A. One of my clients recently asked me for the advantages of consolidating his company's multiple AD forests into one AD domain. His current setup included separate AD forests for each branch location. After giving it some thought, I came up with the following benefits.
Single foundation—Having a single directory service or Global Catalog (GC) means a single foundation for all other directory-aware services, including messaging and monitoring.
Single management infrastructure—Having a single management infrastructure means there is just one infrastructure for all other directory services tasks, such as software deployment, inventory, and object managment sharing and delegation (such as for user accounts).
Single Group Policy container (GPC)—With a single GPC, management polices need to be defined only once, and can be used throughout the entire enterprise without the need to manually export and import Group Policy Objects (GPOs).
Security—Having only one domain means better security through a single security policy and a single set of administrators. If you have multiple domains and forests, each has its own administrator. One weak but trusted domain exposes all the other forests and domains. With only a single domain, it's also far easier to enforce an organization-wide security policy.
Backup and recovery—Having only a single domain means better resiliency because every location has a full domain backup.
Less hardware—In an organization with multiple domains, every location needs two domain controllers (DCs). With a single domain, each location needs only a single DC because if the local DC fails, the locations can use hub DCs. Reduced hardware also means fewer licenses, less management software, and less overhead for server management. There's also no need to back up remote DCs because the remote DCs just hold the same information as the central DCs—assuming the DCs only perform directory services.
Faster deployment of company initiatives—Initiatives in an organization with just a single domain and shared account database solutions need only be deployed once, which means company-wide deployments are much faster than if the organization has multiple and separate domains.
I'm interested to hear from readers about other benefits I might not have considered.
In a single day you will learn to deploy Windows 7 and Windows 8.1 using System Center Configuration Manager 2012 R2 and MDT 2013. Johan Arwidmark guides you through the entire build process. You will learn about reference images, deployment of images, drivers injection, adding updates and applications and a great deal of real-world tips and tricks.
April 2014 - The architectural components related to Hyper-V networking in System Center Virtual Machine Manager 2012 R2 can be confusing. Walk through all the VMM networking architectural components and how to use them.