Number of Trusted Domains

In the multiple master-domain model, user accounts are stored in master domains, and resources (machine accounts) are stored in all other domains. In this model, each resource domain trusts all master domains with a one-way trust.

On each domain controller in the resource domain, the existence of the trust relationship is represented by an LSA trusted-domain object. The object contains the name of the trusted domain and the domain security identifier (SID). The password associated with the trust link is stored in a LSA secret object, which is stored in the following registry key.

HKEY_LOCAL_MACHINE\Security\Policy\Secrets

In the Windows NT operating system, LSA secrets are used for other things and, until this version, the number of LSA secrets was fixed at 256. As a result, the recommended limit for trusted master domains was 128 per resource domain. This recommendation has been removed with the introduction of Windows NT 4.0 because the number of available LSA secrets has been significantly increased.

The second restriction limiting the number of master domains trusted by the resource domains is the nonpaged pool size of the domain controllers on which the resource domains are stored. When a domain controller starts, it attempts to discover domain controllers in each trusted domains by sending a message to each trusted domain. Each domain controller in the trusted domains responds with a message to the starting domain controller. The response is temporarily stored in the nonpaged pool until NetLogon can read it.

The RAM on your Windows NT computer is divided into two categories: nonpaged and paged. Nonpaged must stay in memory and cannot be written to or retrieved from peripherals. Peripherals include disks, the LAN, CD-ROMs, and other devices. Paged memory is RAM that the system can use and later reuse to hold different pages of memory from peripherals.

For more information on memory, see the Microsoft Windows NT Workstation Resource Guide, Chapter 12, "Detecting Memory Bottlenecks."

Windows NT Server 4.0 provides a default nonpaged pool size, which provides for a substantially higher number of trusted domains than earlier versions did. Table 2.8, below, lists the default nonpaged-pool size that is configured when Windows NT Server is installed on computers with different amounts of physical memory. The table also shows the recommended maximum number of trusted domains that will operate, based on the specified nonpaged pool size.

Table 2.8 Trusted domains needed for nonpaged-pool sizes


Nonpaged Pool Size	# of Trusted Domains	Total Physical Memory
1.2 MB	140	32 MB
2.125 MB	250	64 MB
4.125 MB	500	128 MB

Calculating Required Nonpaged and Paged Pool Sizes

Nonpaged and paged pool sizes are calculated from the physical memory on the computer when it starts up. Although the default nonpooled size is sufficient in most cases, you can approximate the values for an X86-based computer if you find it is necessary to change the nonpaged and paged pool size of your computer.

Table 2.9 Terms and values used to calculate the nonpaged pool size

Term	Value
Minimum Nonpaged Pool Size	256K
MinimumAdditionNonPagedPoolPerMb	32K
DefaultMaximumNonPagedPool	1MB
MaximumAdditionNonPagedPoolPerMb	400K
Pte_Per_Page	1024
Page_Size	4096

Calculating Nonpaged Pool Size

NonPagedPoolSize = MinimumNonpagedPoolSize + ((Physical MB-4) * MinAdditionNonPagedPoolPerMb)

Example: On a 32 MB x86-based computer
MinimumNonPagedPoolSize = 256K
NonPagedPoolSize = 256K + ((32-4) * 32K) = 1.2 MB

MaximumNonPagedPoolSize = DefaultMaximumNonPagedPool; + ((Physical MB-4) * MaxAdditionNonPagedPoolPerMb

IF: MaximumNonPagedPoolSize < (NonPagedPoolSize + Page_Size * 16)
THEN: MaximumNonPagedPoolSize = (NonPagedPoolSize + Page_Size * 16)
IF: NonPagedPoolSize >= 192 MB
THEN: NonPagedPoolSize = 192 MB

Example: On a 32 MB x86-based computer
MaximumNonPagedPoolSize = 1 MB + ((32 - 4) * 400K) = 12.5 MB

Calculating Paged Pool Size

Size = (2 * MaximumNonPagedPoolSize) / Page_Size Size = (Size + Pte_Per_Page - 1)) / Pte_Per_Page PagedPoolSize = Size * Page_Size * Pte_Per_Page If PagedPoolSize >= 192 MB PagePoolSize = 192 MB

Example: On a 32 MB x86-based computer

Size = (2 * 12.5 MB) / 4096 = 6400 Size = (6400 + (1024 - 1)) / 1024 = 7.25 Paged Pool Size = 7.25 * 4096 * 1024 = 30 MB

Note If both the nonpaged and paged pool values are set to zero in the registry, then the paged pool size will approximately equal the memory size.

Changing Nonpooled and Pooled Page Size

Nonpooled and pooled page values can be changed in the registry. The page pooled memory management parameters are located in the following registry key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session \Memory Management Manager

Warning Using the Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of the Registry Editor can be solved. Use this tool at your own risk.

Increasing the size of NonPaged pool consumes physical memory that cannot be used for any other purpose.

Increasing the number of trusted domains increases the datagram traffic from each domain controller in the trusting domain.