Account Domains

Accounts are always created relative to an issuing authority, which is responsible for allocating and assigning the SID. In Windows, the issuing authority is referred to as a domain. A domain can be either a local domain or extend across a network.

Domains store information about their accounts in an account database.

Windows uses Active Directory as the account database in domain-based environments, whereas in environments that are not domain-based, it uses the security account manager (SAM) built-in database as the account database.