檢測軍人森林設計需求Identifying Forest Design Requirements

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

若要建立您的組織的樹系設計,您必須找出您 directory 結構必須符合企業需求。To create a forest design for your organization, you must identify the business requirements that your directory structure needs to accommodate. 這牽涉到判斷多少自主性公司的需要以管理他們網路資源,需要隔離群組其他網路上的資源,就不會每個群組中的群組。This involves determining how much autonomy the groups in your organization need to manage their network resources and whether or not each group needs to isolate their resources on the network from other groups.

Active Directory Domain Services (AD DS) 可讓您設計可容納組織中的多個群組的唯一管理的需求 directory 基礎結構和達到結構和作業獨立之間所需的群組。Active Directory Domain Services (AD DS) enables you to design a directory infrastructure that accommodates multiple groups within an organization that have unique management requirements and to achieve structural and operational independence between groups as needed.

您在組織中的群組可能會有一些需求下列類型:Groups in your organization might have some of the following types of requirements:

  • 組織結構需求Organizational structure requirements. 部分的組織可能參與共用的基礎結構儲存費用,但需要從組織的其餘部分獨立運作的能力。Parts of an organization might participate in a shared infrastructure to save costs but require the ability to operate independently from the rest of the organization. 例如研究群組中大型的組織可能需要維護所有自己研究的資料控制。For example, a research group within a large organization might need to maintain control over all of their own research data.

  • 操作需求Operational requirements. 組織的一部分可能會將唯一限制 directory 服務設定、 可用性或安全性,或使用應用程式放在 directory 唯一限制。One part of an organization might place unique constraints on the directory service configuration, availability, or security, or use applications that place unique constraints on the directory. 例如,業務單位組織中的可能部署 directory 支援的應用程式修改 directory 架構不是由其他公司單位部署。For example, individual business units within an organization might deploy directory-enabled applications that modify the directory schema that are not deployed by other business units. 森林中的所有網域之間共用 directory 架構,因為建立多個樹系是一個方案針對此類案例。Because the directory schema is shared between all the domains in the forest, creating multiple forests is one solution for such a scenario. 在下列組織和案例中找到其他範例:Other examples are found in the following organizations and scenarios:

    • 廢棄組織Military organizations

    • 控管案例Hosting scenarios

    • 組織維護 directory 可內部和外部 (例如這些公開存取網際網路上的使用者)Organizations that maintain a directory that is available both internally and externally (such as those that are publicly accessible by users on the Internet)

  • 法律要求Legal requirements. 某些組織必須遵守法律規定特定的方式運作,例如限制存取特定企業合約中所指定的資訊。Some organizations have legal requirements to operate in a specific way, for example, restricting access to certain information as specified in a business contract. 某些組織有安全性需求,隔離內部網路上運作。Some organizations have security requirements to operate on isolated internal networks. 符合下列需求失敗可能會導致遺失的合約可能法律動作。Failure to meet these requirements can result in loss of the contract and possibly legal action.

確認您的樹系設計需求的包括找出您在組織中的群組的可以信任潛在的樹系擁有和他們服務系統管理員等級,並找出您在組織中的每個群組自主和獨立需求。Part of identifying your forest design requirements involves identifying the degree to which groups in your organization can trust the potential forest owners and their service administrators and identifying the autonomy and isolation requirements for each group in your organization.

設計團隊,必須文件服務,資料管理每個群組中的組織會使用 AD DS 隔離和自主需求。The design team must document the isolation and autonomy requirements for service and data administration for each group in the organization that intends to use AD DS. 小組也必須注意限制,可能會影響到 AD DS 部署連接的任何部分。The team must also note any areas of limited connectivity that might affect the deployment of AD DS.

設計團隊,必須文件服務,資料管理每個群組中的組織會使用 AD DS 隔離和自主需求。The design team must document the isolation and autonomy requirements for service and data administration for each group in the organization that intends to use AD DS. 小組也必須注意限制,可能會影響到 AD DS 部署連接的任何部分。The team must also note any areas of limited connectivity that might affect the deployment of AD DS. 協助您在擬您找出地區試算表,下載 Job_Aids_Designing_and_Deploying_Directory_and_Security_Services.zip 從工作協助工具的 Windows Server 2003 部署套件 (http://go.microsoft.com/fwlink/?LinkID=102558) 和開放 」 森林設計需求 」 (DSSLOGI_2.doc)。For a worksheet to assist you in documenting the regions you identified, download Job_Aids_Designing_and_Deploying_Directory_and_Security_Services.zip from Job Aids for Windows Server 2003 Deployment Kit (http://go.microsoft.com/fwlink/?LinkID=102558) and open "Forest Design Requirements" (DSSLOGI_2.doc).

在本區段中In this section