MCSA/MCSE 2003 JumpStart

The domain model is a client-server based technology used by NT 3.x and NT 4.x. The domain model enables you to logically group resources and users into one centrally managed group called a domain.

The domain model can be compared to the administration in a school. A school has a principal and a vice principal. The principal has the first say on who can do what in the school and how it should be done. The vice principal follows the same course of action as the principal. When the principal is away at meetings, the vice principal is next in line to make decisions.

The Windows NT domain contains a similar backup design. A server called the primary domain controller (PDC) has the same role as a school principal. All decisions and responsibility regarding who can do what is maintained and controlled by the PDC. The PDC maintains a database of all the users and their security rights. The database where this information is stored is called the Security Accounts Manager (SAM).

A second server, the backup domain controller (BDC), keeps a copy of the SAM database. Like the vice principal in a school, the BDC can take over the authentication process in the event that the PDC is too busy or if the PDC fails.

The main advantage of the domain model is that all users need only one user account to log on to the domain. Users can then access any resources within the domain that they have been granted access to.

scalable

Capable of expanding to accommodate greater numbers of users and resources.

This graphic shows a sample domain:

When Appropriate

The domain model is very scalable (meaning it works well with small and large networks), so you can use it in small or large organizations.

The domain model offers these benefits:

• Users need only one logon account, no matter how many servers the user has to access.

• You can easily define and manage security.

• You can centralize account and resource management by creating the user on either the PDC or BDC and the information will be copied to all domain servers.

The model also has some drawbacks:

• This model needs a trained and experienced administrator to install and manage it.

• The domain model uses a flat structure for storing account information. You can have up to 40,000 accounts, but there is no way to hierarchically organize the users.

• Domain models do not scale as well in large national or global networks as do directory services models (explained in the next section).

directory services model

Uses a hierarchical database to logically organize the network resources. This model scales well to small, medium, or large enterprise networks.

Common OS Examples

Network operating systems that support the domain model are confined to Microsoft products. Although Windows 95, 98, NT Workstation, and 2000 Professional function within the domain model, they do not have domain management capabilities. The only network operating systems that allow you to build, manage, and support domains are:

• Microsoft Windows 3.1, 3.5, and 3.51 Server

• Windows NT 4 Server

• Windows 2000 Server and Windows Server 2003

  Note

  Although Windows 2000 Server and Windows Server 2003 supports the domain model, Microsoft recommends that you migrate your network to Active Directory Services. Directory services are described in the next section.