What is the Difference Between Tree and Forest in Active Directory

The main difference between Tree and Forest in Active Directory is that Tree is a collection of domains while forest is a set of trees in active directory.

Active Directory is a directory service of Microsoft. It stores information on objects such as user, files, shared folders and network resources. It organizes all this information. Moreover, it allows the domain controller to perform authorization and authentication for users to access resources. There are various objects in active directory. An object is a physical entity of a network. Tree and Forest are two such objects.

Key Areas Covered     

1. What is Tree in Active Directory
      – Definition, Functionality
2. What is Forest in Active Directory
     – Definition, Functionality
3. Difference Between Tree and Forest in Active Directory
      – Comparison of Key Differences

Key Terms

Active Directory, Domain, Forest, Tree

Difference Between Tree and Forest in Active Directory - Comparison Summary

What is Tree in Active Directory

A domain is a logical grouping of network objects such as user, computers and network devices. A tree or domain tree is a collection of domains. Moreover, a tree follows a parent domain, child domain tree structure. When a domain is under a specific domain, that domain is called the child domain while the main domain is called the parent domain.

Objects in different domains within a domain tree can communicate with each other through trusts. The trusts can be two-way or one-way trusts. For example, assume two domains. If both domains can communicate with each other, it is a two-way trust. If only one domain can communicate with the other domain, it is called one-way trust.  Furthermore, all domains in the domain tree share a contiguous namespace.

What is Forest in Active Directory

A forest is a collection of trees or domain trees which provides the highest level of security boundary. It is also a complete active directory instance. Moreover, objects within the same forest can communicate with each other. If an object in one forest needs to exchange information with an object in another forest, the two forests should have forest level trust.

Difference Between Tree and Forest in Active Directory

According to the above diagram, a triangle represents a domain. Furthermore, multiple triangles denote a tree or a domain tree whereas multiple trees create a forest. As each tree consist of multiple domains, we can also consider a forest as a collection of domains.

Difference Between Tree and Forest in Active Directory

Definition

A tree is a collection of one or more domains or domain trees in a contiguous namespace that is linked in a transitive trust hierarchy. In contrast, a forest is a collection of trees that share a common global catalogue, directory schema, logical structure and directory configuration. Thus, this is the difference between Tree and Forest in active directory.

Association

Another difference between Tree and Forest in active directory is that a tree is a set of domains while a forest is a set of trees.

Communication

Domains inside a tree can communicate with each other using one way or two-way trust whereas two forests can communicate by creating a forest level trust. Hence, this is also difference between Tree and Forest.

Conclusion

Tree and Forest are two terms used in active directory. The main difference between Tree and Forest in Active Directory is that Tree is a collection of domains while forest is a set of trees in active directory. In brief, a tree is a collection of domains whereas a forest is a collection of trees.

References:

1.ManageEngine. YouTube, YouTube, 22 July 2011, Available here.
2.“Active Directory.” Wikipedia, Wikimedia Foundation, 26 Apr. 2019, Available here.

Image Courtesy:

1.”Active Directory” By 小朱 – Create by self (Public Domain) via Commons Wikimedia

About the Author: Lithmee

Lithmee holds a Bachelor of Science degree in Computer Systems Engineering and is reading for her Master’s degree in Computer Science. She is passionate about sharing her knowldge in the areas of programming, data science, and computer systems.

Leave a Reply