PDCs, BDCs, and Availability

A little backup can keep you out of the unemployment line

You can implement availability measures in many ways. A basic means toensure that your system can stay up despite a temporary failure is to set updomains so that you have a Primary Domain Controller (PDC) and a Backup DomainController (BDC) that can take over the PDC's tasks if necessary. To understandthis capability, you need to know about the Security Accounts Manager (SAM) andthe accounts in its database. Then you need to know what PDCs and BDCs are andhow to set them up for availability.

Domains
Domains are logical groupings of Windows NT-based computers that you manageand administer as a unit. The domain contains a SAM database that tracks user,machine, and group accounts and each account's rights.

A user account is a record in the SAM database with information about aparticular user in the domain. Each record is approximately 1KB and contains aunique Security Identifier (SID). The user account consists of five elements.You assign a unique username to each user. The same username can be inaccounts in different domains, but you can't repeat it in the same domain. Thepassword, a string up to 14 characters, verifies a user's identity atlogin. Then the user can access the network and its resources. A password is notmandatory, but strongly recommended. The member of groups informationtells which groups the user belongs to. Initialization information,which is not mandatory, includes the logon script and the home directorypointer. Account restrictions determine the exact days and hours a usercan access the domain.

Adding a workstation, BDC, or server to a domain creates a machine accountin the SAM. Each machine account takes about .5KB in the database and containsinformation such as the machine's name and type (BDC, PDC, server, workstation).You view machine account information in Server Manager and user accountinformation in User Manager.

Each new or existing group has a group account that you can categorize aslocal or global. Each group account takes about 4KB in the database. Thisrecord's structure is like the user account record.

In a domain, you assign responsibilities to your network servers accordingto the type of activity you expect from each server. A server can play one ofthree roles in a domain: PDC, BDC, or resource server.

Roles of Servers
The PDC server is the honcho in your network. You can have only one PDC perdomain. If possible, dedicate a PDC to one type of task. PDCs perform best ifthey don't share file and printer resources. The User Manager for Domains on thePDC performs all changes to user security and administration, and the PDC writesthese changes into the SAM user accounts database. Because of this centraladministration, you need to add only one account for each user, and each userneeds only one account to log on to the domain.

The BDC server is the network's second in command. If the PDC fails, theBDC can serve as the PDC. BDCs can authenticate users. You can assign more thanone server as a BDC in a domain, or you can choose to have no BDC. Table 1 showsMicrosoft's recommendations for the ratio of BDCs to user accounts on a network.

A resource server performs special-purpose network services. For example,you can dedicate a resource server as a database processor, file and printserver, Web server, or application server. A resource server can be a BDC. Youassign a resource server its role when you install NT.

You can promote a BDC to a PDC after you install NT: Double-click theAdministrative Tools icon, and double-click the Server Manager icon; highlightthe BDC you want to promote, and select Promote To Primary Domain Controllerfrom the Computer pulldown menu.

Availability
Because the SAM contains critical security information, it must beconstantly available. If the PDC fails and you have no BDCs for the network,users can't access the system until the PDC is back.

This single point of failure is the fast path to unemployment. To avoidthis problem, you need to assign at least one server as a BDC that canauthenticate users and replicate changes across the network. (If you have alarge network and want to exclude the possibility of two points of failure, youcan designate more than one server as a BDC.)

Because replicating a database across a network can increase traffic, NT3.5x copies only SAM changes to the BDCs. The entire process takes about2KB to initialize the transmission and up to 1KB per user.

The PDC can replicate changes to up to 10 BDCs at a time. TheReplicationGovernor setting in the Registry lets you determine the amount ofreplication traffic and the frequency of replications. These and otherreplication settings are on the BDC under the key hkey_local_

machinesystemcurrentcontrolset

servicesetlogonparameters.

By default, the PDC sends a pulse to the BDCs every five minutes. The pulsecontains information that lets the BDCs determine whether the SAM has changed.If so, the BDCs ask the PDC to send these changes. How much information the PDCsends at one time depends on the Registry settings (the PDC default is to sendchanges in 128KB segments to the BDCs).

In a large network, sending changes every five minutes can take substantialbandwidth. How often you replicate SAM changes depends on how many changes occurin your network's account database, how urgently the BDCs need to implement thechanges, and how large your network is.

For the fastest authentication, place the BDCs near the users. They canhave trouble accessing the domain if you have an unreliable, slow-speed link toa central office. Users can also experience delays logging in to the network asthe information passes along a slow link. A better way to provide access to yourdomain is to put a BDC at the remote office and authenticate users locally.

Your organization's size determines the best way to handle domains.Organizations with 50 or more servers and varying security needs typically haveseveral domains, several PDCs, and many BDCs and resource servers. Replicationtiming can be tricky if a large organization has locations around the world (anddifferences in time zones).

Midsized organizations have between five and 50 servers. As in largeorganizations, you need to strategically place BDCs to minimize the impact ofauthentication on network traffic, and you need from one to five BDCs.

Small organizations have between one and five servers. At least one needsto be a PDC, and at least one needs to be a BDC. Often a BDC is also a resourceserver.

For more information about domains, see the sidebar, "MicrosoftResources," and Alex Pournelle, "NT Security Setup with Windows forWorkgroups," on page 105. Also, see Mark Minasi, "Domains andWorkgroups" (Windows NT Magazine, April 1996).

Microsoft Resources
Microsoft provides an excellent white paper, "MicrosoftWindows NT Server 3.5/3.51: Domain Planning for Your Enterprise." You candownload it at http://www.microsoft.com/NTServer/enter.htm or find it on theNovember 1994 or later TechNet CD.

If you don't have Microsoft's TechNet CD but want to see a sample, visitMicrosoft's TechNet Web page at http://www.microsoft.com/technet. To buy thefull CD version, call 800-344-2121 in the US. It's well worth the cost.

The Windows NT Resource Kit 3.51 contains a domain planning utility fordesigning the ideal domain. To see Microsoft's vision for domains or directoryservices, you can download information athttp://www.microsoft.com/backoffice/reading/ds_strat.htm.