• Main Menu
  • Tree and Forest in Active Directory

    The Domain is the core unit of logical structure in Active Directory. All objects that share a common directory database and trust relationship with other domain and security policies are known as Domains. Each domain stores information only about the objects that belong to that domain.

    All security polices and settings, such as administrative rights, security policies, and Access Control Lists (ACLs), do not cross from one domain to another. Thus, a domain administrator has full rights to set policies only within domain they belong to.

    Domains provide administrative boundaries for objects and manage security for shared resources and a replication unit for objects.

    A Tree

    Trees are collections of one or more domains that allow global resource sharing. A tree may consist of a single domain or multiple domains in a contiguous namespace. A domain added to a tree becomes a child of the tree root domain. The domain to which a child domain is attached is called a parent domain. A child domain can also have its multiple child domains. Child domain uses the name then its parent domain name and gets a unique Domain Name System (DNS).

    For example, if tech.com is the root domain, users can create one or more Child domains to tech.com such as north.tech.com and or south.tech.com. These “children” may also have child domains created under them, such as sales.north.tech.com.

    The domains in a tree have two way, Kerberos transitive trust relationships. A Kerberos transitive trust simply means that if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. Therefore, a domain joining a tree immediately has trust relationships established with every domain in the tree.

    Tree and Forest in Active Directory

    A Forest

    A forest is a collection of multiple trees that share a common global catalog, directory schema, logical structure, and directory configuration. Forest has automatic two way transitive trust relationships. The very first domain created in the forest is called the forest root domain.

    Forests allow organizations to group their divisions that use different naming schemes and may need to operate independently. But as an organization, they want to communicate with the entire organization via transitive trusts and share the same schema and configuration container.

    Got Something To Say:

    Your email address will not be published. Required fields are marked *

    1. Mohammad Shaikh

      24 July, 2019 at 1:24 pm

      super explanation of Domain, tree, and forest really really thank you for this content it will helps me soo much

    2. calip

      3 September, 2013 at 2:22 pm

      Thanks a lot !!, I didn’t understand this concept even after going through technet and wikipedia

    3. Abdulqader Kapadia

      14 March, 2013 at 3:22 am

      Sorry for the inconvenience. We have replaced the image with a cleaner and legible diagram.

    4. Web User

      22 February, 2013 at 4:06 am

      Nice – disable right-clicking so the diagram of the forests and trees can’t be opened in another window where it might actually be legible. Well done.

    5. saikumar

      21 May, 2012 at 2:24 am

      Its clearly understandable…. superb.

      • shailesh

        6 October, 2012 at 12:12 pm

        it is very good understandable, pls add example

    6. Abhinav

      1 April, 2012 at 8:31 am

      very well explained…

    7. sandeep

      25 February, 2012 at 4:29 pm

      thanks a lot sir for given me such a great informatin……………..

    8. Palash Bhattacharyya

      22 December, 2011 at 11:46 am

      Thanks it is very clear and understandable, But i would have appreciate if u could expain along with some example and diagram

      Thanks & Regards
      Palash (Desktop Engineer)

    9. Rijvana

      17 September, 2011 at 4:57 am

      Thank   you  so much  for  giving  very useful  information.

      • Rijvana

        17 September, 2011 at 5:02 am

        Thank you so much for giving very useful information.

    10. anilk

      24 August, 2011 at 10:19 am

      great yaar. you made me understand.Thanking you.

    11. vishu noty

      7 June, 2011 at 11:43 pm

      got my ans thnks mate 🙂

    12. manu

      26 May, 2011 at 2:38 pm

      oh! ts great nd informative nw m confident tht i can gear to my next exams .. 🙂

    13. Chandra Bose Sharma

      26 April, 2011 at 10:03 am

      great yaar. you made me understand.Thanking you.

    14. Abuga

      14 April, 2011 at 7:33 am

      nice explanation made me understand Tree and Forest.thanks for this

    15. Bala

      8 April, 2011 at 12:51 pm

      Grt information and its vry useful. Thnks a lot

    16. Joel

      15 March, 2011 at 3:31 am

      Tree & Forest Defenision Very good, pl add Examples…

    17. Srikant

      23 February, 2011 at 2:31 pm

      Hi…its very nice way of explaining the structure, however would be muh appreciated if the tree and forest architecture is explained and the scenario where it can be used would help us to improve our concepts..Anywayz thanks for such a useful post…Wouls like to see some more in future


    18. mehedi

      15 February, 2011 at 4:30 am

      fantastic article but missing some example in the forest description……

    Microsoft Active Directory
    179 queries in 0.634 seconds.