Robert Explains - Servers and Networks
Filed By: Robert Moir
Robert Explains - Servers and Networks
All you ever wanted to know about networking and servers, but were afraid to ask.
Have you ever been listening to a conversation about servers or networking and almost had an idea what some of the terms meant, enough to get the gist of the conversation, but didn't want to ask for exact meanings in case people laughed at you?
Well worry no more! I'm going to be explaining some of the common terms that get thrown around in conversations over and over again and hopefully putting a special focus on those that are similar or which always seem to cause confusion. If you want to see my explanation of a set of terms or acronyms please email me your questions and I will post replies here.
What's the difference between Member servers, domain controllers, BDC's and PDC's? I understand NT4 domains to some degree but get confused when people start throwing all these terms around in quick succession.
Lets get the easy ones out of the way first. A "member server" is a server that is a member of a domain but which does not have responsibility for overall domain security (e.g. it delegates the role of controlling who can log in and who cannot to the domain controllers). This is similar but slightly different to a "Standalone server" which is a server that is not part of a domain at all and controls all its security aspects itself.
When people talk about "domain controllers" they are either talking about Active Directory domains or they are simply talking about a plural lot of NT 4 based PDCs and BDCs.
PDCs and BDCs exist in Windows NT 4 (and earlier) domains. The PDC is the primary domain controller, where all changes to domain security information (e.g. new accounts, password changes, role changes, etc) are written and these changes are replicated to BDCs or backup domain controllers. A BDC has a read only copy of the domain security information which it uses both as a backup to the PDC for disaster recovery and to spread the load of dealing with networking requests from workstations.
Windows 2000 and 2003 active directory domains differ from NT4 in that they do not have PDCs and BDCs. All domain controllers hold a read/write copy of the domain security information and all can accept changes to their copy from other DCs and from workstations. All domain controllers are created equal in a windows 2000 domain (apart from a few very specific tasks which day to day you would not worry about), and as such I would encourage anyone upgrading their network from NT 4 to Windows 2000 or Windows 2003 to stop using the terms PDC and BDC as soon as possible when referring to their new network as it just causes confusion.
One important issue with Windows 2000 and 2003 domain design (hereafter known as "Windows 200x" to save my keyboard) that occasionally bites NT 4 upgraders is that domain controllers should be more carefully thought about than was the case under NT 4.
With NT, I often saw people make most, if not all, of their servers domain controllers. In a quiet enough NT4 domain this was no problem at all for most servers as the domain management tasks required very little overhead. In Windows 200x domains however this is no longer the case. "Running" an Active Directory server requires considerably more overhead than an NT4 domain controller ever did, and the interaction of services is far more complex.
Active Directory still really needs more than one server in a domain in order to make disaster recovery and network reliability better. For performance reasons you may also need to consider how to place servers if you have more than one site linked by slower networking equipment. In addition, you may also need to consider how to site things like Exchange Servers, Global Catalogue servers, and DNS servers in order to provide a snappy response to your network users. Simply loading AD onto every server in the place won't work.
