1.1.1.5.2 Network Domains and Domain Controllers

In a network domain, all applicable Windows Server releases can be configured to be domain controllers. A domain controller is a server that has made its account database available to other machines in a controlled manner.

Because the account database is typically distributed across multiple domain controllers, there can be a mix of different versions of the individual servers. Active Directory defines a functional level, which serves as a version level for the entire directory. For more information about functional levels, see [MSFT-ADDSFL].

A domain has built-in groups that are defined by Microsoft and created in the domain during installation. For example, built-in groups include the Domain Users, Domain Computers, and Domain Admins groups. By default, the Domain Users group includes all users who are defined in the domain.

A domain controller accepts authentication requests on behalf of the machines that have chosen to trust it and for accounts in its domain.

A domain controller can have peers within the domain, which are other servers that also have been configured to host this account database. Any server that participates in the domain as a domain controller might or might not allow changes; the configuration is a choice of the administrator.

When a change is allowed, the servers replicate the change so that all domain controllers have the same information.