Directory configuration and any data separation can be performed using data isolation . A singleforest was chosen because it is very cost-effective and requires the least amount of administrative support . For example , with only one forest , the global catalog does not require synchronization across forests and management of a duplicate infrastructure is not required . An organizational forest model will be used with user accounts and resources contained in the forest and managed independently . The forest will be used to provide service and data isolation . This has been chosen insteady of other models where resources and users are isolated in separate forests . Active Directory Domain : WTC will use an Organizational Domain Forest to provide autonomous groups within the forest as required . The New York office will have a separate domain from the Hong Kong office since it will be largely autonomous . In addition , a separate domain can be created to restrict access to confidential data . Since WWTC will have few IT personnel to care for dayto-day IT support activities in New York , the following functions will be maintained by forestlevel administration : Creating and removing domain controllers Monitoring the functioning of domain controllers Managing services that are running on domain controllers Backing up and restoring the directory Two domains will require that Group Policy settings as well as access control