A domain control (DM) refers to a Microsoft Windows®-based computer system that stores user account data for its assigned domain in a central database. It uses this stored data to provide important domain-wide services, such as user authentication, security policy enforcement, and access to resources. Essentially, a domain controller allows a system administrator to grant any specific user access to certain system-wide resources—applications, printers—via a username and password.
The first DM was implemented on Windows® NT via a database known as the Security Accounts Manager (SAM). This system relies on a primary domain controller (PDC) coupled with one or more backup domain controllers (BDC). The PDC handles all domain-related issues, such as user authentication, while the read-only PDCs serve as backups for enhanced fault tolerance. In case the PDC ever fails, one of the BDCs must be reconfigured into a PDC.
The problem with the Windows® NT domain controller model is that it isn’t scalable, meaning it can only be used for small-business purposes. To alleviate this, Microsoft replaced SAM, PDCs, and BDCs with the Active Directory (AD). This technology turns the network into a large directory, kind of like the yellow pages, that’s much easier to manage and control. More importantly, the Active Directory system allows multiple domains to function at an equal level.
Each domain controller has a copy of the AD database. Furthermore, all DCs on the domain remain continually synchronized by a process known as multi-master replication. In this process, anytime information on a DC changes, a signal is then transmitted to all the other DCs, thereby ensuring all information remains updated and correct. It may be important to note, however, that one DC serves as the master, in that it’s responsible for confirming all data modifications and resolving any conflicts that may come up when simultaneous data change requests are made. In case the master fails, another DC immediately takes over the role.
There is, however, one major limitation to the Active Directory system. The domain controller clearly must host a Windows®-based operating system, which therefore means that all other domain members or workstations must also use Windows®. This was fixed by the introduction of Samba, an open-source/free software suite that allows workstations with other operating systems—such as UNIX, Linux, IBM System 390, and OpenVMS—to interact with the domain controller. This gives a network administrator or engineer much more flexibility. It's especially useful in large corporations in which different departments require different operating systems.