Name
domain controller
Synopsis
A computer on which Active Directory is installed.
Description
Domain controllers serve several purposes in Windows 2000:
They enable users to log on to the network.
They provide pass-through authentication to allow users to access network resources for which they have suitable permissions.
They allow users to search Active Directory for published information about users, groups, computers, printers, and other directory objects.
A domain can have one or more domain controllers, but a minimum of two is recommended for fault tolerance. The number of domain controllers needed in a domain depends mainly on:
The number of active users in the enterprise who need to log on to the domain or access its resources
The number of sites that the domain spans and the available bandwidth of the WAN connections between the sites
User Authentication
When a user on a Windows 2000 network wants to log on to the network from a client computer, the client computer first needs to find a domain controller to authenticate its request. A DNS lookup is used to locate the nearest domain controller that the client can use. The client then contacts this domain controller, and authentication is performed using either:
- Kerberos v5 authentication protocol
This is used for clients running Active Directory client software when contacting Windows 2000 domain controllers. This includes Windows 2000 Server and Professional computers, and Windows 95 and Windows 98 computers with the Active Directory ...
Get Windows 2000 Administration in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
