[Exam 70-270] – Chapter 1/Lesson 3 – Workgroups and Domains
Oct0
I- Workgroups
- Workgroup is a logical grouping of networked computers that share resources such as files/printers.
- Workgroup is also called a peer-to-peer network because all computers can share resources equally without having a dedicated server.
- Each computer maintain its local own security database.
1- Advantage
- Decentralized administration since each computer maintain its own local security database.
- Does not require a domain controller to hold centralized security information thus making managing a workgroup easier.
- Does not require extensive planning and designing.
- Provides a convenient networking solution for computers in close proximity.
2- Disadvantage
- Workgroup is impractical if the network has more than 10 computers.
- A user must have a local account for every computer that the user wants to access.
- Any changes on any user account on any computer must also be performed on all remaining computers. For example: user A changes password on computer A. If user A wants to access computer B using the updated password, user A must also update the password on computer B.
II- Domains
- Domain is a logical grouping of networked computers that share a central directory database also known as the directory.
- This directory holds user accounts and security for the domain.
- This directory is a database portion of Active Directory service, which is the Windows 2003 directory server.
- In a domain, a domain controller is a server that holds the Active Directory database, and all security related information of the domain.
- A domain does not refer to a single location or any type of network configuration. In another word, a domain can consist of networked computers that are located on 2 opposite sides of the world. Any networked computer in a domain can interact with each other regardless of location.
- A person cannot log on locally to a domain controller machine because that computer does not have a local user database.
1- Advantage
- Centralized administration since all user accounts and security are located on the Active Directory on a single machine (domain controller server(. Any changes to this database will affect every other computer network-wide.
- Since user accounts are maintained by the domain controller, logon authentication only happens on the server side, not on the local computer side. Thus users can logon to any computer in the network regarding of its local security/account database.
- Feasible for creating large scale network of computers with hundred, or thousands of computers.
2- About domain controllers running on Windows Server 2003
- Domain controller does not maintain a security database. You cannot logon locally to a domain controller computer.
- Each domain controller grants logon access to domain users by validating the user’s credentials against the Active Directory database.
- If there are more than one domain controllers in a domain, each domain controller replicate its directory periodically so that all the domain controllers can have a copy of the Active Directory.
- A member server is a computer that is not configured as a domain controller but is in charge of providing shared resources such as files/printers.