Sunday, March 25, 2012

What Are Forests?


At its highest level, a forest is a single instance of Active Directory. Therefore, a forest is synonymous with Active Directory, meaning that the set of all directory partitions in a particular Active Directory instance (which includes all domain, configuration, schema and optional application information) makes up a forest. This means that when you have multiple forests in an enterprise they will, by default, act separately from each other as if they were the only directory service in your organization.
This behavior, however, is easily be modified so that multiple forests can share Active Directory responsibilities across an enterprise. This is done by creating external or forest trust relationships between the forests. In this way, each forest can be connected with every other forest to form a collaborative directory service solution for any enterprise with business needs that include multiple forest collaboration.
Forests can also be defined as:
  • Collections of Domain Containers that Trust Each Other
  • Units of Replication
  • Security Boundaries
  • Units of Delegation

 Forest functionality

Forest functionality enables features across all the domains within your forest. Three forest functional levels are available: 
  •  Windows 2000 (default)
  •  Windows Server 2003 interim, and
  • Windows Server 2003 .
By default, forests operate at the Windows 2000 functional level. You can raise the forest functional level to Windows Server 2003 .

No comments: