domain model, all users and groups reside in one domain. Because only one domain exists, no
trusts are necessary. A single domain is OK for small to medium networks that need centralized
administration of accounts and resources. Theoretically, the user base can handle up to 40,000
users. In practical usage, the single domain model performs poorly if the number of users and
groups in the domain overwhelm the server's resources. In addition, browsing is slower if the
domain has a large number of servers.
who seek the ultimate in distributed management, complete trust is the answer. The complete
trust model distributes the administration of users, groups, domains, and resources. The
complete trust model is the easiest to understand, but it lacks security and can be the most
difficult to manage. Everybody trusts everybody. Every domain in the network trusts every
other domain. The following formula produces the number of trust relationships required to
implement a complete trust:
structures with the fewest number of trusts are the easiest to manage.