Abstract
Active Directory presents us with a wide selection of topology choices – forests that trust each other (or not) and domains that make them up, geographical distribution to sites with site links following the physical layout of the corporate WAN (sometimes they don’t, leading to less-than-optimal function of the directory environment and interesting troubleshooting sessions), custom DNS and application partitions with their own replication scopes, read-only domain controllers thrown into the mix, and thousands of individual settings that govern the replication and site coverage behavior of our AD organization. Topology is the one area of the entire engineering effort that probably has the smallest security implications, apart from the fact that the forest and not the domain is the true security boundary in AD. Yet topology is important – for the overall resilience and manageability of our identity infrastructure, and good manageability tends to go hand in hand with good security. It is also important in case of recovery from a catastrophic failure, be it due to a cyber incident or to more mundane causes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature
About this chapter
Cite this chapter
Smirnov, E. (2024). Engineering Topology. In: Building Modern Active Directory. Apress, Berkeley, CA. https://doi.org/10.1007/979-8-8688-0941-5_3
Download citation
DOI: https://doi.org/10.1007/979-8-8688-0941-5_3
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 979-8-8688-0940-8
Online ISBN: 979-8-8688-0941-5
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)