Published: Nov 14, 2024
In this guide, I’ll show you how to add a new forest to your existing Active Directory environment. There may be compliance or security requirements dictating you add a new forest.
This article applies to: Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025.
However, just a note, you can add forest trusts, too. If you have an existing forest, contoso.com, you can add another forest, northwindtraders.com, and optionally build a trust between them, all within your LAN environment.
In our final scenario will be adding a new forest to an environment. There are several logical designs that dictate this option. If you are starting out completely from scratch, this is the only option you will have – adding your first domain controller and creating your very first (forest-root) domain.
Another scenario would be if you need a more defined separation of domains. If you are merging with another corporation, you may want to add a new forest in a test setting – this will allow complete separation between your forest domain structure and your testing.
However, as I stated previously, you’ll be able to create forest trusts that will allow users in one forest to log in (seamlessly) to computers in the other forest.
I have built another Windows Server 2022 Datacenter Hyper-V VM and named it WS22-FOREST-DC1.
Again, I went and added the Active Directory Domain Services role.
Let’s get the new forest configured.
Here, you can see you have options with the forest functional level. If you have a requirement to include domain controllers running older versions of Windows Server, you need to make that adjustment now: You can’t go back after the fact and lower the level. You can only raise these levels.