What’s a Domain Controller?

Print anything with Printful



A domain controller stores user account data and provides domain-level services. The first model was not scalable, but Active Directory allows multiple domains to function at the same level. Samba addresses the limitation of Windows-based operating systems.

A domain controller (DM) refers to a Microsoft Windows®-based computer system that stores user account data for the assigned domain in a central database. It uses this stored data to provide important domain-level services, such as user authentication, security policy enforcement, and resource access. Essentially, a domain controller allows a system administrator to grant any specific user access to certain system-level resources, applications, printers, through a username and password.

The first DM was implemented on Windows® NT through a database known as Security Accounts Manager (SAM). This system is based on a primary domain controller (PDC) paired with one or more backup domain controllers (BDC). The PDC handles all domain-related issues, such as user authentication, while the read-only PDCs act as a backup for greater fault tolerance. In case the PDC fails, one of the BDCs must be reconfigured into a PDC.

The problem with the Windows® NT domain controller model is that it is not scalable, which means it can only be used for small business purposes. To work around this problem, Microsoft has replaced the SAM, PDC, and BDC with Active Directory (AD). This technology turns the web into one big directory, a bit like the yellow pages, much easier to manage and control. More importantly, the Active Directory system allows multiple domains to function at the same level.

Each domain controller has a copy of the AD database. Additionally, all domain controllers in the domain remain continuously synchronized by a process known as multimaster replication. In this process, whenever information on one DC changes, a signal is then transmitted to all other DCs, thus ensuring that all information remains up-to-date and correct. It may be important to note, however, that one domain controller acts as the master, as it is responsible for committing all data changes and resolving any conflicts that may arise when concurrent data change requests are made. In case the master fails, another domain controller immediately takes over the role.

There is, however, one major limitation to the Active Directory system. The domain controller must clearly host a Windows®-based operating system, which means that all other domain members or workstations must also use Windows®. This problem was addressed with the introduction of Samba, an open source/free software suite that allows workstations running other operating systems, such as UNIX, Linux, IBM System 390, and OpenVMS, to interact with the domain controller. This gives a network administrator or technician much more flexibility. It is especially useful in large companies where different departments require different operating systems.




Protect your devices with Threat Protection by NordVPN


Skip to content