In the restricted access forest model, a separate forest is created to isolate identities, and data must be separated from the other organization's data and identities. There is no trust created between the two forests, so identities in one forest will not be able to access the resources in another. To access the resources in each forest, we need to have separate user accounts. The Restricted access forest model provides data isolation:

In the preceding example, Rebeladmin Corp. is involved with a corporate divestiture process. For some of the assets, data and identities need to be isolated completely there. In order to do that, the company introduced Restricted access forest.

Once the forest structure, the number of forests, and the design model are finalized, the next step will be to design the domain structure.