A Windows domain is a form of computer network in which all user accounts, computers, printers, and other security principles are registered with a central database located in one or more central computer groups known as domain controllers. Authentication occurs on domain controllers. Everyone who uses computers in the domain receives a unique user account that can then be granted access to resources within the domain. Starting with Windows 2000, Active Directory is a Windows component in charge of maintaining the central database. The concept of Windows domains is very different from the workgroup in which each computer has its own security database.
Video Windows domain
Konfigurasi
Computers can connect to a domain via LAN, WAN or use a VPN connection. Domain users can use enhanced security for their VPN connections due to support for certification authority obtained when a domain is added to the network, and as a result, smart cards and digital certificates can be used to confirm identity and protect the stored information.
Domain controllers
In the Windows domain, the directory resides on a computer that is configured as a "domain controller." A domain controller is a Windows or Samba server that manages all security-related aspects between user and domain interactions, centralizing security and administration. Domain controllers are generally suitable for networks with more than 10 PCs. Domain is a logical grouping of computers. Computers in domains can share physical proximity on small LANs or they can be found in different parts of the world. As long as they can communicate, their physical location is irrelevant.
Integration
Where a PC running a Windows operating system must be integrated into a domain that includes a non-Windows PC, the free Samba software package is the appropriate alternative. Whichever package is used to control it, the database contains user accounts and security information for resources in that domain.
Maps Windows domain
Active Directory
Computers inside an Active Directory domain can be assigned to an organizational unit according to location, organizational structure, or other factors. In the original Windows Server Domain system (sent with Windows NT 3.x/4), the machine can only be viewed in two states of the administration tool; the detected computer (on the network), and the actual computer belonging to the domain. Active Directory makes it easy for administrators to manage and implement network policies and changes (see Group Policy) to all machines connected to the domain.
Workgroups
Windows Workgroups, by contrast, is another model for grouping computers running Windows in a network environment that ships with Windows. Computer workgroups are considered 'independent' - ie there is no formal membership or authentication process established by the working group. The working group has no server and client, and therefore represents a peer-to-peer (or client-to-client) network paradigm, rather than a centralized architecture created by Server-Client. Workgroups are considered difficult to manage outside of a dozen clients, and do not have a single sign, scalability, resilience/disaster recovery functionality, and many security features. Windows Workgroup is more suitable for small networks or home-office.
See also
- Active Directory
- Security Account Manager (SAM)
Note
Source of the article : Wikipedia