Computers that function as servers within a domain can have one of two roles: member server or domain controller. A server that is not in a domain is a stand-alone server.
A member server is a computer that:
A member server does not process account logons, participate in Active Directory replication, or store domain security policy information.
Member servers typically function as the following types of servers: file servers, application servers, database servers, Web servers, certificate servers, firewalls, and remote access servers. For more information about server roles, see Server roles.
The following security-related features are common to all member servers:
A domain controller is a computer that:
Domain controllers store directory data and manage communication between users and domains, including user logon processes, authentication, and directory searches. Domain controllers synchronize directory data using multimaster replication, ensuring consistency of information over time. For more information about multimaster replication, see Replication overview.
Active Directory supports multimaster replication of directory data between all domain controllers in a domain; however, multimaster replication is not appropriate for some directory data replication. In this case, a domain controller, called the operations master, will process data. In an Active Directory forest, there are at least five different operations master roles that are assigned to one or more domain controllers. For more information about operations masters, see Operations master roles.
As the needs of your computing environment change, you might want to change the role of a server. Using the Active Directory Installation Wizard, you can install Active Directory on a member server to make it a domain controller, or you can remove Active Directory from a domain controller to make it a member server. For more information about domain controllers, see Domain controllers.
Note