What is Active Directory Forest?

by | Oct 9, 2021 | Active Directory

Home » Admin » Active Directory » What is Active Directory Forest?


An active directory is a form of directory service that records information about all devices and computers that join on the same network and access network resources to complete their given task or functionality.  An active directory is completed in three functional units: domains, trees and forests. Many organizational units combine to form one domain and many domains group together to come under one tree. These trees are then grouped to make one domain forest. But, what is a forest, and what are its features and functionality? In this article we will explore Active Directory Forest.


A forest or a domain forest or Active Directory Forest is the highest form of order in any active directory and consists of many types of domains, operating with different variants of organizational units. A forest is a large space in an active directory and has a definite security boundary. Any user operating in one forest cannot move to another. However, they can move from one domain to another.

Block Diagram

Active Directory Forest

[Source: Google]

Steps of creating active directory forest

After creating a new Windows server, the user needs to implement active directory domain services and a DNS server role. When this is done, the server will now be eligible to be promoted as a domain controller. As a domain controller, this server will be able to authenticate and verify user credentials working on the same network. When this is done, the computer will begin the active directory domain service wizard and during this, the user will get an option for creating a new forest and the user will have to select this option and follow the steps.

Models of Active Directory Forest

Forests can be found configured using various models, some of the most common ones include:


  • Resource forest model: A forest for all network resources which does not allow or consist of any users or clients. This model is only made of resource nodes and service accounts that maintain the forest.
  • Organizational forest model: It comprises several domains with specific OUs with several devices and users allocated to different network resources to complete their given task in an organization connected to a common network.
  • Restricted access forest model: This forest only consists of users and confidential data which cannot be accessible to other users on the same network.



Forests do not specifically provide advantages. However, having an active directory domain forest allows IT admins to manage authentication and verification for all devices and users in an organization into different domains. To implement better security, forests also enable admins to create security groups. These typically play a role in granting and recording folder access permissions to other users. This plays a significant role in ensuring data security in the organization.


Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.