It is an LDAP compliant database that contains objects.

This answer refers specifically to Active Directory Domain Services. Objects in separate forests are not able to interact with each other, unless the administrators of each separate forest create a trust between them.

I find myself explaining some of what I assume is common knowledge about it almost daily.

This question will, hopefully, serve as a canonical question and answer for most basic Active Directory questions.

I hear "I have a Primary Domain Controller (PDC) and want to install a Backup Domain Controller (BDC)" much more frequently that I would like to believe.

The concept of PDCs and BDCs died with Windows NT4.

It simplifies management, and modern versions of AD make it very easy to delegate control based on OU, which lessens the need for child domains. , the tool that handles the promotion of a server to a DC isn't idiot-proof.

It does let you make bad decisions with your naming, so pay attention to this section if you are unsure. Use the Power Shell cmdlet or install AD DS from Server Manager.) First of all, don't use made up TLDs like .local, .lan, .corp, or any of that other crap. ICANN is selling TLDs now, so your as an externally resolvable website, you should avoid using that as your internal AD name as well, since you'll end up with a split-brain DNS.

The forest root domain defines the default namespace for the forest.

For example, if the first domain in a new forest is named .

You can see that the child domain's name was prepended forest root domain's name. You can have disjoint namespaces in the same forest, but that's a whole separate can of worms for a different time.

In most cases, you'll want to try and do everything possible to have a single AD domain.

The last bastion for PDCs was in a Windows 2000 transitional mixed mode AD when you still had NT4 DCs around.

