none
AD server vs. Domain Controller vs. Member Server , et al.

    Question

  • My friends and I were funning around the other night discussing general Active Directory stuff.   One of the guys mentioned "AD servers" and then another jumped in and asked "which AD servers" and the discussion quickly became a bantering match.   At issue was the definition of an AD server vs. Domain Controller.   It got me thinking.   I've always thought of AD servers as a general term given to "all" servers that have an Active Directory function...ie. Domain Controllers, DNS servers, DHCP servers, etc.   And, that Domain Controllers were a specific type of AD server.   Am I right?  After the debate the other night I'm not really sure.
    Saturday, October 09, 2010 3:01 PM

Answers

  • A computer with a server OS and AD installed is a Domain Controller. Any other computer with a server OS (or functioning as a server, for example with SQL Server installed) can be called a member server (if it is joined to the domain). A member server does not have AD installed. I don't recall seeing the term "AD server". If a computer has DNS or DHCP, but not AD, it would be a member server.

    Richard Mueller


    MVP ADSI
    Saturday, October 09, 2010 3:52 PM
  • Adding to Richard.. hereunder some info

    Active Directory is what is called a directory service, it stores objects like users and computers. So you can consider it as as database that store users and computers configuration in AD domain.

    A domain controller is the server running Active Directory; Domain controllers are typically referred as DC. Domain controller is a server based on MS windows Server 200X which is responsible for allowing host access to domain resources.  
    A Domain controller authenticates the users and the computers to join the domain. You can have many Domain controllers in your AD for many reasons, like redundancy and load balance as users can use anyone of them as they are replicating AD database.

    Member servers are servers running within a domain. Member sever runs an operating system which belongs to a domain and is not a DC. Member server typically run different services on the machine can act like a file server web server application server print server.

    Saturday, October 09, 2010 4:04 PM
  • Just to add, the term "AD Servers" is not a phrase you will find in any of the technical books and I myself have not heard that term used in the industry. 

    If I, in my opinion, heard someone refer to an "AD Server", I would interpret that to be a Domain Controller. As the others mentioned, any other server joined to the domain is considered a member server.  Non domain joined servers are referred to as "Stand-alone" servers. 

    For me, this goes back all the way to NT 4.0 (the member vs stand-alone terms).

     

     


    Visit: anITKB.com, an IT Knowledge Base.
    Saturday, October 09, 2010 8:55 PM

All replies

  • A computer with a server OS and AD installed is a Domain Controller. Any other computer with a server OS (or functioning as a server, for example with SQL Server installed) can be called a member server (if it is joined to the domain). A member server does not have AD installed. I don't recall seeing the term "AD server". If a computer has DNS or DHCP, but not AD, it would be a member server.

    Richard Mueller


    MVP ADSI
    Saturday, October 09, 2010 3:52 PM
  • Adding to Richard.. hereunder some info

    Active Directory is what is called a directory service, it stores objects like users and computers. So you can consider it as as database that store users and computers configuration in AD domain.

    A domain controller is the server running Active Directory; Domain controllers are typically referred as DC. Domain controller is a server based on MS windows Server 200X which is responsible for allowing host access to domain resources.  
    A Domain controller authenticates the users and the computers to join the domain. You can have many Domain controllers in your AD for many reasons, like redundancy and load balance as users can use anyone of them as they are replicating AD database.

    Member servers are servers running within a domain. Member sever runs an operating system which belongs to a domain and is not a DC. Member server typically run different services on the machine can act like a file server web server application server print server.

    Saturday, October 09, 2010 4:04 PM
  • Just to add, the term "AD Servers" is not a phrase you will find in any of the technical books and I myself have not heard that term used in the industry. 

    If I, in my opinion, heard someone refer to an "AD Server", I would interpret that to be a Domain Controller. As the others mentioned, any other server joined to the domain is considered a member server.  Non domain joined servers are referred to as "Stand-alone" servers. 

    For me, this goes back all the way to NT 4.0 (the member vs stand-alone terms).

     

     


    Visit: anITKB.com, an IT Knowledge Base.
    Saturday, October 09, 2010 8:55 PM
  • I'd like to add a server to the AD database, but don't need it to have any of the DC, DNS or DHCP roles, as I don't need to provide any of these services (for example a file server).

    It appears that the file server must be part of the AD database in order to be a replication member.

    Exactly which roles are needed to be part of the AD database?


    Wednesday, November 14, 2012 12:10 PM
  • I hate to sound so contrarian to the replies here, but I'm in the process of setting up a Windows Server 2012 R2 box as a Domain Controller and have found that it is possible to have a machine that has AD on it, but is NOT a Domain Controller.

    I have installed the AD role, but as a post-deployment step, I can promote the machine to be a Domain Controller. Because I am being prompted to do this, it is clear that you can have AD on a server box and NOT have a DC on your hands.

    Saturday, September 06, 2014 11:22 PM
  • Hello Scott M.,

    "I have installed the AD role"

    This just PREPARE the server to become a DC with installing the required bits on the server, for example AD UC etc, dcdiag, repadmin tools and so on, this is NOT about installing Active Directory on that server. Installing AD on the server requires to promote the server to domain controller.


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    Sunday, September 07, 2014 12:58 PM
  • We may be splitting hairs here, but I disagree.  I was able to have AD running, add user accounts, modify group memberships etc, without promoting the server to a DC.  Of course, if you don't promote the AD server to become a DC, you won't be able to log into the domain from any other machine than the AD server.

    While I agree that promotion is necessary for any practical use of the AD server, my point is that it is *possible* to have an AD server that is NOT a DC.

    Sunday, September 07, 2014 1:24 PM
  • Hello,

    "We may be splitting hairs here, but I disagree.  I was able to have AD running, add user accounts, modify group memberships etc, without promoting the server to a DC"

    That is correct because when installing Active Directory domain services you install all tools required to manage and control AD WIHTOUT having the server promoted to a Domain Controller.

    You only have the Active Directory tools installed.


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    Sunday, September 07, 2014 2:00 PM
  • Well, this is my point.  Earlier you said

    "This just PREPARE the server to become a DC with installing the required bits on the server, for example AD UC etc, dcdiag, repadmin tools and so on, this is NOT about installing Active Directory on that server. Installing AD on the server requires to promote the server to domain controller."

    Which is not true as installing AD does not *require* promotion to a DC in order to use the AD tools and it does not just *prepare* AD. AD becomes usable albeit, only on that one box.

    Again, for all practical purposes, you do need to promote the box to be a DC to be able to use AD in a networked environment (and why would you have AD if you were not going to be in a networked environment anyway?), but the point is that there is a difference between an AD server and a DC.  You *can* have an AD server that is NOT a DC.


    Sunday, September 07, 2014 2:49 PM
  • Hello,

    there is also no need to use a server to manage AD, install RSAT on Windows 7/8/8.1 and you could do the same as with that server and the client OS also has NOT AD installed.


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  

    Sunday, September 07, 2014 4:35 PM