In this post, we will discuss about TREE with reference to Active Directory. However, first things first – a primer on Active Directory will be helpful. Just like a phone directory storing all kinds of phone numbers in it, an active directory abbreviated as AD, is a directory of services offered by Windows, to organize the permissions and access the network resources. The essential service of Active Directories is Domain Services. All the information rests in here and the user’s interaction with the domain is handled by the Domain Services. And the Domain Controller hosts the Active Directory Domain Services.
Now, the Directory uses a kind of tiered layout, in which various domains, forests and trees are contained to synchronize all the elements of the network. So, the Tree in Active Directory is a group/collection of domains in the Windows Active Directory. Just like a tree has various branches, it means that every single domain is parented by one parent and many such leads to a ranked tree structure.
Every domain in the tree lives on the foundation of trust, which is a two-way process, meaning that as soon as a domain is created, the resources of that nascent domain is by default shared with its parent domain. This allows the user to access both the resources of parent and child domains. So, simply put, if an A domain trusts B domain and B Domain shows trust on C domain, then automatically A domain trusts C domain and likewise, all domains trust each other in the Active Directory.
An Active Directory tree basically houses all those domains that have a single parent/root, branching out to various other child domains. All the domains have one common name space. There is one common boundary shared by all the domains in the tree. So, a child-parent relationship sets up among the existing domains and a newly built domain.
Talking about what is an Active Directory tree, two different trees cannot share one name space. Like, one tree is xyz.com, so, the other tree will be abc.com.
The configuration of several child domains in the tree is same, forming that common namespace. This leads to another relationship forming on the basis of name space. So, there are two perspectives of relationships based on which the trees can be seen. One is the trust relationship building between the domains and the other being the name space of the domain tree.
The hierarchical grouping of various domains of Microsoft Windows sharing one common name space is basically called a Tree.
CHARACTERISTICS OF AN ACTIVE DIRECTORY TREE
- The child domain’s name in a tree is the particular name of that child domain appended with the parent domain’s name.
- A common structure or configuration is shared by all domains in the tree.
- A common Global Catalog is shared by all domains within one tree. This catalog serves as the central reservoir of data about objects of the tree.
- There is a two way relationship built among the domains of the tree. As soon as one domain joins a tree, it automatically trusts all other domains in the tree and vice versa.
There is a parent domain called abc.com, so all other child domains branching out will bear their specific names, followed by the parent domain’s name. Like accounts.abc.com, sales.abc.com, payment.abc.com, etc. And, furthermore, these child domains can also have other multiple domains established under them, like north.sales.abc.com or north.payment.abc.com.
CREATING A TREE IN EXISTING AD:-
Following the establishment of a root domain, new trees can be added to the existing AD, if required. It is quite straightforward to create a tree in the network. Let’s see how to do that:-
- On the installation wizard of Active directory, tell it that you want to create a tree and not any other child domain.
- The place of the tree can be opted to be in an existing forest.
- Some specifications need to be made:
- In Enterprise Admin Group, existing in the parent domain of a forest, a user account’s username, password and domain name.
- DNS of the newly formed tree.
- NetBIOS name of new domain.
- Active directory’s log files and database’s locations.
- Shared system volume location.
- Whether or not to thin out the permissions for the users to be able to access done through remote access servers running on Windows NT 4.0.
The installation will complete on addition of three new consoles to the menu of Administrative Tools on that particular computer.