This article discusses domains, domain controllers, and workstationsin a Windows NT network.
A domain is a grouping of computers and users that easesadministration of the computers and user accounts. Windows NT AdvancedServer is required to create a domain. The Windows NT Advanced Servers(referred to as "servers") all share a common user account andsecurity database, thus enabling each user to have a single accountwhich is recognized on all servers in the domain. Security policiessuch as how long passwords remain valid are also held in common by allservers in a domain. Windows NT workstations can also be members of adomain; the benefit they derive is the ability to recognize useraccounts that are created on the servers in the domain. Securitypolicies on a workstation are always independent of the domainsecurity policies, however.
There is no single database that is shared by all servers in thedomain; there is a single computer called the domain controller which"owns" the master copy of the user account and security database. Thismaster copy is then replicated (copied) to all other servers in thedomain. When the domain controller is unavailable, no changes can bemade to the domain's user account security database. If necessary, anyserver may be promoted to be the domain controller at any time. Thisshould not be done casually because the server may not have the mostrecent changes that have been made on the former domain controller. Ifthe domain controller is active when you promote another server to bedomain controller, there is less risk of losing changes because thepromoted server is first brought up-to-date with the current domaincontroller before taking over its role. Use Server Manager to choosethe domain controller.
LAN Manager has "backup domain controllers." These computers areparticularly suited to being promoted to domain controllers becausethey store the domain database. Whereas LAN Manager also has a "memberserver" classification which does not have the domain database storedlocally, Windows NT Advanced Servers all have local copies of thedomain database. Therefore, all Windows NT Advanced Servers areequally well suited to being promoted to domain controllers, so theyare simply referred to as "servers." The domain controller of aWindows NT domain must be a Windows NT Advanced Server. Other serversin the domain may be LAN Manager servers.
Workstations in Domains
Windows NT workstations can also be members of a domain. They alwaysretain their own local user account and security database. However,they gain the ability to recognize the domain accounts. That is, userscan log on to domain accounts at the workstation, they can remotelyaccess the workstation using a domain account, and domain accounts canbe listed as being granted permissions on files, directories, and soon.
Domains vs. Workgroups
A domain also functions as a workgroup. A workgroup enables easierbrowsing for network resources by visually grouping computers under aworkgroup name. A domain not only delivers the security benefitslisted above, but also has the network browsing benefit of workgroups,and from that standpoint is indistinguishable from workgroups in thenetwork browsing user interface.
Adding Computers to Domains
Only Windows NT workstations, Windows NT Advanced Servers, and OS/2LAN Manager servers can be added to a Windows NT domain. A domain iscreated by running Setup of a Windows NT Advanced Server andindicating the role to be domain controller along with a unique domainname.
To Add a Windows NT Advanced Server to a Windows NT Domain
Run the Setup program for the Windows NT Advanced Server computer andchoose the server role, entering the domain name and domainadministrator user name and password when prompted.
Note: You can add the server to the domain in Server Manager first toavoid having to enter a domain administrator user name and password.
To Add a Windows NT Workstation to a Windows NT Domain
During setup of the Window NT workstation, choose to add the computerto the domain, supplying the domain administrator user name andpassword.
Choose the Add To Domain option in Server Manager and add theworkstation. Then set up the workstation and enter the domain namewhen prompted. (If it is already set up, you can join the domain inthe Network section of Control Panel).
To Add an OS/2 LAN Manager Server to a Windows NT Domain
Follow the methods specified for adding servers to domains in the LANManager documentation. (This involves creating a user account for theserver and adding it to the Server group, and so on. User Manager maybe used for this purpose.)