What is a domain controller, when is it needed, and how to set it up?
Solution 1:
A "domain" is, to put it simply, a unified collection of machines and user accounts managed by server machines designated as "domain controllers". (This is, of course, an incomplete definition, but it is a good start.) A domain controller is a computer running one of Microsoft's server operating systems, such as Windows Server 2008 or Windows Server 2008 R2 in any edition except Web Edition, or one of the small business-oriented server products, that has had the following actions performed on it:
- The Active Directory Domain Services (ADDS) server role has been turned on.
- The server has been "promoted" as a domain controller for your organization.
To make a system a domain controller, take the two actions above on your server. They can both be done in one process, since you will be prompted to promote the server as soon as you finish adding the server role.
You have to add a domain controller to your network when you decide that it is cost-effective for your organization to have the unified system of credentials, users, groups, and permissions that an Active Directory domain provides, in addition to the machine and user policies provided by Group Policy. Some of the benefits are that you can control a number of machine and user settings centrally, and users can log onto any machine in the network with one username and password. The main detriment is the cost: You need a machine to act as the domain controller (which can be shared with other server roles in a small organization), the Microsoft server software license, client access licenses for all machines joined to the domain, and personnel to administer the domain (maybe not another employee for a single server, but it's going to take time out of someone's day, whether they are internal or a consultant).
Creating an Active Directory domain is not to be taken lightly. It has long-lasting consequences for how your organization's users work every day. Please research the issue thoroughly or consider hiring a consultant before deciding to create an AD domain in your organization.
Solution 2:
First off, a domain is a set of interconnected resources on a Windows-based platform, such as printers, applications, etc) for a group of users. Users who are part of the domain (who are given usernames and passwords to log on to the domain) are granted specific permissions to access the resources, which may be located on one or more servers in the network.
In other words, a domain is a logical group of computers that share a central database, called Active Directory (AD). The database contains the user security and accounts information for the resources in that domain. Any person who uses computers within a domain gets his own account, which is assigned access to resources within that domain.
Once that is understood, a domain controller (DC) or network domain controller is a Windows-based computer system that is used for storing user account data in a central database. A domain controller in a computer network is the center piece of the Active Directory (AD) services that provides domain-wide services to the users, such as security policy enforcement, user authentication, and access to resources.
A domain controller is a great tool for system administrators, as it allows them to grant or deny users access to system-wide resources, such as printers, documents, folders, network locations etc., via a single username and password. Once a domain controller is configured in a company, office or a building, it takes over the responsibility of responding to users’ security authentication requests, such as checking permissions, logging in, etc.
When a client computer joins a domain, any user can login to the domain controller, using that computer. This benefit of that is that no matter which domain member (computer) he logs in from, he is able to access all his personal resources including the files he placed on the Desktop, files in Documents, printers, and his personal desktop preferences.