Domain controller (Windows): Difference between revisions
Added a reference to Microsoft TechNet |
added info about open source domain controller implementations |
||
| Line 1: | Line 1: | ||
On [[Windows Server System]]s, a '''domain controller''' ('''DC''') is a [[Server (computing)|server]] that responds to security authentication requests (logging in, checking permissions, etc.) within the [[Windows Server domain]].<ref name="DomainControllerRoles">{{cite web | title = Domain Controller Roles | work = Microsoft TechNet | url = http://technet.microsoft.com/en-us/library/cc786438(WS.10).aspx | accessdate = Dec 4th, 2009 }}</ref> |
On [[Windows Server System]]s, a '''domain controller''' ('''DC''') is a [[Server (computing)|server]] that responds to security authentication requests (logging in, checking permissions, etc.) within the [[Windows Server domain]].<ref name="DomainControllerRoles">{{cite web | title = Domain Controller Roles | work = Microsoft TechNet | url = http://technet.microsoft.com/en-us/library/cc786438(WS.10).aspx | accessdate = Dec 4th, 2009 }}</ref>. |
||
The role of a domain controller is often implemented by: |
|||
* [[Microsoft Windows]] |
|||
* [[Samba (software)|Samba]], an open source implementation |
|||
== History == |
== History == |
||
| Line 16: | Line 21: | ||
However, there are still a number of roles that only one domain controller can perform, called the [[Flexible single master operation]] roles (some of these roles must be filled by one DC per domain, while others only require one DC per [[Active Directory#Forests, trees, and domains|AD Forest]]). If the server performing one of these roles is lost the domain can still function, and if the server will not be available again, an administrator can designate an alternate DC to assume the role (a process known as "seizing" the role). |
However, there are still a number of roles that only one domain controller can perform, called the [[Flexible single master operation]] roles (some of these roles must be filled by one DC per domain, while others only require one DC per [[Active Directory#Forests, trees, and domains|AD Forest]]). If the server performing one of these roles is lost the domain can still function, and if the server will not be available again, an administrator can designate an alternate DC to assume the role (a process known as "seizing" the role). |
||
== See also == |
|||
| ⚫ | |||
| ⚫ | |||
* [[Samba (software)]] |
|||
== References == |
== References == |
||
| Line 21: | Line 32: | ||
{{refs}} |
{{refs}} |
||
== |
== External links == |
||
* [http://support.microsoft.com/kb/247811 How domain controllers are located in Windows] |
|||
| ⚫ | |||
* [http://www.turnkeylinux.org/domain-controller Pre-integrated open source domain controller] |
|||
| ⚫ | |||
{{DEFAULTSORT:Domain Controller}} |
{{DEFAULTSORT:Domain Controller}} |
||
Revision as of 10:13, 4 December 2009
On Windows Server Systems, a domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain.[1].
The role of a domain controller is often implemented by:
- Microsoft Windows
- Samba, an open source implementation
History
Windows NT
In older versions of Windows such as Windows NT, one domain controller per domain was configured as the Primary Domain Controller (PDC); all other domain controllers were Backup Domain Controllers (BDC).
A BDC could authenticate the users in a domain, but all updates to the domain (new users, changed passwords, group membership, etc) could only be made via the PDC, which would then propagate these changes to all BDCs in the domain. If the PDC was unavailable (or unable to communicate with the user requesting the change), the update would fail. If the PDC was permanently unavailable (e.g. if the machine failed), an existing BDC could be promoted to PDC.
Because of the critical nature of the PDC, best practices dictated that the PDC should be dedicated solely to domain services, and not used for file/print/application services that could slow down or crash the system. Some network administrators took the additional step of having a dedicated BDC online for the express purpose of being available for promotion if the PDC failed.
Windows 2000
Windows 2000 and later versions introduced Active Directory ("AD"), which largely eliminated the concept of primary and backup domain controllers in favor of multi-master replication.
However, there are still a number of roles that only one domain controller can perform, called the Flexible single master operation roles (some of these roles must be filled by one DC per domain, while others only require one DC per AD Forest). If the server performing one of these roles is lost the domain can still function, and if the server will not be available again, an administrator can designate an alternate DC to assume the role (a process known as "seizing" the role).
See also
References
- ^ "Domain Controller Roles". Microsoft TechNet. Retrieved Dec 4th, 2009.
{{cite web}}: Check date values in:|accessdate=(help)