Active Directory Domain Services (AD DS) is the directory service for the Windows Server 2008 networking environment. It provides the hierarchical structure for the domain and the objects within the domain. The domain is the basic administrative container for a Microsoft network. Domains that share the same Global Catalog are in the same domain tree. A forest is a collection of domain trees.

To create a domain controller for a domain, you need to install Active Directory on the server. The first domain created for your organization is the root domain of your domain tree (it also is the root of a forest).

Child domains reside inside the domain tree container (they could also be considered branches on the domain tree). Root and child domains in the same tree can share services and resources because they are configured with transitive trusts, by default. This means that these trusts flow up through the tree and child domains on the network, allowing users in any domain on the tree to access resources anywhere in the tree (including the root and child directories.

Active Directory Domain Services can be managed on a domain controller via the Server Manager. Three important management snap-ins related to the Active Directory are Active Directory Users and Computers, Active Directory Domains and Trusts, and Active Directory Sites and Services. The Active Directory Users and Computers snap-in is used to manage your user accounts, Active Directory groups, and Organizational Units.

