Domain controller

On Microsoft Servers, a domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain.[1][2] A Domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.

History

Windows NT

With Windows NT server, one domain controller per domain was configured as the Primary Domain Controller (PDC); all other domain controllers were Backup Domain Controllers (BDC).

A BDC could authenticate the users in a domain, but all updates to the domain (new users, changed passwords, group membership, etc.) could only be made via the PDC, which would then propagate these changes to all BDCs in the domain. If the PDC was unavailable (or unable to communicate with the user requesting the change), the update would fail. If the PDC was permanently unavailable (e.g. if the machine failed), an existing BDC could be promoted to be a PDC. Because of the critical nature of the PDC, best practices dictated that the PDC should be dedicated solely to domain services, and not used for file/print/application services that could slow down or crash the system. Some network administrators took the additional step of having a dedicated BDC online for the express purpose of being available for promotion if the PDC failed.

Windows 2000

Windows 2000 and later versions introduced Active Directory ("AD"), which largely eliminated the concept of primary and backup domain controllers in favor of multi-master replication.

However, there are still several roles that only one domain controller can perform, called the Flexible single master operation roles (some of these roles must be filled by one DC per domain, while others only require one DC per AD Forest). If the server performing one of these roles is lost, the domain can still function, and if the server will not be available again, an administrator can designate an alternate DC to assume the role (a process known as "seizing" the role) and this is called adc.

Nomenclature

Windows Server can be one of three kinds: Active Directory "domain controllers", Active Directory "member servers" and Windows Workgroup "stand-alone servers".[3] The term "Active Directory Server" is sometimes used by Microsoft as synonymous to "Domain Controller".[4][5][6][7][8] The term is discouraged.[9]

See also

References

  1. "Domain Controller Roles". Microsoft TechNet. Retrieved Dec 4, 2009.
  2. "Domain Controller Roles....". Windows Server 2003 Technical Reference. Microsoft TechNet. 2010-06-03. Retrieved 2012-11-21. A domain controller is a server that is running a version of the Windows Server® operating system and has Active Directory® Domain Services installed.
  3. "Planning for domain controllers and member servers". Windows Server 2003 Product Help. Microsoft TechNet. 2005-01-21. Retrieved 2012-11-21. [...] servers in a domain can have one of two roles: domain controllers, which contain matching copies of the user accounts and other Active Directory data in a given domain, and member servers, which belong to a domain but do not contain a copy of the Active Directory data. (A server that belongs to a workgroup, not a domain, is called a stand-alone server.)
  4. "Capacity Planning for Active Directory Domain Services". Microsoft TechNet. 2012-10-12. Retrieved 2012-11-21. Evaluating Active Directory Server RAM [...] Evaluating the amount of RAM that a domain controller (DC) needs is actually quite a complex exercise.
  5. "Q324753: How To Create an Active Directory Server in Windows Server 2003". Microsoft Support. 2011-09-11. Retrieved 2012-11-21. How To Create an Active Directory Server in Windows Server 2003 [...] To convert a Windows Server 2003 computer into the first domain controller in the forest, follow these steps [...]
  6. "Q302914: How Outlook 2000 accesses Active Directory". Microsoft Support. 2007-02-27. Retrieved 2012-11-21. [...] you must restart Outlook if that particular Active Directory server stops responding.
  7. "Q253841: XADM: Troubleshooting Active Directory Connector Replication Issues". Microsoft Support. 2007-02-27. Retrieved 2012-11-21. Is a Connection Agreement configured for the Exchange Server computer to the Active Directory server?
  8. "Q825916: Exchange 2000 Active Directory Connector Does Not Successfully Replicate Changes to Group Membership in Windows Server 2003 Active Directory in Forest Functional Levels 1 or 2". Microsoft Support. 2006-10-27. Retrieved 2012-11-21. [...] changes do not replicate between a Windows Server 2003 Active Directory server (in forest functional level 1 or in forest functional level 2) and a Microsoft Exchange Server 5.5 computer [...]
  9. Comment officially marked as "answer" by Microsoft-employed forum moderator "Arthur_Li". Jorge Mederos (2010-10-11). "AD server vs. Domain Controller vs. Member Server , et al.". Microsoft TechNet Forums. Retrieved 2012-11-21. [...] the term "AD Servers" is not a phrase you will find in any of the technical books and I myself have not heard that term used in the industry.

External links