?
Solved

What is Domain ; Tree and Forest?

Posted on 2010-08-28
5
Medium Priority
?
1,433 Views
Last Modified: 2012-05-10
Please share me some thoughts on how to explain to others what is a Domain ; Tree and Forest? in short

Please dont share any links
0
Comment
Question by:moonpavan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Accepted Solution

by:
netF earned 500 total points
ID: 33550485
Forests, trees, and domains

All objects inside a common directory database is known as a domain. Each domain stores information only about the objects that belong to that domain. A tree consists of a single domain or multiple domains in a contiguous namespace. A forest is a collection of Trees and represents the outermost boundary within which users, computers, groups, and other objects exist. The forest is the security boundary for Active Directory.

The Active Directory framework that holds the objects can be viewed at a number of levels. At the top of the structure is the forest.  A forest is a collection of multiple trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest, tree, and domain are the logical parts in an Active Directory network.

The Active Directory forest contains one or more transitive, trust-linked trees. A tree is a collection of one or more domains and domain trees in a contiguous namespace, again linked in a transitive trust hierarchy. Domains are identified by their DNS name structure, the namespace.

Source:
Wikipedia
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 33550945
It is also important to note that the forest is also the security boundary.  You may see old references to the domain listed as the security boundary but it is not.So you also would create different trees if you want different namespaces.   You can think of it as a "real forest" analogy and that can make it easier.You can have a forest filled with redwood trees.  You can also have a forest filled with redwood and evergreen trees.  Disntint trees (domains) yet in the same forest that share the common soil (schema)ThanksMike
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 500 total points
ID: 33550956
When you set up your first domain controller, then you are creating a forest, a tree and a domain. At this point your forest contains just a single tree and that tree has a single domain.

If you add a child domain to your first domain (eg you add sales.mydomain.lan to mydomain.lan) then you will have a tree of two domains in a single forest. Trees have what is called 'continguous name space' - that is to say the child domain is created by appending a prefix to the existing parent domain name to create a new domain.

A new tree can be created in a forest by using a completly different name (eg anotherdomain.lan)
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 500 total points
ID: 33552279
In few simply words:

Domain - contains users/groups/computers etc (generally objects)

Tree/Forest - contains domains

Tree -> uses root domain namespace for its own domain

(i.e. testenv.local is root domain and its child domains in tree are:

us.testenv.local
europe.testenv.local
pl.testenv.local

each of subdomain uses common root domain)

Forest -> collects different root domains

(i.e.

testenv.local
mycompany.local
abc.local

aso.

each forest can be extended by its own tree(s))
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 33552581
The DS Team posted this a few days ago. They ask for the purpose of forest and domains (sorry for this as it's off the authors topic, but it's funny)

http://blogs.technet.com/b/askds/archive/2010/08/26/why-ms-certification-helps-when-you-come-in-for-the-interview.aspx
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses
Course of the Month11 days, 17 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question