separate user forests does not need to be extended.
Figure 5. Central forest topology
Multiple Forests, Resource Forest
In a resource forest topology, one forest is dedicated to running server applications, such as Microsoft Exchange Server and Office Communications Server. The resource forest hosts the server applications and a synchronized representation of the active user object, but it does not contain logon-enabled user accounts. The resource forest acts as a shared services environment for the other forests where user objects reside. The user forests have a forest-level trust relationship with the resource forest. When you deploy Office Communications Server in this type of topology, you create one contact or disabled user object in the resource forest for every user account in the user forests. If Exchange Server is already deployed in the resource forest, the disabled user accounts might already exist. A directory synchronization product, such as MIIS, manages the life cycle of user accounts: When a new user account is created in one of the user forests or a user account is deleted from a forest, MIIS synchronizes the corresponding user representation in the resource forest. Before users can use Office Communications Server, the user accounts in the resource forest must be enabled for the Office Communications Server service.
This topology can be used to provide a shared infrastructure for services in organizations that manage multiple forests or to separate the administration of Active Directory objects from other administration. Companies that need to isolate Active Directory administration for security reasons often choose this topology.