What is a domain tree?
In Windows 2000, a domain can be a child of another domain (e.g.,
child.domain.com is a child of domain.com). A child domain name always includes
the complete parent domain name. A child domain and its parent share a two-way
A domain tree exists when one domain is the child of another domain. A domain
tree must have a contiguous namespace, as in the leftmost diagram in the Figure.
In the rightmost diagram in the Figure, the lack of contiguous names means
that the domains canít be part of the same tree.
The treeís name is the root domain name. In my example, the tree is
root.com. Because domains are DNS names and because domains inherit the parent
part of the name, if you rename part of a tree, all of the parentís children
are also implicitly renamed. For example, if you renamed the parent domain
ntfaq.com to backoffice.com, the child domain sales.ntfaq.com would change to
sales.backoffice.com. Although you canít currently rename part of a tree, this
problem will arise in future versions of the OS.
You can currently create domain trees only when DCPROMO promotes a server to
a domain controller (DC). This restriction might change in the OS that follows
Placing domains in a tree yields several advantages. The most useful benefit
is that all members of a tree have Kerberos transitive trusts with the
domainís parent and all the domainís children. Transitive trusts also let
any user or group in a domain tree obtain access to any object in the tree. In
addition, you can use one network logon at any workstation in the domain tree.
Windows Privacy Tools - http//www.privacywindows.com