Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
A domain controller (DC) is a server that responds to security authentication requests within a Windows Server domain.
It is a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources.
A domain controller is the centerpiece of the Windows Active Directory service. It authenticates users, stores user account information and enforces security policy for a Windows domain.
It allows hierarchical organization and protection of users and computers operating on the same network.
In simpler terms, when a user logs into their domain, the DC authenticates and validates their credentials (usually in the form of username, password and/or IP location) and then allows or denies access.
A domain controller gives access to another domain in a trust relationship so that a user logging into a domain can access resources in another domain.
Early versions of Windows such as Windows NT had one domain controller per domain, which was called a primary domain controller.
All other domain controllers were backup domain controllers.
Beginning with Windows 2000, the primary domain controller and backup domain controller roles were replaced by Active Directory.
The domain controllers in these domains are considered to be equal, as all controllers have full access to the accounts database stored on their machines.
When a network is comprised of hundred of computers, managing the authentication of each individual machine may be too complicated.
To simplify this task a single computer (the domain controller) can be dedicated to manage all the authentications for all the others (the clients).
All login credentials of all client computers and devices connected to the network are stored in the DC’s Active Directory. The Active Directory is shared by all computers on the network, and whenever a user tries to login, their credentials are checked against those saved in this master directory database.
To strengthen security, no one except the administrator of the DC has the authority to change security or login information or add new computers to the domain.
A DC is usually a key target during a cyberattack since it represents a primary entry point to the entire infrastructure. To prevent serious data breaches, they are usually protected with robust cybersecurity measures.
To ensure that network resources are always stable and readily available, DCs are often deployed as a cluster.
The network administrator may designate a single primary domain controller (PDC) as well as additional backup domain controllers (BDCs). Periodically, the PDC automatically creates a backup copy of the Active Directory database on all BDCs that is stored in read-only format.
If the server performing the domain controller role is lost, the domain can still function. If the PDC is not available or fails, the administrator can designate an alternate BDC to assume the role.
BDCs are also used to ease the workload when the network is too busy.
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…
What is Differential Privacy? Differential privacy is a mathematical framework for determining a quantifiable and adjustable level of privacy protection....
Margaret RouseTechnology Expert
What are Tactics, Techniques, and Procedures (TTPs)? Tactics, techniques, and procedures (TTPs) are the strategic plans, methodologies, and actions an...
What is a Security Posture? Security posture definition refers to the ability an organization has to protect its information technology...
Trending NewsLatest GuidesReviewsTerm of the Day