1
00:00:06,430 --> 00:00:14,350
Organizations might sometimes require their ADT is designed to contain more than one forest.

2
00:00:14,350 --> 00:00:20,670
There are several reasons why one ideas forest might not be sufficient.

3
00:00:20,680 --> 00:00:23,610
Let's list all of these and requirements.

4
00:00:23,620 --> 00:00:26,920
The first one is security isolation requirements.

5
00:00:26,920 --> 00:00:34,720
If an organization requires administrative isolation between two or more parts of the organization it

6
00:00:34,720 --> 00:00:37,730
must deploy multiple ADT domains.

7
00:00:37,790 --> 00:00:46,600
Sorry forests government defense contractors and other organizations for whom the isolation of security

8
00:00:46,960 --> 00:00:50,220
is a requirement often deployed separately.

9
00:00:50,230 --> 00:00:59,950
It is forests in Windows Server 2016 and higher ed it is includes a new feature called privileged access

10
00:00:59,950 --> 00:01:09,910
management or Pam which uses a separate best in forest to isolate privileged accounts in order to protect

11
00:01:10,000 --> 00:01:12,760
against credential theft techniques.

12
00:01:12,760 --> 00:01:16,930
The next reason is incompatible schema requirements.

13
00:01:16,930 --> 00:01:25,810
Some organizations might require multiple forests because they require incompatible schemas or incompatible

14
00:01:25,810 --> 00:01:27,950
scheme change processes.

15
00:01:27,970 --> 00:01:30,930
All domains in a forest share or the schema.

16
00:01:30,970 --> 00:01:34,600
The next reason is multinational requirements.

17
00:01:34,600 --> 00:01:42,610
Some countries or regions have strict regulations regarding the ownership or management of enterprises

18
00:01:42,910 --> 00:01:44,910
within the country or region.

19
00:01:45,010 --> 00:01:53,230
Having a separate entity as forest might provide the administrative isolation that legislation requires.

20
00:01:53,230 --> 00:01:57,640
The next requirement is extra net security requirements.

21
00:01:57,640 --> 00:02:02,890
Some organizations deploy several servers in a perimeter network.

22
00:02:02,950 --> 00:02:12,100
These servers might need 80 days to authenticate user accounts or they might use ADT s to enforce policies

23
00:02:12,220 --> 00:02:21,700
on the servers in the perimeter network to ensure that the extra net ADT s is as secure as possible.

24
00:02:21,710 --> 00:02:28,600
Organization often configure a separate edit as forest in the perimeter network.

25
00:02:28,600 --> 00:02:34,290
Another requirement is business merger or divestiture requirements.

26
00:02:34,390 --> 00:02:42,640
Business mergers are among the most common reasons why organizations have multiple ideas domains.

27
00:02:42,640 --> 00:02:51,160
When organizations merge or one organization purchases in other they must evaluate the necessity of

28
00:02:51,160 --> 00:03:01,000
merging their ADT as forests merging ADT as forests provides benefits related to simplified collaboration

29
00:03:01,090 --> 00:03:02,500
and administration.

30
00:03:02,740 --> 00:03:09,460
However even the two different groups in their organizations are to be managed separately.

31
00:03:09,460 --> 00:03:17,770
And if there is little need for collaboration the expanse of merging two forests might not be worth

32
00:03:17,770 --> 00:03:18,280
it.

33
00:03:18,310 --> 00:03:27,070
In particular if there is a plan to sell one part of the company retaining the two organizations as

34
00:03:27,070 --> 00:03:31,660
separate forests is preferable as a best practice.

35
00:03:31,660 --> 00:03:36,360
Choose the simplest design that achieves the required goal.

36
00:03:36,460 --> 00:03:42,490
It is less expensive to implement and more straightforward to administer.