Forest, Tress and Domains

The Active directory framework that holds the objects can be viewed at several levels. The forest, and domain are the logical divisions an Active Directory network.

Within a deployment, objects are grouped into domains. The object for a single domain is stored in a single database (which can be replicated). Domains are identified by their DNS name structure, the namespace.

A domain is defined as a logical group of network objects (computers, users, devices) that share the same Active Directory database.

A tree is a collection of one or more domains and domain trees in a contiguous namespace and is linked in a transitive trust hierarchy.

At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, groups, and other objects are accessible.