One common area of confusion when designing an Active Directory forest is
this: you do not need to deploy two separate forests solely to support two portions
of a network that require separate namespaces. Each Active Directory
domain requires a contiguous namespace, which means that the naming
conventions of any child domains need to look like this:
Each of these child domains shares a contiguous namespace with the root domain, company.com. However, you can have a separate domain tree within the same forest that does not belong to the same namespace. So you could have a second domain tree within the same forest, with domain names
In this case, you have a single Active Directory forest that contains two domain trees: the company.com domain tree and the airplanes.com domain
tree. Even though the two domain trees do not share a namespace, they can still belong to the same forest.
This will allow them to share the same schema, Global Catalogs, and directory configuration. (The argument against multiple domain trees is that, because the two domain trees are part of the same forest,
they do not have the same level of isolation that multiple forests would create.)
So when you are planning your Active Directory network, be sure that you are not deploying multiple forests in a situation where multiple domain trees would be more appropriate.