Active Directory domain tree is a collection of domains which share a contiguous namespace. An Active Directory forest can have multiple domain trees which use different namespaces. In one forest, each of these domain trees have explicit trust among them by default. In this scenario, we are going to create a new domain tree in an existing Active Directory forest.

Before we start with the installation, we need to consider a few things:

• Environment setup: The new physical server or the VM which is going to be set up should have network reachability to the existing forest root domain. It can be in different network segments, but in order to add it to the existing forest, a connection is required. In order to proceed with the configuration, the administrator should have a local administrator account for the server, and a Schema Admin or Enterprise Admin account log in details for the existing forest.
• Information: In order to set up the new domain tree, we need to gather the following information:
  • FQDN for the new domain
  • Forest name
  • Schema Admin or Enterprise Admin credentials for the existing forest root domain
• Schema preparation: If the new domain controller is going to be a newer version than the existing AD DS version, it needs the forest schema modified with adprep /forestprep to support the new version. As I explained in the previous scenario, this is now a part of the Active Directory configuration process. However, we need Schema Admin privileges to do it.