model will be used with user accounts and resources contained in the forest and managed independently . The forest will be used to provide service and data isolation . This has been chosen insteady of other models where resources and users are isolated in separate forests . Active Directory Domain : WTC will use an Organizational Domain Forest to provide autonomous groups within the forest as required . The New York office will have a separate domain from the Hong Kong office since it will be largely autonomous . In addition , a separate domain can be created to restrict access to confidential data . Since WWTC will have few IT personnel to care for dayto-day IT support activities in New York , the following functions will be maintained by forestlevel administration : Creating and removing domain controllers Monitoring the functioning of domain controllers Managing services that are running on domain controllers Backing up and restoring the directory Two domains will require that Group Policy settings as well as access control / auditing settings ( required forest-wide ) are implemented separately to each domain in the forest . This setup is considered a regional domain configuration and will reduce traffic over wide area network ( WAN ) links . While service administration will be carefully controlled at the Hong Kong office , the following functions will be maintained within the New York office : Creating organizational units ( OUs ) and delegating administration Repairing problems in the OU structure that OU owners do not have sufficient access rights to fix Instead of creating a separate forest root domain , the New York office function as the forest root domain . It will be a parent domain to the other offices .