An organization of related trees is, not surprisingly, called a forest. Some people get
trees and forests confused: They think that two domains automatically equal a forest. What
makes a group of two or more different domains a tree or a forest is their direct hierarchy.
Figure 4-1 shows a domain tree. The parent domain, Testlab.local, has a child domain
called Engineering.Testlab.local, which has its own child domain called NY.Engineering.
Testlab.local. This parent/child relationship forms a tree??”you can clearly see by the
namespace that Engineering is a branch of Testlab.local and NY is a branch of Engineering.
And all these domains are actually part of the Testlab.local domain tree.
Testlab.local
Engineering.Testlab.local
NY.Engineering.Testlab.local
Figure 4-1. A domain tree
100 Microsoft Windows Server 2008 Administration
Figure 4-2 shows how a forest is formed. Testlab.local and UAT.local are separate,
noncontiguous domains and are parents of their own respective domain trees. The existence
of a trust relationship between these two otherwise unrelated domains forms a forest,
and in doing so, the domains can share resources between them.
Trusts
By default, two-way transitive trusts are established between domains when you link them
together either within a tree or when joining two or more trees to create a forest. When
a trust is created, resources in one domain or tree can be assigned access to resources in
a different domain or tree.
Pages:
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141