Active Directory (AD) is an essential component of Microsoft Windows architecture. It is a directory service that allows organizations to centrally manage and share information about network resources and users while acting as the central authority for network security.
The Commonwealth of Pennsylvania has two AD implementation (forests):
The CWOPA forest is used for internal resources such as, but not limited to, employee security principles (user accounts), security and distribution groups, workstations, servers, Exchange servers, and all objects or services required to support standard desktop/laptop environments. Only intranet accounts will be granted access to this forest and its resources, which are assigned only to commonwealth employees and contractors under the Governor's jurisdiction. The CWOPA internal forest is comprised of two domains; the AD placeholder domain is Part.Root and the accounts and messaging domain is PA.LCL.
The APPS forest is used for line-of-business and portal applications for Managed Services, Managed Services Lite, or Co-Location customers. It is also used for applications that require access by business partners, constituents, or any entity that is not under the Governor's jurisdiction. Intranet, extranet, and internet users may access resources in this forest. Extranet accounts are business partners and other commonwealth entities not under the Governor's jurisdiction. Internet users are self-managed, self-registered users who access the commonwealth web site for personal business, such as applications for campgrounds and other agency services. The APPS (external) forest is managed by Enterprise Data Center.