multiple master domain model

When you upgrade a Windows NT network based on the multiple master domain model to a Windows 2000 network, you can simplify your network administration considerably. Large enterprises usually use the multiple master domain model either because of limitations on the recommended number of users in a Windows NT domain (about 20,000) or because their company is spread across several geographically separate locations. Active Directory in Windows 2000 overcomes these limitations by enabling up to 10 million objects to be stored in the Active Directory database and by allowing a single domain to be divided into multiple sites with intersite directory replication traffic being scheduled for times of low wide area network (WAN) link use. The result is that a Windows NT–based network consisting of several master domains and many resource domains can be combined into a single Windows 2000 domain. You can create a hierarchy of organizational units (OUs) within Active Directory to mirror the administrative structure of the former multiple master domain model network, with suitable rights and permissions assigned to the OUs for different users and groups.

If you want to maintain the existing administrative structure of your company, you can migrate each master or resource domain to a distinct Windows 2000 domain. Each master domain becomes a root domain, and the resource domains that trusted them become child domains joined by two-way transitive trusts to their parent domain. The result is one new domain tree for each former master domain. You then establish two-way transitive trusts between the root domains of each tree, forming a domain forest. All users in your enterprise thus gain access to resources anywhere on the network.