Workgroups and Domains
By Stephen Bucaro
When two or more computers are connected together in a single location, such as an office,
it's referred to as a Local Area Network (LAN). When a LAN supports ten or less computers,
it's usually configured as a workgroup. A workgroup may have a server on which files are
stored so that anyone on the LAN can access them.
In a workgroup a user's login account is located on their individual computer. A user can use
a different computer, but they have to either login using the account of the individual that uses
that computer, or have a separate account on that computer. When a LAN supports more than
ten computers, it's usually set up as a domain.
A domain has a server which is setup as a domain controller, which means it runs
the domain service. In a domain, a user's login account is located on the domain controller.
A user can use any computer on the LAN that's in the same domain as their login account. When
a LAN has a domain, it can still act as a file server, but the rights to any asset on the server
are controlled by the domain service.
In addition to the advantage of a user being able to login to any computer using a single
domain user account, a domain has the advantage of centralized administration. An administrator
can configure any resource in the domain after logging into their domain administrator account.
One of the most powerful things a domain administrator can configure is group policy.
Group policy allows the administer to configure a single setting for multiple or all accounts in
Another service setup to run on a domain server is Dynamic Host Configuration Protocol
(DHCP). DHCP automatically assigns IP addresses to all devices in the domain. In a large
organization, possibly with hundreds of devices on its LAN, it's desirable to have more than one
domain controller. But having more than one domain controller on the same LAN makes it more
complicated for DHCP to assign IP addresses.
For this reason, large LANs are divided into subnets (subnetworks). In a LAN with
subnets, devices on each subnet use a separate range of IP addresses. Traffic is guided between
the subnets by a device called a router.
In a LAN with subnets, each subnet may have its own domain controller. That way the DHCP
service running on each domain can be configured to assign only IP addresses within specific
ranges to the devices in its domain.
You are probably familiar with domain names on the Internet. Domain names on the Internet
also use IP addresses, but Internet IP addresses usually not directly related to the IP addresses
on a LAN.
A router determines if a specific IP address is located on the LAN or outside the LAN.
The router uses a service called Network Address Translation (NAT) to translate between LAN
addresses and Internet addresses. NAT allows the router to hide internal LAN devices from the
public Internet for better security.