Every AD DS forest has at least one domain. When you set up your first domain forest, it is also set up as a default domain. There are a few reasons why you will need to consider having multiple domains in a forest:

• Smaller administrative boundaries: Active Directory is capable of managing nearly 2 billion objects. Having a large directory creates administrative nightmares. Imagine managing a large herd of sheep. As it grows, shepherds need to put in more and more effort to manage it. Predators will also take advantage of it, and sometimes, shepherds may not notice missing sheep as they are too busy managing the herd. Instead of managing a large number of sheep together, isn't it easy if each shepherd manages smaller herds? Domains will help set smaller administrative boundaries and smaller management targets. This will help manage organization resources efficiently.
• Replication: Every domain in the Active Directory forest shares the same schema. It needs to be replicated to all the domain controllers. But each domain has its own domain partition, which will only need to be replicated to the domain controllers inside the domain. This allows you to control the replication within the Active Directory forest. Rebeladmin Corp. has branches in different countries. These branches are connected together with leased lines. Each of these branches also has domain controllers set up. So, if it's a single-forest-single-domain setup, each and every domain controller will need to be replicated with each other. Leased lines between countries are not cheap, and they're not always high-speed links. The same bandwidth is also used for the other company operations. If we create different domains to represent each branch office, it will eliminate unnecessary replications as the domain partition only needs to be replicated within domain boundaries.
• Security: In the previous section, we talked about data and service isolations based on forests. These are due to operational and legal requirements in the business. Domains help isolate resources and objects based on the security requirements within the forest. My-Learning Inc. is an IT training company. It has mainly two types of students. Some are academic students who are studying the HND program, and others are students who are taking professional exams. Both groups have separate labs, software, and resource access. Both groups have their own data, resources, and identity security requirements. Some of these requirements are only achievable via domain-wide security settings. Therefore, having two separate domains will allow them to apply different security standards without interaction.

There are two models we can use for domains' structure design.