Even though this architecture is no longer recommended, there are still quite a lot of companies that either use it or implement it. This is almost the same design as the previous one, except that it includes an empty root domain. Basically, it implies that the root of your forest is empty, meaning that there will be no computer accounts and no user accounts other than the Enterprise Administrators located in this domain. Within AD, a domain is not a security boundary. A forest, however is, so a multi-forest architecture would provide more security. An empty root domain has good and not-so-good points. The point is that this is a fairly safe design, which still adds layers of security. The other domain under the root domain - the child domain-will contain all of the user and computer accounts. This setup is beneficial from a security perspective in that the Enterprise and Schema Administrators groups are isolated from the...
Active Directory Disaster Recovery
By :
Active Directory Disaster Recovery
By:
Overview of this book
Table of Contents (17 chapters)
Active Directory Disaster Recovery
Credits
About the Author
About the Reviewers
Preface
Free Chapter
An Overview of Active Directory Disaster Recovery
Active Directory Design Principles
Design and Implement a Disaster Recovery Plan for Your Organization
Strengthening AD to Increase Resilience
Active Directory Failure On a Single Domain Controller
Recovery of a Single Failed Domain Controller
Recovery of Lost or Deleted Users and Objects
Complete Active Directory Failure
Site AD Infrastructure Failure (Hardware)
Common Recovery Tools Explained
Sample Business Continuity Plan
Customer Reviews