A domain controller (DC, English for area control , often also domain controller ) is a server for the central authentication of computers and users in a computer network . The concept was introduced by IBM in the 1970s and adopted by Microsoft with Windows NT in 1993 . Samba has been able to act as a primary domain controller since 2012 .
In a network with a domain controller, several computers can be combined to form a domain. In contrast to the work groups of Windows 9x / ME, it can be determined centrally on the domain controller which users are allowed to log in with which password and to which user groups they belong. Changes apply to all computers that are members of the domain.
To enable failover if a domain controller fails, several domain controllers can and should be operated in one domain. With NT4-Domain changes are only possible on the Primary Domain Controller (PDC). The backup domain controllers (BDC) only keep a backup copy of the user and login data, which are updated at regular intervals. In contrast to this, all DCs in a domain from Windows 2000 each have a writable copy of the Active Directory database in which the user data is saved. The change of an attribute on one of the DCs is replicated to all other DCs at regular intervals . As a result, all DCs - apart from the operations master functions ( FSMO ) - are at the same level. The failure of a DC is irrelevant for the Active Directory database, since no information is lost. If, however, an operations master fails, the administrator must reassign the FSMO roles to one or more other DCs as soon as possible in order to ensure operation. The replication interval between the DCs can be selected by the administrator depending on the performance of the network used.