Ever considered the difference between an active directory and domain controllers? Generally, the terms are used to refer to the same thing, but the active directory is not the same as a domain controller. The active directory is a set of services provided by domain controllers, where the term domain controller refers to the umbrella software. Explore more about Windows active directory vs domain controllers in this post!
What is an Active Directory?
Microsoft Active Directory is a directory service, much like a phone book, that stores information on users, network resources, files and other network objects. Its purpose is to provide an organised, hierarchical structure to make finding and accessing network resources easy for administrators and users.
An Active Directory includes a:
- Schema – a set of rules for defining formats, classes, and constraints of objects in the directory.
- Global Catalog – containing information about every object in the directory.
- Query and Index Mechanism – for finding objects and their properties.
- Replication Service – to distribute directory data across the network.
What are Domain Controllers?
A collection of computers, servers and/or resources is called a domain. A domain controller is a centralised user management method applied to a domain, regulating access to particular services and resources. For example, domain controllers apply authentication and authorisation to resource sharing.
A domain controller acts like airport security, only allowing you access to the plane, or services, after you’ve proved who you are and that you have good intentions.
There are two types of domain controller: read-only domain controllers and read-write. Read-only domain controllers contain a full replication of the domain database, for where the physical security of a domain controller cannot be guaranteed. A read-write domain controller has the ability to read and write to the active directory database.
A server within the domain which is not a domain controller is known as a member server. To promote a member server to a domain controller, you run the dcpromo (short for dc promotion). To demote a domain controller to a member server, run the dcpromo program again.
Active Directory vs Domain Controllers
The active directory stores information about all the users, computers and resources in an arranged manner, whereas domain controllers perform the authentication and authorisation of the users accessing network objects.
Domain controllers pretty much need active directories to function, however, active directories do not necessarily need a domain controller – well, a physical domain controller. There are three main types of active directory:
- The traditional on-premises active directory
- A cloud-based, Microsoft azure active directory
- A hybrid active directory synchronising your on-premises active directory with the cloud