The use of the Multiple Master Domain Model is generally limited to very large installations of NT. The Multiple Master Domain (as the name implies) is very similar to the Master Domain Model except for the existance of multiple master domains. This is generally created to overcome the number of account limitation discussed in the Master Domain Model section.
- All Master Domains trust each other (two-way trusts)
- Master Domains do not trust Resource Domains
- All Resource Domains trust the Master Domains (one-way)
- Better for companies with a very large number of users
- Very scalable for companies with a centralized MIS department
- Splits resources into groups (especially good for browsing)
- Centralizes user account administration
- Administration of resources can be distributed
- Global groups need to be defined in every Master Domain
- Administration of local groups is more complex
- Not all of the user accounts will be located in one domain
- Trust relationships are more difficult to manage
This model is considerably more difficult to administer and can cause a great deal of difficulty when planning group memberships and access rights. As we will discuss later, every global group for each master domain must be added to the other master domains, and all of the global groups must also be added to the proper local groups of the resource domains in order to perserve the network level administration and access control.
The Microsoft Windows NT Virtual Lecture by
Florida Community College at Jacksonville