Define the relationship between domain trees and forests.
Relationship between domain trees and Forests
As you expand upon and organize Active Directory, you will create trees and forests.
In Windows NT, the namespace was flat. Although NT domains could be configured to trust one another, each was a completely separate entity.
With Windows 2000, you can create a group of subdomains branching off from a root domain; these subdomains form a tree.
Subdomains are also called child domains, as they use the namespace of the root domains in which they reside.
For instance, if the root domain is named domain.com, a child domain created under it would be named something like child1.domain.com.
In organizing Active Directory, you may also want to join groups of domains together into a structure, called a forest
Forests are collections of root domains (they do not share a contiguous namespace). The root domain, the first domain that you create, contains the configuration
and schema for the forest. Additional domains are added to the root domain to form the tree structure or the forest structure, depending on the domain name requirements.
Domains within a forest share two-way transitive trust relationships and share a common schema and global catalog.
Question: What are trees and what are forests? Answer: Trees are a cohesive group of domains, known as subdomains or child domains, that grow from a root domain. All the domains within a tree share a contiguous namespace.
Forests are collections of root domains. They do not share a contiguous namespace.
Why create multiple domains?
There will be many occasions in which you will need to create additional domains. Multiple domains are useful when you are dealing with:
Different password requirements between organizations
Large numbers of objects
Different internet domain names
Better control of replication
Decentralized network administration
In order for you to decide whether to create multiple domains and how to use them to best effect, you need to have a clear understanding of the
relationship between trees and forests-known as a trust relationship .
The Slideshow below will explain to you the workings of the trust relationship.
Trees: A tree is a collection of domains that share a contiguous namespace.
Child domains: A domain located in the namespace tree directly under another domain name (the parent domain), which contains the name of the parent in its own name.
Example: sales.tacteam.net is a child domain of the tacteam.net parent domain.
Forests: Two or more domain trees which do not share a contiguous namespace can be joined in a forest.
Trust relationship: A logical relationship established between domains that allows pass-through authentication, providing for users in a trusted domain to access resources in a trusting domain,
without having a user account in the trusting domain.