Active Directory 2008

What is a forest?

A Forest is the largest container in Active Directory it is a collection of domain trees, which do not have contiguous namespace (as in figure 1). So they do not have to belong to the same Domain tree.

So let’s say there is a company called which has several departments one of those being sales. If this company had merged with another company called it would be a good idea if they could merge there data so that users from both of the sales departments could logon from either of the 2 company’s and access all data related to sales. To achieve this we create a Forest. The Forest enables us to merge Domain trees, which enables users that have been given access to logon from both sites and access the same data. Regardless of what company building they are at. This would make the company data more accessible for users.



Example of a Domain Tree                                                                          


When Windows server 2008 is part of a network the earliest Forest functional level Domain controller we can use is Windows 2000. This is because Windows Server 2008 does not support Windows NT. There is no functional level for an operating system before this. The idea of a forest is to make communication easier among non contiguous namespace Domain trees. It allows centralised management of resources.