DistributedNetworks DistributedNetworks

Active Directory  «Prev 

OUs and the single domain model

Because an Active Directory domain can contain millions of objects, many companies will be able to convert from a multiple domain model to a single domain model, which simplifies management that must take place at the domain level, such as some security technologies. You can combine domain resources in OUs in an organization that best suits your company's requirements, rather than creating and administering multiple domains. You can easily move objects between OUs within the domain, nest OUs within each other, and create new OUs as the need arises.

A single domain model is the easiest to administer and the least expensive to maintain. It consists of a forest that contains a single domain. This domain is the forest root domain and it contains all of the user and group accounts in the forest.
  1. A single domain forest model reduces administrative complexity by providing the following advantages:
  2. Any domain controller can authenticate any user in the forest.
All domain controllers can be global catalogs; therefore, you do not need to plan for global catalog server placement.
In a single domain forest, all directory data is replicated to all geographic locations that host domain controllers. While this model is the easiest to manage, it also creates the most replication traffic of the two domain models. Partitioning the directory into multiple domains limits the replication of objects to specific geographic regions but results in more administrative overhead.