This article discusses domains, domain controllers, and workstations
in a Windows NT network.
Domain
A domain is a grouping of computers and users that eases
administration of the computers and user accounts. Windows NT Advanced
Server is required to create a domain. The Windows NT Advanced Servers
(referred to as "servers") all share a common user account and
security database, thus enabling each user to have a single account
which is recognized on all servers in the domain. Security policies
such as how long passwords remain valid are also held in common by all
servers in a domain. Windows NT workstations can also be members of a
domain; the benefit they derive is the ability to recognize user
accounts that are created on the servers in the domain. Security
policies on a workstation are always independent of the domain
security policies, however.
Domain Controller
There is no single database that is shared by all servers in the
domain; there is a single computer called the domain controller which
"owns" the master copy of the user account and security database. This
master copy is then replicated (copied) to all other servers in the
domain. When the domain controller is unavailable, no changes can be
made to the domain's user account security database. If necessary, any
server may be promoted to be the domain controller at any time. This
should not be done casually because the server may not have the most
recent changes that have been made on the former domain controller. If
the domain controller is active when you promote another server to be
domain controller, there is less risk of losing changes because the
promoted server is first brought up-to-date with the current domain
controller before taking over its role. Use Server Manager to choose
the domain controller.
LAN Manager has "backup domain controllers." These computers are
particularly suited to being promoted to domain controllers because
they store the domain database. Whereas LAN Manager also has a "member
server" classification which does not have the domain database stored
locally, Windows NT Advanced Servers all have local copies of the
domain database. Therefore, all Windows NT Advanced Servers are
equally well suited to being promoted to domain controllers, so they
are simply referred to as "servers." The domain controller of a
Windows NT domain must be a Windows NT Advanced Server. Other servers
in the domain may be LAN Manager servers.
Workstations in Domains
Windows NT workstations can also be members of a domain. They always
retain their own local user account and security database. However,
they gain the ability to recognize the domain accounts. That is, users
can log on to domain accounts at the workstation, they can remotely
access the workstation using a domain account, and domain accounts can
be listed as being granted permissions on files, directories, and so
on.
Domains vs. Workgroups
A domain also functions as a workgroup. A workgroup enables easier
browsing for network resources by visually grouping computers under a
workgroup name. A domain not only delivers the security benefits
listed above, but also has the network browsing benefit of workgroups,
and from that standpoint is indistinguishable from workgroups in the
network browsing user interface.
Adding Computers to Domains
Only Windows NT workstations, Windows NT Advanced Servers, and OS/2
LAN Manager servers can be added to a Windows NT domain. A domain is
created by running Setup of a Windows NT Advanced Server and
indicating the role to be domain controller along with a unique domain
name.
To Add a Windows NT Advanced Server to a Windows NT Domain
Run the Setup program for the Windows NT Advanced Server computer and
choose the server role, entering the domain name and domain
administrator user name and password when prompted.
Note: You can add the server to the domain in Server Manager first to
avoid having to enter a domain administrator user name and password.
To Add a Windows NT Workstation to a Windows NT Domain
During setup of the Window NT workstation, choose to add the computer
to the domain, supplying the domain administrator user name and
password.
Choose the Add To Domain option in Server Manager and add the
workstation. Then set up the workstation and enter the domain name
when prompted. (If it is already set up, you can join the domain in
the Network section of Control Panel).
To Add an OS/2 LAN Manager Server to a Windows NT Domain
Follow the methods specified for adding servers to domains in the LAN
Manager documentation. (This involves creating a user account for the
server and adding it to the Server group, and so on. User Manager may
be used for this purpose.)