This topic discusses both types of single-forest models: those using a single domain, and those with multiple domains.
Single-Forest, Single-Domain Models
The single-forest, single-domain model shown in the following figure for shared and dedicated hosting environments are the recommended hosting solution for service providers.
Single-Forest, Multiple-Domains Model
Because the single-forest, multiple-domains model shares a single forest, the Active Directory components that map to forest boundaries are shared between all of the domains within the forest, as shown in the following figure. These are:
- Global catalog
- Schema
- Common configuration information
- Schema master and domain naming master FMSO roles
- Supports a company or reseller that requires changes to the
domain-wide policies set for passwords, account lockout, and
Kerberos ticket time-out settings.
- Requires more control of, and reduction in replication traffic
generated between, two geographically dispersed data centers that
have minimal bandwidth between them. However, if this is the only
reason, you may want to explore alternatives such as using Active
Directory sites and partitioning data centers into sites.
Active Directory sites enable you to schedule replication traffic to occur during off-peak hours. However, if you need different domain-wide policies per data center because of bandwidth constraints or domain-wide security requirements, then the multiple domain models would be required.