Windows Server domain
Encyclopedia
A Windows domain is a collection of security principals that share a central directory database. This central database (known as Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....

 starting with Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...

, Active Directory Domain Services in Windows Server 2008 and Server 2008 R2, also referred to as NT Directory Services on Windows NT operating systems, or NTDS) contains the user accounts and security information for the resources in that domain. Each person who uses computers within a domain receives his or her own unique account, or user name. This account can then be assigned access to resources within the domain.

In a domain, the directory resides on computers that are configured as "domain controller
Domain controller
On Windows Server Systems, a domain controller is a server that responds to security authentication requests within the Windows Server domain...

s." A domain controller is a server that manages all security-related aspects between user and domain interactions, centralizing security and administration. A Windows Server domain is generally suited for businesses and/or organizations when more than 10 PCs are in use.

Windows Workgroups
Workgroup (Computer networking)
A workgroup is Microsoft's terminology for a peer-to-peer Windows computer network.Microsoft operating systems in the same workgroup may allow each other access to their files, printers, or Internet connection...

, by contrast, is the other model for grouping computers running Windows in a networking environment which ships with Windows. Workgroup computers are considered to be 'standalone' - i.e. there is no formal membership or authentication process formed by the workgroup. A workgroup does not have servers and clients, and as such, it represents the Peer-to-Peer
Peer-to-peer
Peer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads among peers. Peers are equally privileged, equipotent participants in the application...

 (or Client-to-Client) networking paradigm, rather than the centralized architecture constituted by Server-Client. Workgroups are considered difficult to manage beyond a dozen clients, and lack single sign on, scalability, resilience/disaster recovery functionality, and many security features. Windows Workgroups are more suitable for small or home-office networks.

A domain does not refer to a single location or specific type of network configuration. The computers in a domain can share physical proximity on a small LAN
Local area network
A local area network is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building...

 or they can be located in different parts of the world. As long as they can communicate, their physical position is irrelevant.

Computers inside an Active Directory domain can be assigned into organizational units
Organizational Unit
In computing, an Organizational Unit provides a way of classifying objects located in directories, or names in a digital certificate hierarchy, typically used either to differentiate between objects with the same name , or to parcel out authority to create and manage objects In computing, an...

 according to location, organizational structure, or other factors. In the original Windows Server Domain system (shipped with Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...

 3.x/4) machines could only be viewed in two states from the administration tools, 1) computers detected (on the network), and 2) computers that actually belonged to the domain. Active Directory makes it easier for administrators to manage and deploy network changes and policies (see Group Policy
Group Policy
Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules that control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications, and...

) to all of the machines connected to the domain.

Computers can connect to a domain easily via LAN
Län
Län and lääni refer to the administrative divisions used in Sweden and previously in Finland. The provinces of Finland were abolished on January 1, 2010....

, or via WAN
Wide area network
A wide area network is a telecommunication network that covers a broad area . Business and government entities utilize WANs to relay data among employees, clients, buyers, and suppliers from various geographical locations...

 using a VPN
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....

 connection. Users of a domain are able to use enhanced security for their VPN connection due to the support for a certification authority which is gained when a domain is added to a network, and as a result smart cards and digital certificates can be used to confirm identities and protect stored information.
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK