0

What is a domain controller in the context of Windows servers?

Casebash
  • 133
  • 1
  • 9
  • 3
    Have you done any research on this by yourself at all? This is a trivially easy question to figure out with a simple google search for "windows domain controller". The first result is a very informative wikipedia article. – EEAA Nov 03 '10 at 03:52
  • 3
    @ErikA: The whole point of StackExchange is to attempt to become one of the top results in Google for basic questions like this. = increased exposure. Besides the answer I got was much more informative than the Wikipedia article – Casebash Nov 03 '10 at 04:26
  • 1
    No, the "whole point" of StackExchange is to provide high-quality answers to high-quality, well-researched, and well-articulated questions. Good placement in Google's index is merely a very nice side effect. – EEAA Nov 03 '10 at 04:29
  • @user - See the SF "how to ask" page for more information on why I asked if you'd done any work on this yourself: http://serverfault.com/questions/how-to-ask/ – EEAA Nov 03 '10 at 04:38
  • 1
    @ErikA: Read: http://meta.stackexchange.com/questions/5280/embrace-the-non-googlers, http://meta.serverfault.com/questions/136/serverfault-seriously-needs-more-information-in-how-to-ask/139#139. Regardless, I got the answer I wanted, which demonstrated that this question was worthwhile – Casebash Nov 03 '10 at 11:38

1 Answers1

7

A Domain Controller in Microsoft networks is the central server for Active Directory. It is the server that maintains the authentication database for the entire domain. In addition to this critical role it also does:

  • Stores information in the directory itself. AD is an X500-compliant directory, which means it can do anything LDAP can do. It has an extensible schema, which is useful for add-ons such as the Unix LDAP extensions.
  • Houses the SYSVOL shares needed for Group Policy Object processing
  • May store a copy of the Global Catalog, a reduced set of information for an entire Active Directory forest.
  • Optionally runs any PKI Certificate Authorities.

A key thing to keep in mind is that the database the Domain Controller keeps is a distributed database. Domain Controllers in the same domain all have a copy of the same database, which means they need to be able to replicate changes to each other. Additionally, the database is a multi-master database, which means that changes to the database may be applied to any copy.

With Server 2008 there is a new type of Domain Controller, the Read-Only Domain Controller. This Domain Controller has the entire database except for the authentication parts; a selected group of users may house their authentication details on a R/O DC. The reason for this is to better serve remote offices in the case of a WAN link failure and to minimize information exposure should the R/O Domain Controller get stolen.

That's the 1000m view.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300