惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
U
Unit 42
F
Fortinet All Blogs
aimingoo的专栏
aimingoo的专栏
P
Proofpoint News Feed
F
Full Disclosure
月光博客
月光博客
Engineering at Meta
Engineering at Meta
博客园_首页
The Register - Security
The Register - Security
G
Google Developers Blog
The Cloudflare Blog
博客园 - Franky
K
Kaspersky official blog
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
C
Check Point Blog
NISL@THU
NISL@THU
AI
AI
D
DataBreaches.Net
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Stack Overflow Blog
Stack Overflow Blog
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
量子位
Vercel News
Vercel News
T
Tor Project blog
P
Privacy International News Feed
D
Docker
I
Intezer
L
LangChain Blog
P
Proofpoint News Feed
Security Latest
Security Latest
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
博客园 - 聂微东
AWS News Blog
AWS News Blog
Martin Fowler
Martin Fowler
P
Privacy & Cybersecurity Law Blog
V
V2EX
Last Week in AI
Last Week in AI
C
Cybersecurity and Infrastructure Security Agency CISA
The Hacker News
The Hacker News
T
Tenable Blog
Blog — PlanetScale
Blog — PlanetScale
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog

博客园 - johnny tu

Moving............. Tech.ED North America 2008 Launch! (June 10-13,2008) 开启硬件辅助虚拟化——Intel虚拟化之旅 Exchange, I know something you don't know Office Communicator 2007 with Polycom How To Create AD Users with PowerShell - johnny tu Damn it! Microsoft Newsletters @ China. About the Statement Of Work(SOW) Microsoft Product Support's Reporting Tools Customizing the OC 2.0 Client /part 01 The ROUTE of OCS Edge Server got ERROR About Windows 2008 "Data Execution Prevention" - johnny tu exchange2007+outlook2007,无法使用外出助理 打开exchange2007管理控制台时,提示没有读取服务器安全描述符的权限 Exchange 2007 被攻击 exchange 2007 CCR 的...MSDTC 问题???? 在Exchange2007中,如何批量建立用户邮箱 Exchange 2007 AcitveDirectory架构 智能邮件筛选疑问
What is the Placeholder Domain Model?
johnny tu · 2008-05-25 · via 博客园 - johnny tu

I make myself so perplexed, I met the New Word -- Placeholder Domain Model

Using a Placeholder Domain

The hay-buv.tld domain would be established as a placeholder domain, and the current HB-ACCT domain and HB-ACCT-ROW domain will be upgraded in place as children of the hay-buv.tld domain.

The placeholder domain offers an extra security benefit over a single domain, since the Enterprise Admins and Schema Admins group would exist only in the hay-buv.tld placeholder domain. Because this domain would have very few accounts, and very few domain administrators to keep track of, it would help alleviate the problem of domain administrators adding themselves into either of these groups, which have a lot of power over modifying the Active Directory structure.

Link:http://technet.microsoft.com/zh-cn/library/bb727131(en-us).aspx

Then I found it from <Windows Server 2003 Unleashed>, it is said:

05fig14The placeholder domain model, also known as the sterile parent domain model, deserves special mention because of its combination of a single namespace/multiple domain model and the peer-root model. Simply put, the placeholder domain model, shown in Figure 5.14, is composed of an unoccupied domain as the forest root, with multiple subdomains populated with user accounts and other objects.

There are two distinct advantages to this design. First, as with the peer-root model, the schema is separate from the user domains, thus limiting their exposure and helping to pro-tect the schema. Second, the namespace for the user accounts is consistent in the namespace, thus mitigating any potential political issues. In other words, because all users in all locations are at the same logical level in the domain structure, no one group will feel superior or inferior to another. This issue may seem trite, but the psychological nature of humans is finicky, and you may find that this design offers advantages for your organization.

Johnny tu.