A Windows domain is a form of a

computer network A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...

in which all

user account A user is a person who uses a computer or network service. A user often has a user account and is identified to the system by a username (or user name). Some software products provide services to other systems and have no direct end use ...

s, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as

domain controller A domain controller (DC) is a Server (computing), server that responds to security authentication requests within a computer network domain. It is a Network (computing), network server that is responsible for allowing Host (network), host access to ...

s. Authentication takes place on domain controllers. Each person who uses computers within a domain receives a unique user account that can then be assigned access to resources within the domain. Starting with Windows Server 2000,

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Direct ...

is the Windows component in charge of maintaining that central database.Northrup, Tony
''Introducing Microsoft Windows 2000 Server''
Microsoft Press, 1999. The concept of Windows domain is in contrast with that of a workgroup in which each computer maintains its own database of security principals.

Configuration

Computers can connect to a domain via LAN, WAN or using a VPN connection. Users of a domain are able to use enhanced security for their VPN connection due to the support for a certification authority which is gained when a domain is added to a network, and as a result,

smart cards A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...

and digital certificates can be used to confirm identities and protect stored information.

Domain controller

In a Windows domain, the directory resides on computers that are configured as domain controllers. A domain controller is a Windows or

Samba Samba () is a broad term for many of the rhythms that compose the better known Brazilian music genres that originated in the Afro-Brazilians, Afro Brazilian communities of Bahia in the late 19th century and early 20th century, It is a name or ...

server that manages all security-related aspects between user and domain interactions, centralizing security and administration. A domain controller is generally suitable for networks with more than 10 PCs. A domain is a logical grouping of computers. The computers in a domain can share physical proximity on a small LAN or they can be located in different parts of the world. As long as they can communicate, their physical location is irrelevant.

Integration

Where PCs running a Windows operating system must be integrated into a domain that includes non-Windows PCs, the

free software Free software, libre software, libreware sometimes known as freedom-respecting software is computer software distributed open-source license, under terms that allow users to run the software for any purpose as well as to study, change, distribut ...

package

is a suitable alternative. Whichever package is used to control it, the database contains the user accounts and security information for the resources in that domain.

Active Directory

Computers inside an

domain can be assigned into organizational units according to location, organizational structure, or other factors. In the original Windows Server Domain system (shipped with

Windows NT Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Original ...

3.x/4), machines could only be viewed in two states from the administration tools; computers detected (on the network), and computers that actually belonged to the domain. Active Directory makes it easier for administrators to manage and deploy network changes and policies (see Group Policy) to all of the machines connected to the domain.

Workgroups

Windows Workgroups, by contrast, is the other model for grouping computers running Windows in a networking environment which ships with Windows. Workgroup computers are considered to be 'standalone' - i.e. there is no formal membership or authentication process formed by the workgroup. A workgroup does not have servers and clients, and hence represents the

peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of Node ...

(or client-to-client) networking paradigm, rather than the centralized architecture constituted by Server-Client. Workgroups are considered difficult to manage beyond a dozen clients, and lack single sign on, scalability, resilience/disaster recovery functionality, and many security features. Windows Workgroups are more suitable for small or home-office networks.

Notes