Is there any difference between Domain controller and Active directory?

Question

If I want to define domain controller then i would say DC is where active directory installed or

Acitve Directory simply means: Secure centralized authentication and management and domain controller = ADDS + DNS.

But I get confused when i read here that

I also think it is VERY EASY to say DOMAIN CONTROLLER == ACTIVE DIRECTORY, which isn't quite the case.

I want to know is it correct or wrong? If wrong then what is the difference?

Think of AD as the database/repository and the DC as the facilitator/custodian/host of that repository. Really no different in comparison to a SQL server running SQL. — TheCleaner, May 03 '17 at 14:10
@TheCleaner I didn't get this `Really no different in comparison to a SQL server running SQL.` — d a i s y, May 04 '17 at 03:27
@daisy I think TheCleaner means is that when people talk of "the SQL server" they sometimes mean "the box it runs on" and sometimes "the software [providing access to and managing database(s)]". Loosely, the DC is "the box it runs on" and AD is "the software [providing access to and managing user/directory information]". — TripeHound, May 04 '17 at 07:38
It's the difference between a single cab and a taxi service. A taxi service can consist of one or many cabs, but without any cabs, there is no taxi service. — Heinzi, May 04 '17 at 08:21
>Just to put it another way that might be helpful is to say that Active Directory is a directory service for Windows domain networks and the Domain Controller is what serves that service on your Windows domain network. So, there is a difference between Active Directory and Domain Controller. — Net Runner, May 04 '17 at 13:43
@daisy - replying to your question about my comment. As Art stated in his answer. A "Domain Controller" is a server that runs the AD "service". Think of AD as the application and the "Domain Controller" a the term used for the server that runs that app/service. The term "domain controller" is more carry over from the NT days (PDC, BDCs) that just stuck as the nomenclature for a "server running AD" over time. — TheCleaner, May 04 '17 at 14:29
@TheCleaner Yes I read Art's answer and seems fair enough. So the fsmo pdc emulator role not relate to dc means it is not the that case. — d a i s y, May 04 '17 at 15:18
The PDC emulator role is a FSMO role as part of the overall ADDS environment. Think of "domain controller" as a term used to describe any server running the ADDS role (in roles and features) regardless of which FSMO roles that server is running. — TheCleaner, May 04 '17 at 16:09

Art.Vandelay05 · Accepted Answer · 2017-05-03T14:11:10.710

19

Just to put it another way that might be helpful is to say that Active Directory is a directory service for Windows domain networks and the Domain Controller is what serves that service on your Windows domain network. So, there is a difference between Active Directory and Domain Controller. One is the service, while the other is what serves that service.

edited May 03 '17 at 14:11

answered May 03 '17 at 13:59

Art.Vandelay05

1,354
3
13
27

score 5 · Answer 2 · answered May 03 '17 at 17:56

5

Very simply, Active Directory is a set of services, that are provided by Domain Controllers (usually more than one). The domain controller itself usually refers to the Software itself where Active Directory refers to the service that that software provides.

A similar example is HTTP, which is the service, but the software running it is a web server like IIS, Httpd, NGINX, etc.

answered May 03 '17 at 17:56

Steve Butler

1,016
9
19

The example is a bit off, HTTP is a protocol. – Koraktor May 03 '17 at 20:47
Yeah, http is a protocol, but it's also the service that runs that your web browser talks to (using the protocol). HTTP Server --> HTTP Client ~= AD Server --> AD Client – Steve Butler May 03 '17 at 21:19
2

A better example might be a web site. E.g. "Active Directory is like Amazon.com and domain controllers are like web servers." – Greenstone Walker May 04 '17 at 02:38

score 4 · Answer 3 · answered Feb 14 '20 at 05:55

Without Active Directory, every computer on the network has its own small database of usernames and passwords. Microsoft calls this kind of set up a WORKGROUP, that is, every computer on its own and there is no central control. This creates a challenge when you have many computers and a user needs to access one of them or when he changes his password or username. Active Directory keeps a centralized store of usernames and passwords. Any changes to usernames and passwords are recorded by Active Directory and all computers on the network have access to this information. Hence Active Directory;

Is essentially a database
Provides centralized control
Records all password changes
Can be distributed across the world
Stores resources like Printers and share folders
Services like Email can use Active Directory

I created a serverfault account just to upvote your answer. Every answer should have a clarity in a way that one term is not explained in terms of another term which needs to be explained. Your answer explained the concept in as simple way as possible. A good answer should include what is it and why do we use it. A "why " is very important. — 0decimal0, Jul 12 '20 at 14:14

score 3 · Answer 4 · answered May 04 '17 at 12:44

Active Directory is what is called a directory service, it stores objects like users and computers. So you can consider it as as database that store users and computers configuration in AD domain. A domain controller is the server running Active Directory; Domain controllers are typically referred as DC. Domain controller is a server based on MS windows Server 200X which is responsible for allowing host access to domain resources.
A Domain controller authenticates the users and the computers to join the domain. You can have many Domain controllers in your AD for many reasons, like redundancy and load balance as users can use anyone of them as they are replicating AD database.

score 1 · Answer 5 · answered Jan 04 '22 at 13:27

A Domain Controller is a server on the network that centrally manages access for users, PCs and servers on the network. It does this using Active Directory.

Active Directory is a database that organises your company’s users and computers. It provides authentication and authorization to applications, file services, printers, and other resources on the network. It uses protocols such as Kerberos and NTLM for authentication and LDAP to query and modify items in the Active Directory databases.

https://www.compete366.com/blog-posts/the-difference-between-ad-and-azure-ad-explained/

score 0 · Answer 6 · answered May 03 '17 at 09:58

Active Directory

*It acts as a centralized repository and provides centralized control.Everything in the AD is treated as an object.It is essentially a database which holds the objects.The name of the database file is NTDS.DIT

Domain Controller

*When we deploy active directory in a server then it is called as a domain controller.It runs the AD Domain Service and it also holds the copy of the AD database.Replication is done from one DC to another DC.The job of the DC is to authenticate the user who can access and can't have access.

Not all DCs necessarily holds a copy of the database. In case they need information on a record not avilable locally in the database copy, a query (referral) is made to obtain the information needed. But this goes far beyond the scope of the original question :) — Mikael Dyreborg Hansen, May 03 '17 at 14:07

score 0 · Answer 7 · answered Jul 23 '19 at 05:34

Active directory is just like a database that stores information as object of users and computers. But Domain Controller (DC) is a server that runs Active Directory and use data stored on AD for authentication and authorization of users. Domain controller manages security policies of Window NT or Windows Server.

Is there any difference between Domain controller and Active directory?

7 Answers7

Linked