Create Global, Universal, Local groups for each domain. Each global group will contain all users in the corresponding department. Membership in the universal group is restrictive and membership can be assigned on the basis of least privileged principle. (For design purpose, you can assume that WTC as a Single Forest with multiple domains).
I am only responsible for my portion and nothing else. There is no requirement as to how it should look as long as the requirement is fulfilled.
CMIT 495 6381 Current Trends and Projects in Computer Networks and Security (2158)