What is a Primary Domain Controller?

A primary domain controller (PDC) is a server used in computer networks for managing users and groups on a particular segment of a local area network (LAN). The server stores user information and access permissions for network resources, such as other computers or printers, throughout the network. The PDC then provides a single access point for users to log-on to the network and gain access to its resources, thereby alleviating multiple user-name and password combinations.

The use of a primary domain controller for user management came about in the 1990s with the release of the Microsoft® WindowsNT® operating system. A Windows® network could then be set up with a WindowsNT® server operating as this central source of user administration and log-on for other computers on the network. This allowed a user to operate any other workstation controlled by the PDC without having to establish a user account on that workstation. Another WindowsNT® server would then be setup as a backup domain controller (BDC) in case the PDC became unavailable. With the advent of Windows® 2000, and Active Directory®, domain controllers no longer carry a primary or secondary distinction.

The primary domain controller maintains a database of the users and their permissions for a particular domain. This database is then shared with any number of additional backup servers. The PDC is the server in this type of network with both read and write capability to this database. The BDC, however, is capable of allowing users to log-on to the network, based on the shared database information from the PDC, but any changes to the database happen on PDC.

Any other server on the domain that isn't acting as either a PDC or a BDC is considered a member server. While a member server can be moved from one domain to another, a primary domain controller or backup domain controller cannot. This is because both the PDC and any BDCs on the domain are given a unique security identifier that is exclusive to the domain to which they belong.

Since multiple domains may exist for a particular LAN, the primary domain controller for any domain may establish a trust relationship with the PDC of another domain. An administrator establishes a trust account for the PDC of the alternate domain. This is a two-way street, in that both PDCs must have a trust relationship account established in order to gain access to the resources of another. Once the link is established, the users and groups can be given permissions on the alternate domain's PDC.

As heterogeneous networks are commonplace, free software developers have also implemented domain controller capabilities in the Samba server software that can run on Linux® and other Unix® operating systems. A Samba implementation running on a LINUX® or UNIX® server can be configured to act as a primary domain controller for a network, or as a BDC for a Samba PDC. A Samba BDC, however, cannot support a Microsoft® Windows® PDC.