Domain controller
Encyclopedia
On Windows Server System
s, a domain controller (DC) is a server
that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain
. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.
, one domain controller per domain was configured as the Primary Domain Controller
(PDC); all other domain controllers were Backup Domain Controller
s (BDC).
A BDC could authenticate the users in a domain, but all updates to the domain (new users, changed passwords, group membership, etc.) could only be made via the PDC, which would then propagate these changes to all BDCs in the domain. If the PDC was unavailable (or unable to communicate with the user requesting the change), the update would fail. If the PDC was permanently unavailable (e.g. if the machine failed), an existing BDC could be promoted to be a PDC.
Because of the critical nature of the PDC, best practices dictated that the PDC should be dedicated solely to domain services, and not used for file/print/application services that could slow down or crash the system. Some network administrators took the additional step of having a dedicated BDC online for the express purpose of being available for promotion if the PDC failed.
and later versions introduced Active Directory
("AD"), which largely eliminated the concept of primary and backup domain controllers in favor of multi-master replication
.
However, there are still several roles that only one domain controller can perform, called the Flexible single master operation
roles (some of these roles must be filled by one DC per domain, while others only require one DC per AD Forest). If the server performing one of these roles is lost the domain can still function, and if the server will not be available again, an administrator can designate an alternate DC to assume the role (a process known as "seizing" the role).
Windows Server System
Microsoft Servers is a brand that encompasses a line of Microsoft server products. This includes the server editions of Microsoft Windows operating system itself, as well as products targeted at the wider business market...
s, a domain controller (DC) is a server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain
Windows Server domain
A Windows domain is a collection of security principals that share a central directory database. This central database contains the user accounts and security information for...
. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.
Windows NT
In older versions of Windows such as Windows NT serverWindows NT 4.0
Windows NT 4.0 is a preemptive, graphical and business-oriented operating system designed to work with either uniprocessor or symmetric multi-processor computers. It was the next release of Microsoft's Windows NT line of operating systems and was released to manufacturing on 31 July 1996...
, one domain controller per domain was configured as the Primary Domain Controller
Primary Domain Controller
A Primary Domain Controller is a server computer in a Windows domain. A domain is a group of computers , where access to a variety of computer resources is controlled by the PDC. Various account types exist in the domain, the most basic is the "guest" or "anonymous login" account...
(PDC); all other domain controllers were Backup Domain Controller
Backup Domain Controller
In Windows NT 4 server domains., the Backup Domain Controller is a computer that has a copy of the user accounts database. Unlike the accounts database on the Primary Domain Controller , the BDC database is a read only copy...
s (BDC).
A BDC could authenticate the users in a domain, but all updates to the domain (new users, changed passwords, group membership, etc.) could only be made via the PDC, which would then propagate these changes to all BDCs in the domain. If the PDC was unavailable (or unable to communicate with the user requesting the change), the update would fail. If the PDC was permanently unavailable (e.g. if the machine failed), an existing BDC could be promoted to be a PDC.
Because of the critical nature of the PDC, best practices dictated that the PDC should be dedicated solely to domain services, and not used for file/print/application services that could slow down or crash the system. Some network administrators took the additional step of having a dedicated BDC online for the express purpose of being available for promotion if the PDC failed.
Windows 2000
Windows 2000Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
and later versions introduced Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
("AD"), which largely eliminated the concept of primary and backup domain controllers in favor of multi-master replication
Multi-master replication
Multi-master replication is a method of database replication which allows data to be stored by a group of computers, and updated by any member of the group. The multi-master replication system is responsible for propagating the data modifications made by each member to the rest of the group, and...
.
However, there are still several roles that only one domain controller can perform, called the Flexible single master operation
Flexible single master operation
Flexible Single Master Operations , or just single master operation or operations master, is a feature of Microsoft's Active Directory...
roles (some of these roles must be filled by one DC per domain, while others only require one DC per AD Forest). If the server performing one of these roles is lost the domain can still function, and if the server will not be available again, an administrator can designate an alternate DC to assume the role (a process known as "seizing" the role).