Windows NT allows you to centrally or decentrally manage user accounts for your organization. With centralized management, there is usually one SAM and therefore one master domain where all user account information is stored. Users are defined once on the network and given permissions to resources based on their logon identity in the central user database. The single domain model and single master domain models are centrally managed. A multiple master domain model can also be managed centrally by adding designated administrators to the appropriate Domain Admin groups.
With decentralized management, there is more than one SAM containing information about different user accounts in the organization. You can create trust relationships to enable domains to access resources in other domains. The multiple master domian model and the single domian models can make use of decentralized management.
In addition, in planning for your domain model, you'll need to establish administrative policies and procedures for: