SearchWindowsServer.com

domain controller

By Peter Loshin

What is a domain controller?

A domain controller is a type of server that processes requests for authentication from users within a computer domain. Domain controllers are most commonly used in Windows Active Directory (AD) domains but are also used with other types of identity management systems.

Domain controllers duplicate directory service information for their domains, including users, authentication credentials and enterprise security policies.

What are the main functions of a domain controller?

Domain controllers restrict access to domain resources by authenticating user identity through login credentials, and by preventing unauthorized access to those resources.

Domain controllers apply security policies to requests for access to domain resources. For example, in a Windows AD domain, the domain controller draws authentication information for user accounts from AD.

A domain controller can operate as a single system, but they are usually implemented in clusters for improved reliability and availability. For domain controllers running under Windows AD, each cluster comprises a primary domain controller (PDC) and one or more backup domain controllers (BDC). In Unix and Linux environments replica domain controllers copy authentication databases from the primary domain controller.

Why is a domain controller important?

Domain controllers control all domain access, blocking unauthorized access to domain networks while allowing users access to all authorized directory services.

The domain controller mediates all access to the network, so it is important to protect it with additional security mechanisms such as:

Domain controllers control all access to computing resources in an organization, so they must be designed to resist attacks and to continue to function under adverse conditions.

How are domain controllers set up in Active Directory?

Domain control is a function of Microsoft's Active Directory, and domain controllers are servers that can use Active Directory to respond to authentication requests.

Experts advise against relying on a single domain controller, even for smaller organizations. Best practices call for one primary domain controller and at least one backup domain controller to avoid downtime from system unavailability.

Another best practice is to deploy each domain controller on a standalone physical server. This includes virtual domain controllers, which should be run on virtual machines (VMs) running on different physical hosts.

Domain controllers can be deployed on physical servers, running as VMsor as part of a cloud directory service.

Steps for setting up an AD domain controller include:

Specifics for setting up and configuring AD domain controllers vary depending on the version of Windows Server in use on the domain.

See video below for how to set up a domain controller in Windows Server 2019.

Other domain controller implementation options

The following options are available when setting up a domain controller with AD:

What are the benefits of domain controller?

Domain controller benefits include:

What are the limitations of domain controllers?

Some domain controller limitations include:

Domain controllers are fundamental to securing unauthorized access to an organization's domains. Learn how to set up and deploy a Windows Server 2016 domain controller securely.

23 Dec 2021

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement