Windows NT4 Workgroup versus Domain
When installing a Windows NT4 workstation and
there is no NT4 server, you have no choice: you have to use a
But when installing Windows NT4 Server, you have during the
installation (and you can ONLY select
it during the installation and CANNOT change it later), on whether to setup the system as a "Primary
Domain Controller" or "Stand-Alone
Each system has its own
Everytime, a user needs to be validated, it is done using the local
When now needing to access data on other systems, the Users with
their passwords must be defined in ALL systems.
( in the above diagram, the user
"Jim" can work/access data on Systems #1 and 2, but not
on #3, because system#3 has a different password defined for
"Mary" and "Susan" are not defined on all
In a domain, there is only ONE
it is located on the Domain-Server.
If now any of the users like to work/logon or access data on any
of the systems, the username and password is validated in the
While Workgroups usually work fine for small
network and few users, the central User-Management is an
advantage on larger networks with a lot of users.
(less workload to maintain the single
Domain User-Database than multiple local User-Databases, trying
to keep them synchronized, which can be a substantial workload,
especially if periodical changes for passwords are required for
In a Domain-network, there MUST be always ONE "Primary
Domain Controller", in charge for the
In a large network with hundreds of connected systems, the "Primary
Domain Controller" needs some help to handle
all the security validations, so one or more "Backup
Domain Controller" can be installed on the
network. A "Backup Domain Controller"
stores a copy of the User-Database, which is identical to the
User-Database on the "Primary Domain Controller"
(and if a change is made on the "Primary
Domain Controller" by adding/deleting/modifying a
user-information, the copies on the "Backup Domain
Controller" are updated automatically).
A "Backup Domain Controller"
is entitled to handle security validations (checking
Username and password for Logon and for accessing to Shared data),
so the workload of security validations is distributed to
multiple Domain Controllers.
In addition, the "Backup Domain Controller"
is the Backup: in case the "Primary
Domain Controller" goes down, a "Backup
Domain Controller" can be promoted to become
(either temporary or permanent) the "Primary
What is now a "Stand-Alone Server" ?
It is a Windows NT4 server WITHOUT any
Domain Controller responsibility.
For example, it is possible to use NT4 Server as simple Workgroup
networking, which maybe a good solution in small networks.
In larger configurations, NT4 Server is often used as a more
secure platform to run automated
processes, because it offers a higher Fault-Tolerance by
supporting Disk-Mirroring or RAID.