Primary Domain Controller

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A Primary Domain Controller (PDC) is a server computer in a Windows domain. A domain is a network of logically grouped computers to which access is controlled by the PDC. Various account types exist in the domain, the most basic is the "guest" or "anonymous login" account. The PDC has an administration account which has overall total control of the domain resources.

PDCs[edit]

In Windows NT, one DCO serves as the Primary Domain Controller. Others, if they exist, are usually a Backup Domain Controller (BDC). The primary domain controller (PDC) PDC is typically designated as the "first".[1] The "User Manager for Domains" is a utility for maintaining user/group information. It uses the domain security database on the primary controller. The PDC has the master copy of the user accounts database which it can access and modify. The BDC computers have a copy of this database, but these copies are read-only. The PDC will replicate its account database to the BDCs on a regular basis.[2] The BDCs exist in order to provide a backup to the PDC, and can also be used to authenticate users logging on to the network. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will usually be the first domain controller that was created unless it was replaced by a promoted BDC.

PDC emulation[edit]

In modern releases of Windows, domains have been supplemented by the use of Active Directory services. In Active Directory domains, the concept of primary and secondary domain controller relationships no longer applies. Primary domain controller emulators hold the accounts databases and administrative tools. As a result a heavy workload can slow the system down. The DNS service may be installed on a secondary emulator machine to relieve the workload on the PDC emulator. The same rules apply; only one PDC may exist on a domain, but multiple replication servers may still be used.[3]

  • The PDC emulator master acts in place of the Primary Domain Controller if there are Windows NT 4.0 domain controllers (BDCs) remaining within the domain, acting as a source for them to replicate from.
  • The PDC emulator master receives preferential replication of password changes within the domain. As password changes take time to replicate across all the domain controllers in an Active Directory domain, the PDC emulator master receives notification of password changes immediately, and if a logon attempt fails at another domain controller, that domain controller will forward the logon request to the PDC emulator master before rejecting it.
  • The PDC emulator master also serves as the machine to which all domain controllers in the domain will synchronise their clocks. It, in turn, should be configured to synchronise to an external NTP time source.[4]

Samba[edit]

PDC has been faithfully recreated on the Samba emulation of Microsoft's SMB client/server system. Samba has the capability to emulate an NT 4.0 domain, running on a Linux machine.[5]

See also[edit]

References[edit]

  1. ^ "Domain Controller Roles". Microsoft Tech net 3 June 2010. Retrieved 13 February 2011. 
  2. ^ "Peer-to-Peer Transactional Replication". Microsoft Technet - date undisclosed. Retrieved 13 February 2011. 
  3. ^ "Reducing the Workload on the PDC Emulator Master". Microsoft Technet 9 January 2009. Retrieved 13 February 2011. 
  4. ^ "Configure the Time Source for the Forest". Microsoft Technet 9 January 2009. Retrieved 13 February 2011. 
  5. ^ "Server Manager Shows PDC and BDC as Workstations with Samba Linux Server in Network". Microsoft Technet 1 November 2006. Retrieved 13 February 2011.