SekChek for Windows: Planning Your Analysis - Single Master Domain Model

SekChek

Single Master Domain Model


The single master domain model is comprised of several domains, one of which acts as the central administrative unit for user accounts. User and machine accounts are defined in this master domain and all users log on to their accounts in the master domain.

Resources, such as printers and file servers, are located in the other domains (resource domains). Each resource domain establishes a one-way trust with the master (account) domain, enabling users with accounts in the master domain to use resources in all the other domains. The network administrator can manage the entire multi-domain network, including its users and resources, from a single domain.

This model balances the requirements for account security with the need to share resources via the network, because users are given permission to resources based on their master domain logon identity.

The single master domain model is particularly suited for:

  • Centralised account management. Security and User accounts can be centrally managed from a single point.
  • Decentralised resource management or local system administration capability. Department domains can have their own administrators, who manage the resources in the department.
  • Resources can be grouped logically, corresponding to local domains.

Another type of domain model is the multiple master domain model, where different trust relationships can be implemented between master domains and resource domains within each master domain.

Active Directory domains offer more options where Resource Domains may not be necessary as they could for example, be implemented as Organizational Units.