[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

What is Domain ; Tree and Forest?

Posted on 2010-08-28
5
Medium Priority
?
1,516 Views
Last Modified: 2012-05-10
Please share me some thoughts on how to explain to others what is a Domain ; Tree and Forest? in short

Please dont share any links
0
Comment
Question by:moonpavan
5 Comments
 
LVL 4

Accepted Solution

by:
netF earned 500 total points
ID: 33550485
Forests, trees, and domains

All objects inside a common directory database is known as a domain. Each domain stores information only about the objects that belong to that domain. A tree consists of a single domain or multiple domains in a contiguous namespace. A forest is a collection of Trees and represents the outermost boundary within which users, computers, groups, and other objects exist. The forest is the security boundary for Active Directory.

The Active Directory framework that holds the objects can be viewed at a number of levels. At the top of the structure is the forest.  A forest is a collection of multiple trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest, tree, and domain are the logical parts in an Active Directory network.

The Active Directory forest contains one or more transitive, trust-linked trees. A tree is a collection of one or more domains and domain trees in a contiguous namespace, again linked in a transitive trust hierarchy. Domains are identified by their DNS name structure, the namespace.

Source:
Wikipedia
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 33550945
It is also important to note that the forest is also the security boundary.  You may see old references to the domain listed as the security boundary but it is not.So you also would create different trees if you want different namespaces.   You can think of it as a "real forest" analogy and that can make it easier.You can have a forest filled with redwood trees.  You can also have a forest filled with redwood and evergreen trees.  Disntint trees (domains) yet in the same forest that share the common soil (schema)ThanksMike
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 500 total points
ID: 33550956
When you set up your first domain controller, then you are creating a forest, a tree and a domain. At this point your forest contains just a single tree and that tree has a single domain.

If you add a child domain to your first domain (eg you add sales.mydomain.lan to mydomain.lan) then you will have a tree of two domains in a single forest. Trees have what is called 'continguous name space' - that is to say the child domain is created by appending a prefix to the existing parent domain name to create a new domain.

A new tree can be created in a forest by using a completly different name (eg anotherdomain.lan)
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 500 total points
ID: 33552279
In few simply words:

Domain - contains users/groups/computers etc (generally objects)

Tree/Forest - contains domains

Tree -> uses root domain namespace for its own domain

(i.e. testenv.local is root domain and its child domains in tree are:

us.testenv.local
europe.testenv.local
pl.testenv.local

each of subdomain uses common root domain)

Forest -> collects different root domains

(i.e.

testenv.local
mycompany.local
abc.local

aso.

each forest can be extended by its own tree(s))
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33552581
The DS Team posted this a few days ago. They ask for the purpose of forest and domains (sorry for this as it's off the authors topic, but it's funny)

http://blogs.technet.com/b/askds/archive/2010/08/26/why-ms-certification-helps-when-you-come-in-for-the-interview.aspx
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question