Domain Controllers
   HOME

TheInfoList



Click Here for Items Related To - Domain Controllers
OR:
Domain Controllers on:   [Wikipedia]   [Google]   [Amazon]

On
Microsoft Servers Microsoft Servers (previously called Windows Server System) is a discontinued brand that encompasses Microsoft software products for server computers. This includes the Windows Server editions of the Microsoft Windows operating system, as well a ...
, a domain controller (DC) is a
server computer In computing, a server is a piece of computer hardware or software ( computer program) that provides functionality for other programs or devices, called " clients". This architecture is called the client–server model. Servers can provide var ...
that responds to security authentication requests (logging in, etc.) within a
Windows domain A Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as domain controlle ...
. A ''domain'' is a concept introduced in
Windows NT Windows NT is a proprietary graphical operating system produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system. The first version of Win ...
whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.


History

With Windows NT 4 Server, one domain controller per domain was configured as the primary domain controller (PDC); all other domain controllers were backup domain controllers (BDC). Because of the critical nature of the PDC, best practices dictated that the PDC should be dedicated solely to domain services, and not used for file, print or application services that could slow down or crash the system. Some network administrators took the additional step of having a dedicated BDC online for the express purpose of being available for promotion if the PDC failed. A BDC could authenticate the users in a domain, but all updates to the domain (new users, changed passwords, group membership, etc.) could only be made via the PDC, which would then propagate these changes to all BDCs in the domain. If the PDC was unavailable (or unable to communicate with the user requesting the change), the update would fail. If the PDC was permanently unavailable (e.g. if the machine failed), an existing BDC could be promoted to be a PDC.
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...
and later versions introduced
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...
("AD"), which largely eliminated the concept of PDC and BDC in favor of
multi-master replication Multi-master replication is a method of database replication which allows data to be stored by a group of computers, and updated by any member of the group. All members are responsive to client data queries. The multi-master replication system i ...
. However, there are still several roles that only one domain controller can perform, called the
Flexible single master operation Flexible Single Master Operations (FSMO, F is sometimes "floating"; pronounced Fiz-mo), or just single master operation or operations master, is a feature of Microsoft's Active Directory (AD). As of 2005, the term FSMO has been deprecated in favour ...
roles. Some of these roles must be filled by one DC per domain, while others only require one DC per AD forest. If the server performing one of these roles is lost, the domain can still function, and if the server will not be available again, an administrator can designate an alternate DC to assume the role in a process known as "seizing" the role.


Primary domain controller

In Windows NT 4, one DC serves as the primary domain controller (PDC). Others, if they exist, are usually a backup domain controller (BDC). The PDC is typically designated as the "first". The "User Manager for Domains" is a utility for maintaining user/group information. It uses the domain security database on the primary controller. The PDC has the master copy of the user accounts database which it can access and modify. The BDC computers have a copy of this database, but these copies are read-only. The PDC will replicate its account database to the BDCs on a regular basis. The BDCs exist in order to provide a backup to the PDC, and can also be used to authenticate users logging on to the network. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will usually be the first domain controller that was created unless it was replaced by a promoted BDC.


PDC emulation (Primary Domain Controller)

In modern releases of Windows, domains have been supplemented by the use of
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...
services. In Active Directory domains, the concept of primary and secondary domain controller relationships no longer applies. PDC emulators hold the accounts databases and administrative tools. As a result, a heavy workload can slow the system down. The DNS service may be installed on a secondary emulator machine to relieve the workload on the PDC emulator. The same rules apply; only one PDC may exist on a domain, but multiple replication servers may still be used. * The PDC emulator master acts in place of the PDC if there are
Windows NT 4.0 Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, which was released to manufacturing on July 31, 1996, and then to retail ...
domain controllers (BDCs) remaining within the domain, acting as a source for them to replicate from. * The PDC emulator master receives preferential replication of password changes within the domain. As password changes take time to replicate across all the domain controllers in an Active Directory domain, the PDC emulator master receives notification of password changes immediately, and if a logon attempt fails at another domain controller, that domain controller will forward the logon request to the PDC emulator master before rejecting it. * The PDC emulator master also serves as the machine to which all domain controllers in the domain will synchronise their clocks. It, in turn, should be configured to synchronise to an external NTP time source.


Samba

Primary Domain Controllers (PDC) have been faithfully recreated on the Samba emulation of Microsoft's SMB client/server system. Samba has the capability to emulate an NT 4.0 domain, as well as modern Active Directory Domain Services on a
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
machine.


Backup domain controller

In Windows NT 4 domains, the backup domain controller (BDC) is a computer that has a copy of the user accounts database. Unlike the accounts database on the PDC, the BDC database is a read-only copy. When changes are made to the master accounts database on the PDC, the PDC pushes the updates down to the BDCs. These additional domain controllers exist to provide fault tolerance. If the PDC fails, then it can be replaced by a BDC. In such circumstances, an administrator promotes a BDC to be the new PDC. BDCs can also authenticate user logon requests and take some of the authentication load from the PDC. When
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...
was released, the NT domain as found in NT 4 and prior versions was replaced by
Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...
. In Active Directory domains running in native mode, the concept of the PDC and BDC do not exist. In these domains, all domain controllers are considered equals. A side effect of this change is the loss of ability to create a "read-only" domain controller.
Windows Server 2008 Windows Server 2008 is the fourth release of the Windows Server operating system produced by Microsoft as part of the Windows NT family of the operating systems. It was released to manufacturing on February 4, 2008, and generally to retail on F ...
reintroduced this capability.


Nomenclature

Windows Server can be one of three kinds: Active Directory "domain controllers" (ones that provide identity and authentication), Active Directory "member servers" (ones that provide complementary services such as file repositories and schema) and Windows Workgroup "stand-alone servers". The term "Active Directory Server" is sometimes used by Microsoft as synonymous to "Domain Controller" but the term is discouraged.Comment officially marked as "answer" by Microsoft-employed forum moderator "Arthur_Li".


References


External links


How domain controllers are located in Windows

Pre-integrated open source domain controller
{{DEFAULTSORT:Domain Controller Microsoft server technology Active Directory