A domain controller is a server that manages access to network resources within a single domain (a group of networks or hosts united by common security policies).
A domain controller performs user authentication in the domain; that is, it allows users to log in to the network using the same username and password pair on any computer in the domain, unless prohibited by security policies or local settings.
Domain controller functions
The purpose of a domain controller is to provide centralized management of access to network resources (shared folders, printers, etc.). In particular, domain controllers:
- Run directory services such as Windows Active Directory;
- Perform centralized management of the list of network users and their permissions;
- Create configuration templates for network computers;
- Store user IDs and passwords;
- Authenticate users logging in to the network;
- Search directory service records;
- Manage domain security policies.
Domain controller implementation options
Microsoft introduced the concept of a domain controller for networks running servers under Windows NT. In most cases, a separate device with specialized software — for example, a computer running the Windows Server operating system, which has the required functionality — acts as a domain controller.
In other operating systems, standalone solutions such as Samba or Red Hat FreeIPA can perform domain controller functions.
Domain controllers can also run in virtual machines, and some — cloud domain controllers — are provided as a service.
Using multiple controllers for a single domain
For greater reliability and continuity of service, multiple controllers can operate in the same domain. There are two options for using additional domain controllers:
- One is designated as the primary domain controller (PDC), and the rest as backup domain controllers (BDCs). A BDC assumes the PDC’s role if the latter is unavailable.
- Several domain controllers operate in parallel, distributing tasks among themselves. In large networks, this helps to balance the load and avoid domain controller overloading if too many users try to log in at the same time.