A domain controller (DC) is a
server computer
In computing, a server is a piece of computer hardware or software ( computer program) that provides functionality for other programs or devices, called " clients". This architecture is called the client–server model. Servers can provide var ...
that responds to security authentication requests within a computer
network domain. It is a
network
Network, networking and networked may refer to:
Science and technology
* Network theory, the study of graphs as a representation of relations between discrete objects
* Network science, an academic field that studies complex networks
Mathematics
...
server that is responsible for allowing
host
A host is a person responsible for guests at an event or for providing hospitality during it.
Host may also refer to:
Places
* Host, Pennsylvania, a village in Berks County
People
*Jim Host (born 1937), American businessman
* Michel Host ...
access to domain resources. It authenticates users, stores user account information and enforces
security policy
Security policy is a definition of what it means to ''be secure'' for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms ...
for a domain. It is most commonly implemented in
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
environments (see
Domain controller (Windows) On Microsoft Servers, a domain controller (DC) is a server computer that responds to security authentication requests (logging in, etc.) within a Windows domain. A ''domain'' is a concept introduced in Windows NT whereby a user may be granted access ...
), where it is the centerpiece of the Windows
Active Directory
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralize ...
service. However, non-Windows domain controllers can be established via
identity management software such as
Samba
Samba (), also known as samba urbano carioca (''urban Carioca samba'') or simply samba carioca (''Carioca samba''), is a Brazilian music genre that originated in the Afro-Brazilian communities of Rio de Janeiro in the early 20th century. Havin ...
and
Red Hat
Red Hat, Inc. is an American software company that provides open source software products to enterprises. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina, with other offices worldwide.
Red Hat has become ass ...
FreeIPA
FreeIPA is a free and open source identity management system. FreeIPA is the upstream open-source project foRed Hat Identity Management
Overview
FreeIPA aims to provide a centrally managed Identity, Policy, and Audit (IPA) system. It uses ...
.
Software
The software and operating system used to run a domain controller usually consists of several key components shared across
platforms. This includes the operating system (usually
Windows Server
Windows Server (formerly Windows NT Server) is a group of operating systems (OS) for servers that Microsoft has been developing since July 27, 1993. The first OS that was released for this platform was Windows NT 3.1 Advanced Server. With the r ...
or
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
), an
LDAP
The Lightweight Directory Access Protocol (LDAP ) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory servi ...
service (
Red Hat Directory Server, etc.), a network time service (
ntpd
The Network Time Protocol daemon (ntpd) is an operating system program that maintains the system time in synchronization with time servers using the Network Time Protocol (NTP).
Description
The ntpd program is an operating-system daemon that s ...
,
chrony
chrony is an implementation of the Network Time Protocol (NTP). It's an alternative to ntpd, which is a reference implementation of NTP. It runs on Unix-like operating systems (including Linux and macOS) and is released under the GNU GPL v2. It' ...
, etc.), and a computer network authentication protocol (usually
Kerberos). Other components, such as a
public key infrastructure
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilit ...
(Active Directory Certificate Services, DogTag,
OpenSSL
OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...
) service and
Domain Name System
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
(Windows DNS or
BIND
BIND () is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named (pronounced ''name-dee'': , short for ''name daemon''), performs both of the main DNS server roles, acting as an authoritative ...
) may also be included on the same server or on another domain-joined server.
Implementation
Domain controllers are typically deployed as a
cluster
may refer to:
Science and technology Astronomy
* Cluster (spacecraft), constellation of four European Space Agency spacecraft
* Asteroid cluster, a small asteroid family
* Cluster II (spacecraft), a European Space Agency mission to study t ...
to ensure high-availability and maximize reliability. In a Windows environment, one domain controller serves as the Primary Domain Controller (PDC) and all other servers promoted to domain controller status in the domain server as a Backup Domain Controller (BDC). In Unix-based environments, one machine serves as the master domain controller and others serve as replica domain controllers, periodically replicating database information from the main domain controller and storing it in a read-only format.
See also
*
Apple Open Directory
Apple Open Directory is the LDAP directory service model implementation from Apple Inc. A directory service is software which stores and organizes information about a computer network's users and network resources and which allows network administ ...
*
Domain controller (Windows) On Microsoft Servers, a domain controller (DC) is a server computer that responds to security authentication requests (logging in, etc.) within a Windows domain. A ''domain'' is a concept introduced in Windows NT whereby a user may be granted access ...
*
Microsoft Windows Active Directory
*
Red Hat Identity Manager/
Red Hat FreeIPA
*
Samba
Samba (), also known as samba urbano carioca (''urban Carioca samba'') or simply samba carioca (''Carioca samba''), is a Brazilian music genre that originated in the Afro-Brazilian communities of Rio de Janeiro in the early 20th century. Havin ...
*
Univention Corporate Server
Univention Corporate Server (UCS) is a server operating system derived from Debian with an integrated management system for the central and cross-platform administration of servers, services, clients, desktops and users as well as virtualized com ...
*
List of LDAP software
The following is a list of software programs that can communicate with and/or host directory services via the Lightweight Directory Access Protocol (LDAP).
Client software
Cross-platform
* Admin4 - an open source LDAP browser and directory cl ...
References
Servers (computing)
{{Improve categories, date=January 2020
Domain Name System
Active Directory
Authentication protocols
Network architecture
Red Hat software