What is a domain name controller?
A domain name controller is a type of VPS that processes requests for authentication from users within a computer domain name. Domain controllers are most commonly used in Windows Active Directory (AD) domains but are also used with other types of identity management systems.
Bạn đang xem: What is a domain controller?
Domain controllers duplicate directory service information for their domains, including users, authentication credentials và enterprise security policies.
What are the main functions of a domain name controller?
Domain controllers restrict access lớn domain name resources by authenticating user identity through login credentials, và by preventing unauthorized access lớn those resources.
Domain controllers apply security policies lớn requests for access to lớn domain name resources. For example, in a Windows AD tên miền, the domain name controller draws authentication information for user accounts from AD.
A domain controller can operate as a single system, but they are usually implemented in clusters for improved reliability and availability. For domain name controllers running under Windows AD, each cluster comprises a primary domain name controller (PDC) and one or more backup domain controllers (BDC). In Unix và Linux environments replica domain name controllers copy authentication databases from the primary tên miền controller.
Why is a domain name controller important?
Domain controllers control all domain name access, blocking unauthorized access lớn tên miền networks while allowing users access to lớn all authorized directory services.
The domain name controller mediates all access lớn the network, so it is important to lớn protect it with additional security mechanisms such as:
secured & isolated networks security protocols & encryption to protect stored data & data in flight deployment in a physically restricted location for security expedited patch and configuration management blocking mạng internet access for domain name controllersDomain controllers control all access khổng lồ computing resources in an organization, so they must be designed to lớn resist attacks và to continue to lớn function under adverse conditions.
Xem thêm: Bảng Ngọc Bổ Trợ Ap Mùa 7 - Phân Tích Bảng Ngọc Bổ Trợ Áp Đảo
How are domain name controllers phối up in Active sầu Directory?
Domain control is a function of Microsoft"s Active Directory, and tên miền controllers are servers that can use Active Directory lớn respond khổng lồ authentication requests.
Experts advise against relying on a single domain controller, even for smaller organizations. Best practices call for one primary domain controller và at least one backup tên miền controller to lớn avoid downtime from system unavailability.
Another best practice is to deploy each tên miền controller on a standalone physical server. This includes virtual tên miền controllers, which should be run on virtual machines (VMs) running on different physical hosts.
Domain controllers can be deployed on physical servers, running as VMsor as part of a cloud directory service.
Steps for setting up an AD domain controller include:
Domain assessment. The first step in setting up a tên miền controller is to lớn assess the tên miền in which the controller will be set up. This assessment includes determining what types of domain controllers are needed, where they will be located and how they interoperate with existing systems in the tên miền. New deployment or addition. Whether planning for a new deployment of AD domain name controllers or adding a new controller for an existing tên miền, determine the domain name controller location and the resources needed to lớn run the centralized domain name controller và any virtual tên miền controllers. Security by thiết kế. It"s imperative sầu khổng lồ secure a tên miền controller from internal or external attacks. Also, kiến thiết the domain controller architecture to be secure from service disruptions from loss of connectivity, loss of power or system failures.Specifics for setting up & configuring AD domain controllers vary depending on the version of Windows Server in use on the domain.
See video clip below for how khổng lồ phối up a tên miền controller in Windows Server 2019.
Other domain controller implementation options
The following options are available when setting up a domain controller with AD:
Global Catalog capabilities: The tên miền controller can be configured to lớn use Global Catalog, which enables the controller lớn return AD information about any object in the organization, regardless of whether the object is in the same tên miền as the domain name controller. This is useful for large enterprises with multiple AD domains. Read only tên miền controller (RODC): Domain controllers used in branch offices or in other circumstances where network connectivity is limited can be configured as read-only.What are the benefits of domain name controller?
Domain controller benefits include:
Centralized management of domain name controllers enables organizations lớn authenticate all directory services requests using a centralized domain controller. Support for secured authentication and transport protocols in tên miền controllers improves authentication process security.
What are the limitations of tên miền controllers?
Some domain name controller limitations include:
Single point of failure for network tên miền control. Networks that use domain controllers for authentication và access security are dependent on them. To reduce risk of downtime, controllers can be deployed in clusters. Domain controllers require additional infrastructure và security mechanisms.Domain controllers are fundamental to lớn securing unauthorized access lớn an organization"s domains. Learn how to phối up and deploy a Windows Server năm nhâm thìn tên miền controller securely.
Related Termsauthentication serverAn authentication server is an application that facilitates the authentication of an entity that attempts to lớn access a network. SeecompletedefinitionMicrosoft Identity ManagerMicrosoft Identity Manager -- also called Microsoft Identity Manager năm nhâm thìn or MIM -- is an on-premises tool that enables ... SeecompletedefinitionMicrosoft Windows UpdateMicrosoft Windows Update is a security service for Windows users that, once activated, automatically searches for và installs ... Seecompletedefinition