DC
A Domain Controller (DC) is a server running Active Directory Domain Services that authenticates and authorizes users, computers, and services in a Windows domain — the central authority for identity in on-premises Microsoft environments.
⚙️ How Does It Work?
When a user logs in, their workstation sends credentials to the DC. The DC validates them against the AD database and issues a Kerberos ticket granting token (TGT) used to access domain resources. DCs replicate with each other to provide redundancy.
📍 Where Is It Used?
On-premises Windows enterprise environments — every organization with Active Directory has at least two domain controllers for high availability.
💡 Real-World Example
A ransomware attack specifically targets domain controllers — knowing that compromising a DC gives attackers total control over all domain identities. Attackers use a stolen admin credential to reach the DC, extract the NTDS.dit file (all password hashes), and take over the entire domain.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →