Child domain versus a new domain tree in an existing forest

Discussion in 'Active Directory' started by Shawn Conaway, Nov 8, 2006.

  1. Does anyone know the functional differences between creating a child domain
    and creating a new domain in an existing forest? I know that with a child
    domain, the DNS domain will be nexted under its parent. Since the trusts in
    a forest are all transitive, all the domains in a forest trust each other,
    I'm thinking that group policy may be the only significant difference.
    Shawn Conaway, Nov 8, 2006
  2. Shawn Conaway

    jx Guest

    You may be referencing to the child domain and domain tree. A forest can
    have multiple contiguous separate trees as well e.g. | | The transitivity exists between the
    child and the parent.
    jx, Nov 8, 2006
  3. Shawn Conaway

    T. Uranjek Guest


    Why would be any difference in group policy mechanism between new tree or
    child domain in existing tree? You can link GPO to sites (which can contain
    more than one domain) to domain (but GPO are not inherited to child domain)
    or OUs.

    Apart from contiguous name space I cannot see difference between new tree or
    child domain.


    T. Uranjek, Nov 8, 2006
  4. For pure AD functionality there is no difference. From the standpoint of
    confusion and broken scripts and applications it is far more likely a
    new tree will cause issues. I absolutely do not recommend multiple trees
    in a forest as I have yet to have seen a good reason for it and have
    seen lots of problems.

    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition

    ---O'Reilly Active Directory Third Edition now available---
    Joe Richards [MVP], Nov 9, 2006
