A. One of my clients recently asked me for the advantages of consolidating his company's multiple AD forests into one AD domain. His current setup included separate AD forests for each branch location. After giving it some thought, I came up with the following benefits.
Single foundation—Having a single directory service or Global Catalog (GC) means a single foundation for all other directory-aware services, including messaging and monitoring.
Single management infrastructure—Having a single management infrastructure means there is just one infrastructure for all other directory services tasks, such as software deployment, inventory, and object managment sharing and delegation (such as for user accounts).
Single Group Policy container (GPC)—With a single GPC, management polices need to be defined only once, and can be used throughout the entire enterprise without the need to manually export and import Group Policy Objects (GPOs).
Security—Having only one domain means better security through a single security policy and a single set of administrators. If you have multiple domains and forests, each has its own administrator. One weak but trusted domain exposes all the other forests and domains. With only a single domain, it's also far easier to enforce an organization-wide security policy.
Backup and recovery—Having only a single domain means better resiliency because every location has a full domain backup.
Less hardware—In an organization with multiple domains, every location needs two domain controllers (DCs). With a single domain, each location needs only a single DC because if the local DC fails, the locations can use hub DCs. Reduced hardware also means fewer licenses, less management software, and less overhead for server management. There's also no need to back up remote DCs because the remote DCs just hold the same information as the central DCs—assuming the DCs only perform directory services.
Faster deployment of company initiatives—Initiatives in an organization with just a single domain and shared account database solutions need only be deployed once, which means company-wide deployments are much faster than if the organization has multiple and separate domains.
I'm interested to hear from readers about other benefits I might not have considered.