Re: Active Domain Architecture in an Academic Environment

["Williams, Charles" <CWilliams () BEN EDU>]

If you use multiple forests and want to use Active Directory to authenticate for your applications, you will need to 
look at them very carefully.  Some applications will only query a single authoritative source for authentication.  Each 
forest is a single point of authority for these applications.  Thus it will take work or means to combine the forests 
for these applications to use AD for authentication.

--Randy

Charles R. Williams
Senior Director of Information Technology
Benedictine University
5700 College Road
Lisle, IL  60532
 
630-829-6025

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Feehan, 
Patrick
Sent: Tuesday, September 28, 2010 2:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Active Domain Architecture in an Academic Environment

In preparation for a migration from Novell, we are in the process of designing a new Active Directory domain structure. 
 Right now we have separate administrative (faculty and staff) and academic (classrooms and students) networks.  We are 
debating whether to have a single forest encompassing both networks (users and workstations) or a two-forest 
architecture with the functions split.  We would like to hear what other colleges have done.  Did you elect to 
implement one or two forests?  Why did you choose that solution?  In retrospect, was that the correct solution?  If 
not, why not?  Any information would be a great help.  Thanks.

Patrick J. Feehan JD, CIPP
Director of IT Privacy & Cybersecurity Compliance
Montgomery College
(240) 567-3087
patrick.feehan () montgomerycollege edu