Normally the Windows operating system saves the passwords of the users in a file called SAM in the folder \WINDOWS\system32\config\ So far we’re doing fine: We have a computer that keeps its own passwords on its own hard drive. A domain controller is a computer in which all the passwords of network users are stored centrally. Each computer will still keep its SAM file, however the passwords stored in the SAM file will only work, and they will give access to the local resources of the specific equipment.
How would the network work?
The database of the domain controller fulfills the same function as the SAM file, but now stores all the passwords of the network.
A user logs into a computer that we will call “X”. At the moment of logging in, the user must:
- Enter your user password
- Choose if you will work in a network … or locally
If the user chooses to work in a network, the computer will connect to the domain controller to authenticate the written password. In case the password is correct the user will be able to work in a network. If, on the contrary, the user prefers to work locally, the equipment is completely EXCLUDED from the network and will not be able to access the resources of the computers that are in the network.
Image Source: altaro.com
At the moment when from a computer “X” a user wants to access another computer “AND” an internal action will be performed (invisible to the end user) by which the “X” computer asks for authorization on the domain controller to access the “Y” team. If the domain controller is configured to allow the access in question then the end user will see on his screen (on the “X” machine) the list of shared resources of the “Y” team; otherwise a small window will appear saying “Access Denied”.
As a summary, we can say that the importance of a domain controller for a corporate network lies in the following aspects:
- Centralizes user passwords in a database located at a single point “physically speaking”
- Centralized information can be protected much easier than scattered information.
- The important information (in our case the passwords) will always be easier to protect when it is centralized.
- Backup copies (in our case, the password database) can be executed much faster when the information is centralized
- Perimeter, it is more complicated to avoid an intrusion in many computers than to protect ONE computer.
For more About the Domain controller: https://en.wikipedia.org/wiki/Domain_controller