1.1.1.5 Account Domains

Accounts are always created relative to an issuing authority, which is responsible for allocating and assigning the SID. In Windows, the issuing authority is referred to as a domain. A domain is either a local domain or extends across a network.

Domains store information about their accounts in an account database.

Windows uses Active Directory as the account database in domain-based environments, whereas environments that are not domain-based use the security account manager (SAM) built-in database as the account database.