Domain Controller

A domain controller is a server in a network that responds to security authentication requests (logging in, checking permissions, etc.) within a Windows Server domain. It's a vital component of Microsoft's Active Directory (AD) service, which manages the user and computer accounts in a corporate network.

When a user logs into a computer that's part of a Windows domain, the authentication request is handled by a domain controller. It verifies user names and passwords and grants or denies access to the network. A domain controller stores and manages the central directory of all users, computers, and other resources in the domain. This includes organizational units, security policies, and access rights.

Domain controllers enforce security policies set by network administrators, such as password policies, permissions, and group policies. Modern domain controllers use the Kerberos protocol for authentication, providing a secure and efficient authentication mechanism. In environments with multiple domain controllers, they replicate directory information among each other to ensure consistency and reliability of data.

A domain controller runs AD DS, which is responsible for managing domain resources, storing information about network objects, managing relationships between them, and controlling user access. In older versions of Windows (like NT), there was a distinction between PDC and BDC. In modern Windows environments, all domain controllers are typically peers, although one holds the primary roles (FSMO roles) for certain operations.