Primary Domain Controller

From Wikipedia, the free encyclopedia

A Primary Domain Controller (PDC) is a server computer in a pre-Windows 2000 NT server Domain. A domain is a concept used in NT server operating systems whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.

Such domains have at least a Primary Domain Controller, and will often have one or more Backup Domain Controllers (BDCs). The PDC has the master copy of the user accounts database which it can access and modify. The BDC computers have a copy of this database, but these copies are read-only. The PDC will replicate its account database to the BDCs on a regular basis. The BDCs exist in order to provide a backup to the PDC, and can also be used to authenticate users logging on to the network. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will usually be the first domain controller that was created unless it was replaced by a promoted BDC.

In later releases of Windows, such as Windows 2000, NT 4 type domains have been superseded by Active Directory. In Active Directory domains, the concept of Primary and Backup Domain Controllers doesn't exist. Instead, the domain controllers in these domains are all considered to be equal in that all controllers have full access to the accounts databases stored on their machines.

However, in these later releases of Windows, an Active Directory FSMO role named PDC emulator master does exist in each domain. This PDC emulator master does not have the same special role in replication as the Primary Domain Controller in pre-Windows 2000 systems, but does have certain additional responsibilities:

  • The PDC emulator master acts in place of the Primary Domain Controller if there are Windows NT 4.0 domain controllers (BDCs) remaining within the domain, acting as a source for them to replicate from.
  • The PDC emulator master receives preferential replication of password changes within the domain. As password changes take time to replicate across all the domain controllers in an Active Directory domain, the PDC emulator master receives notification of password changes immediately, and if a logon attempt fails at another domain controller, that domain controller will forward the logon request to the PDC emulator master before rejecting it.
  • The PDC emulator master also serves as the machine to which all domain controllers in the domain will synchronise their clocks. It, in turn, should be configured to synchronise to an external NTP time source.

PDC has been faithfully recreated on the Samba emulation of Microsoft's SMB client/server system.

[edit] See also

Languages