A Microsoft Windows NT domain model in which all global users and group accounts reside in several account domains that trust one another with two-way trusts. Network resources reside in multiple resource domains that trust every account domain.
The advantages of the multiple master domain model are that it is scalable to any number of user accounts and that resource domains in this model manage their own resources. Among the disadvantages are the fact that the master domain model is complex to set up and administer, and that multiple local groups must be created in each resource domain.
Graphic M-21. Multiple master domain model.
When you upgrade a Windows NT network based on the multiple master domain model to a Windows 2000 network, you can simplify your network administration considerably. Large enterprises usually use the multiple master domain model either because of limitations on the recommended number of users in a Windows NT domain (about 20,000) or because their company is spread across several geographically separate locations. Active Directory in Windows 2000 overcomes these limitations by enabling up to 10 million objects to be stored in the Active Directory database and by allowing a single domain to be divided into multiple sites with intersite directory replication traffic being scheduled for times of low wide area network (WAN) link use. The result is that a Windows NT–based network consisting of several master domains and many resource domains can be combined into a single Windows 2000 domain. You can create a hierarchy of organizational units (OUs) within Active Directory to mirror the administrative structure of the former multiple master domain model network, with suitable rights and permissions assigned to the OUs for different users and groups.
If you want to maintain the existing administrative structure of your company, you can migrate each master or resource domain to a distinct Windows 2000 domain. Each master domain becomes a root domain, and the resource domains that trusted them become child domains joined by two-way transitive trusts to their parent domain. The result is one new domain tree for each former master domain. You then establish two-way transitive trusts between the root domains of each tree, forming a domain forest. All users in your enterprise thus gain access to resources anywhere on the network.