Domain controller
{{Short description|Type of computer server}}
A domain controller (DC) is a server{{cite web |title = Domain Controller Roles |work = Microsoft TechNet |url = https://technet.microsoft.com/en-us/library/cc786438(WS.10).aspx |access-date = Dec 4, 2009 }}{{cite web |title = Domain Controller Roles |work = Windows Server 2003 Technical Reference |publisher = Microsoft TechNet |url = https://technet.microsoft.com/en-us/library/cc786438(WS.10).aspx |access-date = 2012-11-21 |date = 2010-06-03}} that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain.{{Cite web|url=https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Reference_Guide/s2-samba-domain-controller.html|title=14.3.3. Domain Controller|website=access.redhat.com}} It is most commonly implemented in Microsoft Windows environments (see Domain controller (Windows)), where it is the centerpiece of the Windows Active Directory service. However, non-Windows domain controllers can be established via identity management software such as Samba and Red Hat FreeIPA.
Software
The software and operating system used to run a domain controller usually consists of several key components shared across platforms. This includes the operating system (usually Windows Server or Linux), an LDAP service (Red Hat Directory Server, etc.), a network time service (ntpd, chrony, etc.), and a computer network authentication protocol (usually Kerberos).{{Cite web|url=https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/introduction.html|title=Chapter 1. Introduction to FreeIPA|website=docs.fedoraproject.org|access-date=2020-01-02|archive-date=2022-04-07|archive-url=https://web.archive.org/web/20220407054234/https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/introduction.html|url-status=dead}} Other components, such as a public key infrastructure (Active Directory Certificate Services, DogTag, OpenSSL) service and Domain Name System (Windows DNS or BIND) may also be included on the same server or on another domain-joined server.{{Cite web |date=2023-02-06 |title=How to Find Expired Domains |url=https://domainhuntergatherer.com/guides/how-to-find-expired-domains/ |access-date=2023-04-15 |website=Domain Hunting Guides |language=en-US}}
Implementation
Domain controllers are typically deployed as a cluster to ensure high-availability and maximize reliability. In a Windows environment, one domain controller serves as the Primary Domain Controller (PDC) and all other servers promoted to domain controller status in the domain serve as a Backup Domain Controller (BDC).{{Cite web|url=https://technet.microsoft.com/en-us/library/cc786438%28WS.10%29.aspx|title=Domain Controller Roles|publisher=Microsoft Tech net 3 June 2010|access-date=13 February 2011}} In Unix-based environments, one machine serves as the master domain controller and others serve as replica domain controllers, periodically replicating database information from the main domain controller and storing it in a read-only format.{{Cite web|url=https://www.freeipa.org/page/V4/Replica_Setup|title=V4/Replica Setup - FreeIPA|website=www.freeipa.org}}