Another requirement is DNS namespace requirement. 8 00:00:56,970 --> 00:01:04,500 Some organizations require more than one DNS namespace in an 80 days forest. 9 00:01:04,500 --> 00:01:13,620 Typically this is the case when one company requires another company or merges with another organization 10 00:01:13,950 --> 00:01:20,920 and preserving the domain names from the existing in wire amount is necessary. 11 00:01:20,940 --> 00:01:29,910 It is possible to provide multiple user principal names for users in a single domain but many organizations 12 00:01:29,910 --> 00:01:34,110 choose to deploy multiple domains in this scenario. 13 00:01:34,170 --> 00:01:42,430 Please know that deploying separate domains provide administrative autonomy but not administrative isolation. 14 00:01:42,450 --> 00:01:48,570 The only way to ensure administrative isolation is to deploy a separate forest. 15 00:01:48,570 --> 00:01:54,570 Another requirement can be forest administrative group security requirements. 16 00:01:54,570 --> 00:02:00,740 Some organizations might choose to deploy a dedicated or empty road domain. 17 00:02:00,750 --> 00:02:07,110 This is a demand that doesn't have any user accounts other than the default forest route. 18 00:02:07,110 --> 00:02:14,700 Domain accounts they aided is forest through domain has two groups the schema Edmonds group and the 19 00:02:15,000 --> 00:02:20,170 enterprise admins group that do not exist in any other domain. 20 00:02:20,250 --> 00:02:27,790 In the ADA the US Forest because these groups have far reaching rights in an 80 year forest. 21 00:02:27,840 --> 00:02:36,390 You might decide to restrict the use of these groups by using only the ADA the US Forest route domain 22 00:02:36,810 --> 00:02:38,100 to store them. 23 00:02:38,100 --> 00:02:42,240 Another requirement is reserved domain requirements. 24 00:02:42,240 --> 00:02:47,820 Some organizations deploy resource demands to deploy specific applications. 25 00:02:47,820 --> 00:02:55,770 With this deployment all user accounts are in one domain whereas application servers and application 26 00:02:55,770 --> 00:03:00,270 administration accounts are deployed in a separate domain. 27 00:03:00,270 --> 00:03:07,860 This enables application administrators to have complete domain administrative permissions in the resource 28 00:03:07,860 --> 00:03:16,270 domain without enabling any permissions in the demand that contains the regular user records. 29 00:03:16,290 --> 00:03:22,230 And last but not least distributed administration requirements. 30 00:03:22,230 --> 00:03:30,750 Organizations might have corporate security or political requirements to employ a distributed administration 31 00:03:30,750 --> 00:03:31,660 model. 32 00:03:31,680 --> 00:03:39,390 Organizations can achieve administrative autonomy by deploying a separate domain with this deployment 33 00:03:39,720 --> 00:03:48,540 domain administrators have complete control over their domains and of course always remember to choose 34 00:03:48,600 --> 00:03:53,470 the simplest design that achieves the required goal. 35 00:03:53,580 --> 00:03:58,910 It's less costly to implement and more straightforward to administer.