Trong Chương 1, "Cài đặt", bạn đã học được rằng Active Directory Domain Services (AD DS) cung cấp nền tảng cho một bản sắc và giải pháp quản lý truy cập, và bạn khám phá sự sáng tạo của một cơ sở hạ tầng AD DS đơn giản bao gồm một khu rừng duy nhất và một miền duy nhất . | Chapter 12 Domains and Forests In Chapter 1 Installation you learned that Active Directory Domain Services AD DS provides the foundation for an identity and access management solution and you explored the creation of a simple AD DS infrastructure consisting of a single forest and a single domain. In subsequent chapters you mastered the details of managing an AD DS environment. Now you are ready to return to the highest level of an AD DS infrastructure and consider the model and functionality of your domains and forests. In this chapter you will learn how to raise the domain and forest functionality levels within your environment how to design the optimal AD DS infrastructure for your enterprise how to migrate objects between domains and forests and how to enable authentication and resource access across multiple domains and forests. Exam objectives in this chapter Configuring the Active Directory Infrastructure Configure a forest or a domain. Configure trusts. Lessons in this chapter Lesson 1 Understanding Domain and Forest Functional Lesson 2 Managing Multiple Domains and Trust Before You Begin To complete the practices in this chapter you must have created two domain controllers named SERVER01 and SERVER02 in a domain named . See Chapter 1 and Chapter 10 Domain Controllers for detailed steps for this task. 555 556 Chapter 12 Domains and Forests Real World Dan Holme In some organizations there is a perception that domain controllers should be the last systems to be upgraded. My experience however has been that domain controllers DCs should be among the first systems that you should upgrade after testing the upgrade in a lab of course . Domain controllers are the cornerstone of identity and access management in your enterprise AD DS forest. Because of that you should ensure that wherever possible DCs are dedicated-serving only the AD DS role and related core services such as DNS. If your DCs are dedicated the risk associated