Hello I am DeLoyal , your IT consultant. In regards to your scenario in designing a new Active Directory Forest, let me first go over what needs to be considered. There are five roles to be considered which are: * Schema master - Forest-wide and one per forest. * Domain naming master - Forest-wide and one per forest. * RID master - Domain-specific and one for each domain. * PDC - PDC Emulator is domain-specific and one for each domain. * Infrastructure master - Domain-specific and one for each domain.
I would need these questions answered to proceed: 1. Do you have a domain name to use? 2. How many forests and what would they be named? 3. Is there 1 or more company locations? 4. How many Organization Units will there be? Names? 5. How do you want the DNS infrastructure and security strategies to be created?
Windows Server 2003 supports the Active Directory containers of forest, domain, site, and organizational unit (OU). So the only real restriction of one forest per namespace, you can deploy as many domains, sites, and OUs as you deem necessary. Remember the key to Active Directory is simplicity. Try to keep the number of domains to a minimum whenever possible. If you really need department level divisions on your network that reflect the organization of your business, then use OUs instead. OUs are much more flexible and easier overall to manage than domains. Remember that it is not necessary to create separate domains to divide administrative privileges. It is possible to delegate administrative privileges based on organizational units, within Active Directory. (Active Directory Planning and Design Guide, 2005)

Here are some guidelines when deciding which OUs will be created: * Keep the OU structure as simple as possible * Do not nest OUs more than 10 layers deep * Keep the number of OUs to a minimum…...

