A domain controller is a server that handles user authentication and authorization in a Microsoft Active Directory environment. It stores accounts, group memberships, and Group Policy Objects centrally, replicating them to other domain controllers.
The domain controller is one of the most critical assets in a Windows network. Whoever compromises it controls all accounts and permissions across the entire domain. Attacks such as Golden Ticket, DCSync, and Pass-the-Hash target domain controllers directly. Protective measures include tiering models (PAW/SAW), regular patching, privileged access monitoring, and physical server security.