Is Your Forest Burning?
Network World, Daniel Blum:
Is Your Forest Burning?
Over time, Microsoft has backed away from the single-forest concept, finally publishing this past winter a white paper disclosing that service administrators in one domain can’t be isolated from other domains in the forest. Since then, Microsoft has done a security-threat analysis. It determined that a serious hacker’s goal is to gain physical access to a domain controller, or network access to a service administrator account.
Microsoft also has been doing disaster planning. Recently, it wiped out the domain controllers on its entire development group forest, which serves thousands of users, and tested the procedures necessary to bring it back online. And at Microsoft’s recent TechEd conference, a speaker went so far as to advise large companies that “if you don’t have a single CIO, you shouldn’t have a single forest.”
