Domain controller explained

A domain controller (DC) is a server[1] [2] that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain.[3] It is most commonly implemented in Microsoft Windows environments (see Domain controller (Windows)), where it is the centerpiece of the Windows Active Directory service. However, non-Windows domain controllers can be established via identity management software such as Samba and Red Hat FreeIPA.

Software

The software and operating system used to run a domain controller usually consists of several key components shared across platforms. This includes the operating system (usually Windows Server or Linux), an LDAP service (Red Hat Directory Server, etc.), a network time service (ntpd, chrony, etc.), and a computer network authentication protocol (usually Kerberos).[4] Other components, such as a public key infrastructure (Active Directory Certificate Services, DogTag, OpenSSL) service and Domain Name System (Windows DNS or BIND) may also be included on the same server or on another domain-joined server.[5]

Implementation

Domain controllers are typically deployed as a cluster to ensure high-availability and maximize reliability. In a Windows environment, one domain controller serves as the Primary Domain Controller (PDC) and all other servers promoted to domain controller status in the domain serve as a Backup Domain Controller (BDC).[6] In Unix-based environments, one machine serves as the master domain controller and others serve as replica domain controllers, periodically replicating database information from the main domain controller and storing it in a read-only format.[7]

See also

Notes and References

  1. Web site: Domain Controller Roles . Microsoft TechNet . Dec 4, 2009 .
  2. Web site: Domain Controller Roles . Windows Server 2003 Technical Reference . Microsoft TechNet . 2012-11-21 . 2010-06-03.
  3. Web site: 14.3.3. Domain Controller. access.redhat.com.
  4. Web site: Chapter 1. Introduction to FreeIPA. docs.fedoraproject.org. 2020-01-02. 2022-04-07. https://web.archive.org/web/20220407054234/https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/introduction.html. dead.
  5. Web site: 2023-02-06 . How to Find Expired Domains . 2023-04-15 . Domain Hunting Guides . en-US.
  6. Web site: Domain Controller Roles. Microsoft Tech net 3 June 2010. 13 February 2011.
  7. Web site: V4/Replica Setup - FreeIPA. www.freeipa.org.