A trusted domain in Microsoft Windows NT–based networks that contains accounts for all users in an enterprise. Master domains are used in enterprise-level implementations of Windows NT to allow user accounts to be centralized and managed in one domain.
The master domain is typically found at company headquarters, while resource domains are implemented at branch offices. A trust relationship is established between the resource domains and the master domains, in which each resource domain trusts the master domain. Users who log on to their computers at headquarters automatically log on to the master domain to validate their credentials. Users at branch offices can log on to either their local resource domain or the trusted master domain, but they must choose the master domain because all user account information resides there. In a wide area network (WAN), one or more backup domain controllers (BDCs) belonging to the master domain are installed at each branch office to facilitate local logons and to prevent logon traffic from being routed over slow WAN links to headquarters.
Many companies use the Windows NT master domain model to administer users and groups in master domains and resources in second-tier (or resource) domains. Because the majority of reasons to use the Windows NT master domain model disappear when domains are migrated to Active Directory in Windows 2000 and a domain tree is established, these companies might choose to dissolve existing second-tier domains into organizational units (OUs) in the master domains.