Learn AD in 15 Minutes a Week: Windows 2000 Network Environment Overview Page 3

Download the authoritative guide: Data Center Guide: Optimizing Your Data Center Strategy

Download the authoritative guide: Cloud Computing: Using the Cloud for Competitive Advantage

Windows Domains

The Windows domain architecture is a group of networked Windows 2000 Servers that share a central directory database found on domain controllers. This single directory database contains user accounts and security information for the domain. This directory database is known simply as the directory and is the database portion of Active Directory.

The Windows Active Directory database resides on specialized Windows 2000 servers called domain controllers, and it is the domain controllers where all security-related aspects of the domain takes place. Security and administration are centralized on the domain controllers. While domain-level administration may be performed remotely from a Windows 2000 Professional or XP Professional workstation, it is still taking place in the directory on a domain controller somewhere in the environment.

There are a number of advantages and benefits of a Windows 2000 domain.

Domains allow for centralized administration because all user information is stored centrally on the domain controllers within the Active Directory. Any administrative changes that are made on any given domain controller are automatically replicated throughout the domain. This is called Multimaster Replication. Changes are made to any one of the domain partition copies on any one of the domain controllers, and then those changes would be sent to other domain controllers (replicated) within the domain.

Domains provide a single logon process for users to gain access to network resources for which they have permissions. Users can log on to one computer and use resources on another computer in the network as long as they have appropriate privileges for the resource.

[NOTES FROM THE FIELD] - On older domains, such as those from Windows NT4, users might authenticate to the local Windows NT4 Backup Domain Controller which might have been located locally onsite; however, any changes that needed to be made to an account, say for example a password change, had to take place on the single Windows NT4 Primary Domain Controller in the domain.

The loss of the single Windows NT4 Primary Domain Controller in the domain did not mean users could not log in to the domain. In fact, the whole idea of the local Windows NT4 Backup Domain Controller was to make life easier for remote locations as far as logons and scripting were concerned and to keep network traffic lower by taking logins out of the network loop and keep them local. The loss of the single Windows NT4 Primary Domain Controller in the domain meant that account changes (among other things) could not be performed because the writable copy of the SAM database was not available.

The Windows NT4 Primary Domain Controller had the only read write copy of the security account database in the Windows NT4 domain.

In Windows 2000 domains, the domain portion of the Active Directory database is a read write copy at each and every domain controller in the domain.

Well, that wraps up my Windows 2000 Network Environment Overview article. I hope you found it informative and will return for the next installment.

If you have any questions, comments or even constructive criticism, please feel free to drop me a note.

I want to write good, solid technical articles that appeal to a large range of readers and skill levels and I can only be sure of that through your feedback.

Next week, I plan to continue with my detailed Introduction to Active Directory column, describing the function of Active Directory and its physical and logical structure.

Until then, remember,

"Out of date virus software is only marginally better than none at all."
Jason Zandri

This article was originally published on Apr 2, 2003
Page 3 of 3

Thanks for your registration, follow us on our social networks to keep up-to-date