Why have a Domain & Workgroup name

davec at columbiaenergygroup.com davec at columbiaenergygroup.com
Sat Jul 22 00:06:10 GMT 2000

I read this thread, and hope I can clear up a little about some of the
fogginess.  I won't pretend to understand why Microsoft implemented
networking in the manner, but I will provide a way to make use it to
your advantage.

Christopher R. Hertel" <crh at nts.umn.edu> Wrote:
>> So WORKGROUP= decides which domain you log onto?
>An NT Domain is a Workgroup with a Domain Controller.  Basically, they
>are the same thing.
>Chris -)-----
I take exception to this comparison, because it is a tad oversimplified.

Simo Sorce <simo.sorce at polimi.it> Wrote:
>When I saw this I interpreted as this:
>Workgroup is the workgroup you operate in.
>Domain is to search the server for user autenthication if you want it.

Peter Samuelson <peter at cadcamlab.org> wrote:
>> An NT Domain is a Workgroup with a Domain Controller.  Basically,
>> they are the same thing.
>That's what I thought.  Imagine my surprise when I first saw the
>Windows95 network setup.  In one place it has you fill in the workgroup
>name, and in another it has you fill in which domain you want to log
>into.  The two do not have to be the same.
>Is there any use for this (mis)feature?

I couldn't tell you if this is a (mis)feature, but I can tell you how you can
exploit it to your advantage.

Image you administrate a  1000 user NT domain (My condolenses :-)

Lets say this domain is split across 3 geographical areas, New York,
New Orleans, and New Ampsterdam, all tied together via  a 256K frame
relay triangle.

You want all of your users to authenticate from the same domain, so
that they can  authenticate from any of your offices, but you don't
want to be eating up a lot of bandwidth via authentication or broswer

Here is where it pays to use that windows 95 "workgroup" feature.
You have a primary domain controller in New York, for the domain
"AUTHDOM", with two backup domain controllers in New Orleans
& New Ampsterdam.  You then set up your windows 95 boxes to
"Log On To" the AUTHDOM Domain.

BUT you set the workgroup to your clients to "NEWYORK", "NEWORL"
and "NEWAMP" in thier respective cites..  This way everytime  your clients
double click their network neighborhood, you don't have browser elections
 forced across your frame relay line.  Of course an election will occur if a
user explores the WHOLE network neighboorhood, but you can either take
that hit, or disable such browsing in the policy.

This feature doesn't have to be applied across WAN links, you may be able
to "exploit" it within a single building... think of it as "subnetting for

I wash my hands of any WINS questions they may arise from my
explanations ;-)

Hope that helps,


More information about the samba-ntdom mailing list