Platform SDK: Active Directory, ADSI, and Directory Services |
A forest is a set of one or more trees that do not form a contiguous namespace. All trees in a forest share a common schema, configuration, and global catalog. All trees in a given forest trust each other according to transitive hierarchical Kerberos trust relationships. Unlike trees, a forest does not need a distinct name. A forest exists as a set of Cross-reference objects and Kerberos trust relationships known to the member trees. trees in a forest form a hierarchy for the purposes of Kerberos trust; the tree name of at the root of the trust tree can be used to refer to a given forest.