A primary domain controller (PDC) manages users and groups on a local area network (LAN), storing user information and access permissions for network resources. PDCs were introduced in the 1990s with WindowsNT, but with Windows 2000 and Active Directory, domain controllers no longer have a primary or secondary distinction. PDCs maintain a database of users and permissions for a domain, which is shared with backup servers. Samba server software can also act as a PDC or BDC for a network.
A primary domain controller (PDC) is a server used in computer networks for managing users and groups on a particular segment of a local area network (LAN). The server stores user information and access permissions for network resources, such as other computers or printers, throughout the network. The PDC thus provides a single entry point for users to log into the network and access its resources, thereby reducing multiple username and password combinations.
The use of a primary domain controller for user management occurred in the 1990s with the release of the Microsoft® WindowsNT® operating system. You can then set up a Windows® network with a WindowsNT® server acting as a central source of user administration and access for other computers on the network. This allowed a user to use any other workstation controlled by the PDC without having to establish a user account on that workstation. Another WindowsNT® server would then be configured as a backup domain controller (BDC) in case the PDC was unavailable. With the advent of Windows® 2000 and Active Directory®, domain controllers no longer have a primary or secondary distinction.
The primary domain controller maintains a database of users and their permissions for a particular domain. This database is then shared with any number of additional backup servers. The PDC is the server in this type of network with both read and write capabilities to this database. However, the BDC is able to allow users to access the network, based on the database information shared by the PDC, but any changes to the database happen on the PDC.
Any other server in the domain that is not acting as a PDC or BDC is considered a member server. While a member server can be moved from one domain to another, a primary domain controller or backup domain controller cannot. This is because both the PDC and any BDC in the domain receive a unique security identifier that is unique to the domain to which they belong.
Because multiple domains can exist for a given LAN, the primary domain controller for any domain can establish a trust relationship with another domain’s PDC. An administrator establishes a trust account for the alternate domain PDC. This is a two-way street, as both PDCs must have an established trust relationship in order to access each other’s resources. Once the link is established, users and groups can be assigned permissions on the alternate domain’s PDC.
Since heterogeneous networks are commonplace, free software developers have also implemented domain controller functionality in Samba server software that can run on Linux® and other Unix® operating systems. A Samba implementation running on a LINUX® or UNIX® server can be configured to act as a primary domain controller for a network or as a BDC for a Samba PDC. A Samba BDC, however, cannot support a Microsoft® Windows® PDC.
Protect your devices with Threat Protection by NordVPN
