• Main Menu
  • Tree and Forest in Active Directory


    The Domain is the core unit of logical structure in Active Directory. All objects that share a common directory database and trust relationship with other domain and security policies are known as Domains. Each domain stores information only about the objects that belong to that domain.

    All security polices and settings, such as administrative rights, security policies, and Access Control Lists (ACLs), do not cross from one domain to another. Thus, a domain administrator has full rights to set policies only within domain they belong to.

    Domains provide administrative boundaries for objects and manage security for shared resources and a replication unit for objects.

    A Tree

    Trees are collections of one or more domains that allow global resource sharing. A tree may consist of a single domain or multiple domains in a contiguous namespace. A domain added to a tree becomes a child of the tree root domain. The domain to which a child domain is attached is called a parent domain. A child domain can also have its multiple child domains. Child domain uses the name then its parent domain name and gets a unique Domain Name System (DNS).

    For example, if tech.com is the root domain, users can create one or more Child domains to tech.com such as north.tech.com and or south.tech.com. These “children” may also have child domains created under them, such as sales.north.tech.com.

    The domains in a tree have two way, Kerberos transitive trust relationships. A Kerberos transitive trust simply means that if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. Therefore, a domain joining a tree immediately has trust relationships established with every domain in the tree.

    Tree and Forest in Active Directory

    A Forest

    A forest is a collection of multiple trees that share a common global catalog, directory schema, logical structure, and directory configuration. Forest has automatic two way transitive trust relationships. The very first domain created in the forest is called the forest root domain.

    Forests allow organizations to group their divisions that use different naming schemes and may need to operate independently. But as an organization, they want to communicate with the entire organization via transitive trusts and share the same schema and configuration container.

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    21 comments
    1. calip

      3 September, 2013 at 2:22 pm

      Thanks a lot !!, I didn’t understand this concept even after going through technet and wikipedia

      Reply
    2. Abdulqader Kapadia

      14 March, 2013 at 3:22 am

      Sorry for the inconvenience. We have replaced the image with a cleaner and legible diagram.

      Reply
    3. Web User

      22 February, 2013 at 4:06 am

      Nice – disable right-clicking so the diagram of the forests and trees can’t be opened in another window where it might actually be legible. Well done.

      Reply
    4. saikumar

      21 May, 2012 at 2:24 am

      Its clearly understandable…. superb.

      Reply
      • shailesh

        6 October, 2012 at 12:12 pm

        it is very good understandable, pls add example

        Reply
    5. Abhinav

      1 April, 2012 at 8:31 am

      very well explained…

      Reply
    6. sandeep

      25 February, 2012 at 4:29 pm

      thanks a lot sir for given me such a great informatin……………..

      Reply
    7. Palash Bhattacharyya

      22 December, 2011 at 11:46 am

      Thanks it is very clear and understandable, But i would have appreciate if u could expain along with some example and diagram

      Thanks & Regards
      Palash (Desktop Engineer)

      Reply
    8. Rijvana

      17 September, 2011 at 4:57 am

      Thank   you  so much  for  giving  very useful  information.

      Reply
      • Rijvana

        17 September, 2011 at 5:02 am

        Thank you so much for giving very useful information.
         

        Reply
    9. anilk

      24 August, 2011 at 10:19 am

      great yaar. you made me understand.Thanking you.

      Reply
    10. vishu noty

      7 June, 2011 at 11:43 pm

      got my ans thnks mate 🙂

      Reply
    11. manu

      26 May, 2011 at 2:38 pm

      oh! ts great nd informative nw m confident tht i can gear to my next exams .. 🙂

      Reply
    12. Chandra Bose Sharma

      26 April, 2011 at 10:03 am

      great yaar. you made me understand.Thanking you.

      Reply
    13. Abuga

      14 April, 2011 at 7:33 am

      nice explanation made me understand Tree and Forest.thanks for this

      Reply
    14. Bala

      8 April, 2011 at 12:51 pm

      Grt information and its vry useful. Thnks a lot

      Reply
    15. Joel

      15 March, 2011 at 3:31 am

      Tree & Forest Defenision Very good, pl add Examples…

      Reply
    16. Srikant

      23 February, 2011 at 2:31 pm

      Hi…its very nice way of explaining the structure, however would be muh appreciated if the tree and forest architecture is explained and the scenario where it can be used would help us to improve our concepts..Anywayz thanks for such a useful post…Wouls like to see some more in future

      Thanks
      Srikant

      Reply
    17. mehedi

      15 February, 2011 at 4:30 am

      fantastic article but missing some example in the forest description……

      Reply
    Microsoft Active Directory
    } 265 queries in 0.914 seconds.