The difference between "new domain tree root" and "new child domain"?

Solution 1:

I should preface this answer with a comment. I don't know your infrastructure, so please forgive me if this doesn't apply. Microsoft doesn't recommend child domains or separate tree roots for most organizations. The current recommendation is a single AD domain with business units separated by OUs for management. Unless you have a very compelling reason to complicate your AD structure by doing this, I suggest that you rethink your design and evaluate whether or not a single AD domain might be a better fit.

Above is an example of each. There is no explicit trust between the two domains in the 2nd example, There is still an implied trust, though.

You would have to use a trust shortcut between the two, otherwise the forest root would always have to be queried whenever a cross-domain resource request was made.

Solution 2:

The difference between a "New child domain" and a "New domain tree root" relates to continuity of the DNS namespace. A "New child domain" will have a name that is contiguous to the parent domain ("corp.foo.com" and "child.corp.foo.com") whereas a "New domain tree root" will have a name that is not contiguous to the parent domain ("corp.foo.com" and "research.foo.com").