This topic discusses both types of single-forest models: those using a single domain, and those with multiple domains.

Single-Forest, Single-Domain Models

The single-forest, single-domain model shown in the following figure for shared and dedicated hosting environments are the recommended hosting solution for service providers.

Single-Forest, Multiple-Domains Model

Because the single-forest, multiple-domains model shares a single forest, the Active Directory components that map to forest boundaries are shared between all of the domains within the forest, as shown in the following figure. These are:

  • Global catalog
  • Schema
  • Common configuration information
  • Schema master and domain naming master FMSO roles

  • Supports a company or reseller that requires changes to the domain-wide policies set for passwords, account lockout, and Kerberos ticket time-out settings.
  • Requires more control of, and reduction in replication traffic generated between, two geographically dispersed data centers that have minimal bandwidth between them. However, if this is the only reason, you may want to explore alternatives such as using Active Directory sites and partitioning data centers into sites.
    Active Directory sites enable you to schedule replication traffic to occur during off-peak hours. However, if you need different domain-wide policies per data center because of bandwidth constraints or domain-wide security requirements, then the multiple domain models would be required.