Skip to main content

Microsoft Active Directory Tree & Forest







An Activity Directory is a product of Microsoft that runs on Server of Windows. It allows managing, accessing, and permissions for the network resources. The data is stored as an object in this directory and the object can be anyone such as user, files, shared folders, device, groups or an application. The categorization of these objects is done either by name or attribute.

An active directory can be found in most of the windows server operating system in the form of services and processes. The beginning of this directory was started with windows server 2001 and later on they became a part of various other directory-based identity-related services.

In the active directory, there is a domain which is the core unit in logical structure. All the objects that are named under common directory database, security policies and trust relationships with other domain are known as Domains. Each domain stores information only about the objects that belong to that domain.

All security polices and settings, such as administrative rights, security policies, and Access Control Lists (ACLs), do not cross from one domain to another. Thus, a domain administrator has full rights to set policies only within domain they belong to. Domains provide administrative boundaries for objects and manage security for shared resources and a replication unit for objects.

Thus, the active directory organizes all the information. Moreover, it allows the domain controller to perform authorization and authentication for users to access resources. An object is a physical entity of a network and there can be multiple objects in active directory. Tree and Forest are two such objects.

Tree

The tree can be defined as the collection of one or more domains that allow the sharing of resources globally.  It comprises of single domain or multiple domain in the contiguous namespaces. Whenever we add the domain in the tree it becomes the offspring of the tree root domain and the domain it is attached with becomes the parent domain. Parent domain name is utilized by the child domain and further gets the unique Domain Name System (DNS).

As an example, if abc.com is the root domain, users can create one or more Child domains to abc.com such as south.abc.com and or north.abc.com. Further, these “child” domains may also have sub-child domains that can be created under them, such as profit.south.abc.com.

The domains created in a tree has two way of relationship named as Kerberos transitive trust relationships. A Kerberos transitive trust simply means that if Domain 1 trusts Domain 2 and Domain 2 trusts Domain 3, then Domain 1 trusts Domain 3. Therefore, it implies that a domain joining a tree immediately has trust relationships established with every domain in the tree.

Forest

A Forest can be explained as a collection of multiple trees which is shared by the common global catalogue, logical structure, directory schema, and directory configuration. It comprises of in built two ways transitive trust relationships. The very first domain created in the forest is called the forest root domain.

If there are different naming schemes than the forest allows each organization to group their divisions and it may need to operate independently. But being as an organization, they want to communicate with the entire organization via transitive trusts and share the same schema and configuration container.

Conclusion

The main difference between Tree and Forest in Active Directory is that Tree is a collection of domains while forest is a set of trees in active directory. In brief, a tree is a collection of domains whereas a forest is a collection of trees.

Comments

Post a Comment

Popular posts from this blog

  Introduction This page is mostly foundation information. It's kinda boring but essential stuff that will help you to appreciate why and how certain things behave the way they do once we start playing about with the fun stuff (which I promise we'll do in the next section). Taking the time to read and understand the material in this section will make the other sections easier to digest so persevere and it'll be well worth your time. What are they exactly ? Think of a script for a play, or a movie, or a TV show. The script tells the actors what they should say and do. A script for a computer tells the computer what it should do or say. In the context of Bash scripts we are telling the Bash shell what it should do. Bash is a name of the UNIX shell, which was also distributed as the shell for the GNU operating system and as the default shell on most Linux distros. Nearly all examples below can be a part of a shell script or executed directly in the shell. #!/usr/bin/env bash...
Post a Comment
Read more

Jenkins- Connect EC2 instance using SSH credentials

Jenkins- Connect EC2 instance using SSH credentials In this video I am just showing you how to integrate EC2 with jenkins over SSH Connection In case you want full CI/CD Over Jenkins + Gitlab + Ec2 please comment and ask for that. I will provide you.
Post a Comment
Read more

How to setup AWS EC2 instance first Webserver install IIS | hindi/urdu |

  How to setup AWS EC2 instance first Webserver install IIS | hindi/urdu | AWS EC2 Webserver professional An EC2 instance is nothing but a virtual server in Amazon Web services terminology. It stands for Elastic Compute Cloud. It is a web service where an AWS subscriber can request and provision a compute server in AWS cloud. An on-demand EC2 instance is an offering from AWS where the subscriber/user can rent the virtual server per hour and use it to deploy his/her own applications. The instance will be charged per hour with different rates based on the type of the instance chosen. AWS provides multiple instance types for the respective business needs of the user. Thus, you can rent an instance based on your own CPU and memory requirements and use it as long as you want. You can terminate the instance when it’s no more used and save on costs. This is the most striking advantage of an on-demand instance- you can drastically save on your CAPEX. Login and access to AWS services Choo...
Post a Comment
Read more