How Do You Work With Domains

A domain is a logical grouping of network computers that share a central directory
database. A directory database contains user accounts and security
information for the domain. This database, which is known as the directory, is the database
portion of Active Directory service—the Windows 2003 directory service. In a domain, the directory resides on computers that are configured as domain controllers.
A domain controller is a server that manages all security-related aspects of user
and domain interactions, centralizing security and administration

A domain does not refer to a single location or specific type of network configuration.
The computers in a domain can share physical proximity on a small LAN or they can
be located in different corners of the world. They can communicate over any number
of physical connections, including dial-up connections, Integrated Services Digital Network
(ISDN) circuits, Ethernet networks, token ring connections, frame relay networks,
satellite links, and leased lines.
The benefits of a domain include the following:
1. Centralized administration because all user information is stored in the Active
Directory database. This centralization allows users to manage only a single user
name and password, and enables domain administrators to control which users
can access resources on any computer that is a member of the domain.
2. A single logon process for users to gain access to network resources (such as file,
print, and application resources) for which they have permissions. In other words,
you can log on to one computer and use resources on another computer in the
network as long as you have appropriate permissions to access the resource.
3. Scalability, so that you can create very large networks with hundreds or thousands
of computers.
A typical Windows 2003 domain includes the following types of computers:
Domain controllers running Windows Server 2003 Each domain controller
stores and maintains a copy of Active Directory. In a domain, you create a user
account in Active Directory only once. When a user logs on to a computer in the
domain, a domain controller authenticates the user by checking the directory for
the user name, password, and logon restrictions. When there are multiple domain
controllers in a domain, they periodically replicate their directory information so that each domain controller has a copy of Active Directory. Domain controllers do
not maintain a local user database.
Member servers running Windows Server 2003 A member server is a server
that is a member of a domain, but is not configured as a domain controller. A
member server does not store directory information and cannot authenticate users.
Member servers provide shared resources such as shared folders or printers.
Client computers running Windows XP Professional or Windows 2000
Professional Client computers run a user’s desktop environment and allow the
user to gain access to resources in the domain.