DistributedNetworks DistributedNetworks

Active Directory  «Prev  Next»

Create a Root Domain in Active Directory

Steps required to create a Root Domain in Active Directory

The steps in the simulation are as follows:
  1. Select the button necessary to create a new domain. Click Next.
  2. Opt to create a new domain tree. Click Next.
  3. Opt to create a new forest of domain trees. Click Next.
  4. Specify the appropriate DNS name (Type: Mydomain.com)
  5. Continue.
  6. Keep or change the NetBIOS name and continue.
  7. Type in the correct locations for the database and log files. Continue.
  8. Specify the location of the shared system volume. Continue.
  9. Determine the kind of permissions you need. Then continue.
  10. Here is a summary of your selections. This completes the simulation. Click the Exit button.

Creating Multiple Domain Trees

One common area of confusion when designing an Active Directory forest is this: you do not need to deploy two separate forests solely to support two portions of a network that require separate namespaces. Each Active Directory domain requires a contiguous namespace, which means that the naming conventions of any child domains need to look like this:
  1. company.com
  2. east.company.com
  3. mktg.east.company.com
  4. west.company.com
  5. ad.west.company.com
Each of these child domains shares a contiguous namespace with the root domain, company.com. However, you can have a separate domain tree within the same forest that does not belong to the same namespace. So you could have a second domain tree within the same forest, with domain names as follows:
  1. airplanes.com
  2. finance.airplanes.com
  3. dev.airplanes.com
  4. research.airplanes.com
  5. sst.research.airplanes.com
In this case, you have a single Active Directory forest that contains two domain trees: the company.com domain tree and the airplanes.com domain tree. Even though the two domain trees do not share a namespace, they can still belong to the same forest. This will allow them to share the same schema, Global Catalogs, and directory configuration. (The argument against multiple domain trees is that, because the two domain trees are part of the same forest, they do not have the same level of isolation that multiple forests would create.) So when you are planning your Active Directory network, be sure that you are not deploying multiple forests in a situation where multiple domain trees would be more appropriate.