Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security Domain Controllers Overview
Security

Domain Controllers Overview

By SolarWinds MSP
13 September, 2019

Authentication is an essential function for a computer network, helping ensure that only authorized users have access to the system. As a managed services provider (MSP), authentication is a key element of helping ensure your customers’ data is secure and only accessible to the correct users. 

For this reason, MSPs should invest time in understanding domain controllers, which play an important role in modern authentication. What are domain controllers? In this article, we’ll explain their function and examine the various types of domain controllers, including Active Directory.

What is the difference between a domain and a domain controller?

Every computer workstation has its own user accounts, called local accounts, that are used to log in to that particular machine. However, these accounts are not designed to log in to a network for two reasons. First, network accounts need to be portable—a user should be able to access the network from any workstation. Second, account configuration needs to be controlled from a central location. Otherwise, whenever account privileges change, system administrators would need to separately configure accounts on each local device. 

This is where a domain comes in. A network domain centralizes user accounts so they can be more easily administered and enables users to log in to the network from any given machine. Within a domain, a domain controller is used to regulate user account access to the network. 

What is the main function of a domain controller?

Domain controllers are part of the Microsoft network environment. A Windows domain controller handles user authentication requests. When a user seeks to access the network, the domain controller responds to that request. The domain controller verifies that the user should be let in, runs the login process, and regulates permissions (controlling which parts of the network the user can see). This is a critical security function. Domain controllers ensure that only authorized users are permitted to access the network, helping to keep out hacker threats. 

Validation is usually performed with a username and password combination, though biometric techniques and multifactor authentication (MFA) can be incorporated for greater security. Once a user is validated, the domain controller determines whether they are a normal user or a system administrator with extra privileges. 

Domain controllers were first introduced in Windows NT. They remain a key tool in contemporary networking, though these days they are sometimes being supplanted as organizations move to cloud networks. 

CTA Image

SolarWinds Remote Monitoring and Management

Get the tools you need to manage, secure, and improve all things IT—all within a single web-based dashboard.

Try It Free Learn More

What is the difference between a domain controller and Active Directory?

Active Directory is Microsoft’s directory service for Windows domain networks. When it was introduced in Windows 2000 Server, Active Directory was solely used to handle centralized domain management. However, with the advent of Windows Server 2008, Active Directory was transformed into a suite of directory services, of which the domain controller is just one. Other Active Directory functions include Lightweight Directory Services, Certificate Services (for public-key encryption infrastructure), Federation Services (for single sign-on), and Rights Management Services (for information rights management, which controls access to particular data). 

In this schema, the server running Active Directory is known as the domain controller. An instance of Active Directory includes both a database and executable code (called the Directory System Agent) for running the database and servicing user requests. The database is structured using objects, which are organized into three levels—forests, trees, and domains. 

Active Directory domain controllers use trusts to grant users in one domain access to others. Trusts exist in the database’s forest, which is automatically created whenever a domain is created. The types of trust include a one-way trust (in which users of one domain have access to another domain, but not vice versa), a two-way trust (where two domains are permitted access to each other), a transitive trust (which can extend beyond two domains), an explicit trust (created by a system administrator), a forest trust (which applies to an entire forest), and an external trust (enabling connection to non-Active Directory domains). 

An Active Directory domain controller enables sysadmins to set policies to help ensure adequate password complexity. For security, an Active Directory password cannot contain the username or the user’s full name. Moreover, Microsoft allows you to require that a password include characters from certain categories such as uppercase letters, lowercase letters, numbers, symbols (e.g., [email protected]#$%), and Unicode. 

Active Directory also lets you set a minimum password length—the longer a password is, the harder it is to crack using brute-force techniques. By default, Windows 10 Active Directory requires a password to have characters from at least three of the previously mentioned categories and to be no less than eight characters long. These specifications yield 218,340,105,584,896 different total possibilities that hackers would need to try with brute-force methods. The more sensitive the information you’re trying to protect, the more robust your password requirements should be. 

How many domain controllers do you need?

In their original Windows implementation, domain controllers were divided into two categories: primary domain controller and backup domain controller (DC). A primary DC is the first-line domain controller that handles user-authentication requests. Only one primary DC can be designated. According to security and reliability best practices, the server housing the primary DC should be solely dedicated to domain services. Because of its central importance to the network, the primary DC server must not run file, application, or print services, which could slow it down or risk crashing it. 

A backup domain controller exists as a fail-safe in case the primary domain controller goes down. There can be multiple backup domain controllers for redundancy. Having a dedicated backup DC is a wise precaution. If the primary DC fails and there’s no backup, users will not be able to gain access to the network. When a user attempts to log in, the software contacts the primary DC. If the primary DC is unavailable, it then contacts the backup DC. The backup can be promoted to the primary role in the event that the primary is permanently out of service. Note that domain updates (such as additional users, new passwords, or changes to user groups) can only be made to the primary DC. They are then propagated into the backup DC databases. This is a form of the master-slave replication structure, with the primary DC being the master and secondary DCs being the slaves. 

Nowadays, however, the primary and backup domain controller architecture has been deprecated. When Active Directory was introduced in Windows 2000, it was designed with a multimaster replication structure. This means that user account privileges are stored redundantly among a group of domain controllers, and each member of the group can update all the others. When a new user is added to one domain controller, for example, multimaster replication pushes the change out to the other controllers. In contrast to the master-slave architecture, multimaster replication yields greater reliability (the failure of a single master is not catastrophic), increased flexibility, and faster performance. 

In sum, whether in its original primary/backup implementation or in today’s Active Directory framework, the domain controller remains a critical part of a contemporary network. The higher the number of domain controllers you have, the easier it is to ensure uptime for users seeking access to the network. 

For more information on domain controllers and Active Directory, read through our related blog articles.

 

Additional reading

Free Permissions Analyzer tool for Active Directory
Active Directory Password Complexity and Policy
You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Security

What Is FIPS-140-2 Standard and When Is It Required?

Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Cybersecurity (37)
  • Automation (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Data (21)
  • Cloud Computing (21)
  • Networking (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Customer Service (3)
  • Internet of Things (3)
  • GDPR (2)
  • Research & Trends (2)
  • Training (2)
  • LOGICcards (1)
  • Business Risk (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.