Windows servers on a network can either be domain controllers or member servers. Domain controllers are servers that have Active Directory installed and hold a copy of the Active Directory database. The term domain is used to describe a logical section of the Active Directory database. Domain controllers store user account information, so they can provide network authentication. An Active Directory domain can have several domain controllers, with each one having a read/write copy of the Active Directory database. In fact, for fault-tolerant reasons, this is a good strategy to employ.
Member servers are not involved in the authentication of network users and do not take part in the Active Directory replication process. Member servers are commonly employed as file and print servers, or with additional software, as database servers, Web servers, firewalls, or servers for other important network services such as DHCP and DNS.
The authentication process facilitated by a Windows server allows users logging on to the network to identify themselves to the Active Directory, and subsequently to access all the network resources to which they have permissions. This means that it is necessary to log on only once to access all the resources on the network. The nature of directory services means that other applications, such as a Web server, can interface with the directory and use the same authentication information.
In addition to the standard authentication mechanism of usernames and passwords, Windows server platforms also support other authentication systems such as smartcards and biometrics. Implementation of these methods requires additional hardware and software.