A Windows domain is a form of a

computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections ar ...

in which all

user account A user is a person who utilizes a computer or network service. A user often has a user account and is identified to the system by a username (or user name). Other terms for username include login name, screenname (or screen name), accoun ...

s, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as

domain controller A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, st ...

s. Authentication takes place on domain controllers. Each person who uses computers within a domain receives a unique user account that can then be assigned access to resources within the domain. Starting with

Windows Server 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centr ...

is the Windows component in charge of maintaining that central database.Northrup, Tony
''Introducing Microsoft Windows 2000 Server''
Microsoft Press, 1999. The concept of Windows domain is in contrast with that of a workgroup in which each computer maintains its own database of security principals.

Configuration

Computers can connect to a domain via

LAN Lan or LAN may also refer to: Science and technology * Local asymptotic normality, a fundamental property of regular models in statistics * Longitude of the ascending node, one of the orbital elements used to specify the orbit of an object in sp ...

, WAN or using a

VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...

connection. Users of a domain are able to use enhanced security for their VPN connection due to the support for a certification authority which is gained when a domain is added to a network, and as a result,

smart cards A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...

and digital certificates can be used to confirm identities and protect stored information.

Domain controller

In a Windows domain, the directory resides on computers that are configured as

domain controllers On Microsoft Servers, a domain controller (DC) is a server computer that responds to security authentication requests (logging in, etc.) within a Windows domain. A ''domain'' is a concept introduced in Windows NT whereby a user may be granted ac ...

. A domain controller is a Windows or

Samba Samba (), also known as samba urbano carioca (''urban Carioca samba'') or simply samba carioca (''Carioca samba''), is a Brazilian music genre that originated in the Afro-Brazilian communities of Rio de Janeiro in the early 20th century. Havi ...

server that manages all security-related aspects between user and domain interactions, centralizing security and administration. A domain controller is generally suitable for networks with more than 10 PCs. A domain is a logical grouping of computers. The computers in a domain can share physical proximity on a small

or they can be located in different parts of the world. As long as they can communicate, their physical location is irrelevant.

Integration

Where PCs running a Windows operating system must be integrated into a domain that includes non-Windows PCs, the

free software Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, ...

package

is a suitable alternative. Whichever package is used to control it, the database contains the user accounts and security information for the resources in that domain.

Active Directory

Computers inside an

domain can be assigned into organizational units according to location, organizational structure, or other factors. In the original Windows Server Domain system (shipped with

Windows NT Windows NT is a proprietary graphical operating system produced by Microsoft, the first version of which was released on July 27, 1993. It is a processor-independent, multiprocessing and multi-user operating system. The first version of Wi ...

3.x/4), machines could only be viewed in two states from the administration tools; computers detected (on the network), and computers that actually belonged to the domain. Active Directory makes it easier for administrators to manage and deploy network changes and policies (see

Group Policy Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 7, Windows 8.1, Windows 10, Windows 11, and Windows Server 2003+) that controls the working environment of user accounts and computer accounts. ...

) to all of the machines connected to the domain.

Workgroups

Windows Workgroups, by contrast, is the other model for grouping computers running Windows in a networking environment which ships with Windows. Workgroup computers are considered to be 'standalone' - i.e. there is no formal membership or authentication process formed by the workgroup. A workgroup does not have servers and clients, and hence represents the

peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer ...

(or client-to-client) networking paradigm, rather than the centralized architecture constituted by Server-Client. Workgroups are considered difficult to manage beyond a dozen clients, and lack single sign on, scalability, resilience/disaster recovery functionality, and many security features. Windows Workgroups are more suitable for small or home-office networks.

Notes