The first one is to use an inactive sub domain of a domain that you use publicly.
Tree root domain controller.
Active directory is a set of one or more trees.
Domains can also be renamed.
A child to one domain can also be the parent to other domains.
A domain tree is made up of several domains that share a common schema and configuration forming a contiguous namespace.
When you add a domain to a tree it becomes a child of the tree root domain.
You wouldnt be albe to just.
A tree root trust can only be established between the roots of two trees in the same forest and are always transitive.
They can only exist.
Also on then do a domain name change on the root domain to the desired root domain name that doesnt work that way either.
Additional domains are added to the root domain to form the tree structure or the forest structure depending on the domain name requirements.
The top of the tree structure is the root domain.
Using the domain rename utility rendom exe you can change the netbios and dns names of a domain including any child parent domain tree or forest root domains from which all others branch off in the hierarchy.
The root domain the first domain that you create contains the configuration and schema for the forest.
Each domain is responsible for authenticating users in their domains.
The fact that ad local is the parent in the forest provides no additional benefit when it comes to authentication.
Selecting the forest root domain involves determining if one of the active directory domains in your domain design can function as the forest root domain or if you need to deploy a dedicated forest root domain.
2 minutes to read.
You cannot manually create a tree root trust.
For information about deploying a forest root domain see deploying a windows server 2008 forest root domain.
A transitive two way tree root trust relationship automatically created and establishes a relationship between the forest root domain and a new tree when you run the ad ds installation process to add a new tree to the forest.
The child domains inherit the address space of the parent so the child is a subdomain.
The domain to which a child domain is attached is called the parent domain.
Only one domain name needs to be registered even if you later decide to make part of your internal name publicly accessible.
By renaming domains in this manner you can thereby move them in the hierarchy.
A child domain might in turn have its own child domain.
Advantages to this most preferred approach includes.
So think of a group of domains that share the same root domain address as a tree.
Domain tree is collections of domains that are grouped together in hierarchical structures.