A domain controller is a server containing a copy of the Active Directory. All domain controllers are peers, and maintain replicated versions of the Active Directory for their domains. The domain controller plays an important role in both the logical and physical structure of the Active Directory. It organizes all the domain's object data in a logical and hierarchical data store. It also authenticates users, provides responses to queries about network objects, and replicates directory services. The physical structure provides the means to transmit this data through well-connected sites.
The Active Directory replaces the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) counterparts. Now, all domain controllers share a multimaster, peer-to-peer relationship that hosts copies of the Active Directory. Another big difference from Windows NT is that all domain controllers in Windows 2000 have read and write capability to the Active Directory. In previous versions, only the PDC was read/write-capable and initiated replication. Now, any Active Directory domain controller can initiate the replication process when new data is added.
Multiple domain controllers can exist within each domain or child domain.
Reasons for Creating Multiple Domain Controllers
An Active Directory domain may have one or more domain controllers that replicate the directory partition. Among the reasons for having multiple domain controllers within a domain include the following:
Better user connectivity
High-volume user activity
Greater failover and redundancy of information
When creating multiple domain controllers, the system administrator must take into account the added network load that will occur as a result of replication traffic. Still, it is recommended that each domain and each site have more than one domain controller to provide logical and physical structure redundancy and fault tolerance. It is important to protect both key domain information and geographical site connectivity.
Domain Controller Site Membership
A domain controller is assigned to a site during installation of the Active Directory, and stays there unless the administrator manually intervenes to relocate it to another site. The site location of a domain controller is part of the Active Directory replication topology and other system requests.
Although assignment of a domain controller is a specific site, client systems may change. When a client computer boots, and an IP address is assigned by DHCP, site membership may shift to a different subnet.