The Microsoft Worldwide Domain Model

Master-user account domains contain all user accounts for the worldwide domain structure. Master-account-domain names represent the user's geographic location, to assist in distribution of BDCs.

Figure 2.12 Microsoft worldwide domain model

The Microsoft network acknowledges two categories of administration. ITG is solely responsible for administration of some domains. Other domains are jointly administered by ITG and specific user groups, such as developers, sites, and others. Domain-administration permissions can be given to a group of users within their second-tier domain. ITG retains the option of allowing any of the departmental-server domains to have both their own domain administrators and ITG administration.

Domain Controller Locations

ITG provides master-account domains (first-tier), which are used by a specific set of sites. The name and size of these master-account domains are determined by geographic limitations, network topology, and the number of accounts to be supported. The PDC for the Redmond, NorthAmerica, and SouthAmerica master-account domains are located in Redmond. Others are located near the constituent users, where local data centers provide administrator resources. A BDC for the master-account domain is located at each remote site, for authentication of accounts at that site.

The European master account domain PDCs are in England, with a BDC for each European master account domain at each respective site.

Worldwide, a BDC for the global master account domain is also located at each network hub site.

Special Domain Considerations

Microsoft maintains two domains that, for security, have restricted access to and from the other domains. The groups using these special domains are the Microsoft Human Resources group and vendors who do business with Microsoft.

The Human Resources department maintains a secure network because of the confidential nature of its information. The HR master domain is isolated from the other domains on the network and is separately wired, so that it is not physically connected to the other network.

Vendors use the servers in the second restricted domain as a drop-off point. Microsoft employees can access the domain through a one-way trust relationship, but vendors are restricted to the vendor domain.

WAN Protocols

On the Microsoft corporate network, TCP/IP is used by Windows NT Server to forward authentication requests between domain controllers across a WAN. Every server in the master account domain can process logon requests from the domain user accounts.

Dynamic Host Configuration Protocol

Every server in the corporate domain runs TCP/IP. Adding Dynamic Host Configuration Protocol (DHCP) to the Microsoft network has significantly reduced administrative overhead for WAN management because individual machine TCP/IP addresses are configured automatically by DHCP.

Naming Conventions

Microsoft devised a naming convention for the corporate-domain structure to provide a consistent, worldwide interface to its users. The naming convention for second-tier domains is based on geographic location (USA-Atlanta), business (ITG-Networks), or development group (Apps-Word).

The following table shows some of the current domains. The rule is to use {division}-{department}. Another factor in establishing the domain name is to encompass the largest practical group.

Site domains are determined by {country code}-{city name}. Every site is permitted one resource domain in the corporate domain model.

Table 2.11 Microsoft first-tier and second-tier domain names

Master Account Domains (First-tier):

REDMOND

FAREAST

NORTHERNEUROPE

SOUTHPACIFIC

AFRICA

MIDDLEEAST

SOUTHAMERICA

CENTRALEUROPE

NORTHAMERICA

SOUTHERNEUROPE


Departmental and Site Resource Domains (Second-tier):

APPS-EXCEL

FRA-PARISEHQ

OPS-FACILITIES

SYS-BUSINESS

APPS-MULTIMEDIA

GER-BERLIN

OPS-MSPRESS

SYS-HARDWARE

APPS-POWERPOINT

GER-MUNICH

POL-WARSAW

SYS-MARKETING

APPS-WORD

ITG-APPS

PSS-BP

SYS-MSDOS-WIN

AT-RESEARCH

ITG-DEVELOPMENT

PSS-LP

SYS-WINNT

AUT-VIENNA

ITG-NETWORKS

PSS-RWG

USA-ATLANTA

FIN-ACCTSVRS

ITG-SQL

SWI-NYON

USA-DENVER