Editing Windows domain

{{Short description|Logical, hierarchical collection of security principles sharing a central directory database}}
{{About|a type of computer network|other uses of domain in Microsoft Windows|Domain (disambiguation)#Information technology{{!}}Domain § Information technology}}
{{primary sources|date=January 2010}}
A '''Windows domain''' is a form of a [[computer network]] in which all [[user account]]s, computers, printers and other [[Principal (computer security)|security principals]], are registered with a central database located on one or more clusters of central computers known as [[Domain controller (Windows)|domain controller]]s. Authentication takes place on domain controllers. Each person who uses computers within a domain receives a unique user account that can then be assigned access to resources within the domain. Starting with [[Windows Server 2000]], [[Active Directory]] is the Windows component in charge of maintaining that central database.<ref name="ADinW2K">Northrup, Tony. [http://www.microsoft.com/technet/prodtechnol/windows2000serv/plan/int2ksrv/intro11.mspx ''Introducing Microsoft Windows 2000 Server''], Microsoft Press, 1999. {{ISBN|1-57231-875-9}}</ref> The concept of Windows domain is in contrast with that of a [[workgroup (computer networking)|workgroup]] in which each computer maintains its own database of security principals.

==Configuration==

Computers can connect to a domain via [[LAN]], [[Wide area network|WAN]] or using a [[Virtual private network|VPN]] connection. Users of a domain are able to use enhanced security for their VPN connection due to the support for a [[certification authority]] which is gained when a domain is added to a network, and as a result, [[smart cards]] and [[digital certificates]] can be used to confirm identities and protect stored information.

===Domain controller===
In a Windows domain, the directory resides on computers that are configured as [[Domain controller (Windows)|domain controllers]]. A domain controller is a Windows or [[Samba (software)|Samba]] server that manages all security-related aspects between user and domain interactions, centralizing security and administration. A domain controller is generally suitable for networks with more than 10 [[Personal computer|PCs]]. A domain is a logical grouping of computers. The computers in a domain can share physical proximity on a small [[Local area network|LAN]] or they can be located in different parts of the world. As long as they can communicate, their physical location is irrelevant.

===Integration===
Where PCs running a Windows operating system must be integrated into a domain that includes non-Windows PCs, the [[free software]] package [[Samba (software)|Samba]] is a suitable alternative. Whichever package is used to control it, the database contains the user accounts and security information for the resources in that domain.

==Active Directory==
Computers inside an [[Active Directory]] domain can be assigned into [[Organizational Unit|organizational units]] according to location, organizational structure, or other factors. In the original Windows Server Domain system (shipped with [[Windows NT]] 3.x/4), machines could only be viewed in two states from the administration tools; computers detected (on the network), and computers that actually belonged to the domain. Active Directory makes it easier for administrators to manage and deploy network changes and policies (see [[Group Policy]]) to all of the machines connected to the domain.

==Workgroups==
{{Main article|Workgroup (computer networking)}}
Windows Workgroups, by contrast, is the other model for grouping computers running Windows in a networking environment which ships with Windows. Workgroup computers are considered to be 'standalone' - i.e. there is no formal membership or authentication process formed by the workgroup. A workgroup does not have servers and clients, and hence represents the [[peer-to-peer]] (or client-to-client) networking paradigm, rather than the centralized architecture constituted by Server-Client. Workgroups are considered difficult to manage beyond a dozen clients, and lack single sign on, scalability, resilience/disaster recovery functionality, and many security features. Windows Workgroups are more suitable for [[SOHO network|small or home-office networks]].

==See also==
*[[Active Directory]]
*[[Security Accounts Manager]] (SAM)

==Notes==
{{Reflist||group=|refs=}}

{{Windows Components}}

{{DEFAULTSORT:Windows Domain}}
[[Category:Microsoft server technology]]
[[Category:Windows architecture]]
[[Category:Computer networking]]