A domain is a logical grouping of network servers and other computers that share common security and user account information. Within domains, administrators create one user account for each user. Users then log on to a domain, not to individual servers within the domain.
A domain is the administrative unit of Advanced Server directory services. The term domain does not refer to a single location or specific type of network configuration. Computers in a single domain can share physical proximity on a small local area network (LAN) or can be located in different corners of the world, communicating over any number of physical connections, including dial-up lines, ISDN, fiber, Ethernet, Token-Ring, frame relay, satellite, and leased lines.
The directory database stores all security and user account information for a domain. (Other Advanced Server and Windows NT documents may refer to the directory database as the "Security Accounts Manager (SAM) database"). The master copy of the directory database is stored on one server and is replicated to backup servers and then synchronized on a regular basis to maintain centralized security. When a user logs on to a domain, Advanced Server software checks the user name and password against the directory database.
Within a domain, domain controllers manage all aspects of user-domain interactions. Domain controllers are computers running Advanced Server or Windows NT Server that share one directory database to store security and user account information for the entire domain; they comprise a single administrative unit. Domain controllers use the information in the directory database to authenticate users logging on to domain accounts.
There are two types of domain controllers:
The primary domain controller (PDC) tracks changes made to domain accounts. Whenever an administrator makes a change to a domain account, the change is recorded in the directory database on the PDC. The PDC is the only domain server that receives these changes directly. A domain can have only one PDC.
A backup domain controller (BDC) maintains a copy of the directory database. This copy is synchronized periodically and automatically with the PDC. BDCs also authenticate user logons, and a BDC can be promoted to function as the PDC. Multiple BDCs can exist in a domain.
You create a domain when you install Advanced Server on a computer and designate that computer as the PDC. There can be as many BDCs as needed in a domain to share the load of authenticating network logons. In a small organization, a PDC and a single BDC in one domain may be all that is required.
For information about promoting and demoting domain controllers, see Promoting and Demoting Domain Controllers.
Grouping computers into domains provides two main benefits to network administrators and users. The more important one is that the domain controllers form a single administrative unit, sharing security and user account information. In this way, administrators need to manage only one account for each user, and each user needs to use (and remember the password for) only one account. By extending the administrative unit from individual servers to an entire domain, Advanced Server saves administrators and users time and effort.
The second benefit of grouping computers into domains is user convenience. When users browse the network for available resources, they see the network grouped into domains, rather than seeing all of the network servers and printers at once. This benefit is analogous to the benefit of using Microsoft Windows® for Workgroups and the Windows 95 concept of a workgroup.
