Answers

Question and Answer:

  Home  Active Directory

⟩ What is Empty Root Domain?

The "empty root domain" is an AD design element that has become increasingly popular at organizations with decentralized IT authority such as universities.

The empty root domain acts as a placeholder for the root of Active Directory, and does not typically contain any users or resources that are not required to fulfill this roll [sic]. [...] Only those privileges that have tree or forest-wide scope are restricted to the empty root domain administrators. Departmental administrators can work independently of other departments.

This politically neutral root domain provides a central source of authority and policy enforcement, and provides a single schema and global catalog that allows users to find resources anywhere in the university/district/state system. Individual IT departments retain a significant degree of independence and can control their own users and resources without having to worry that actions by administrators in other departments will disrupt their domain.

 271 views

More Questions for you: