Security Account Manager (SAM) database

Definition of Security Account Manager (SAM) database in The Network Encyclopedia.

What is SAM (Security Account Manager Database)?

The database of user and group account information stored on a domain controller in a Microsoft Windows NT–based network. The Security Account Manager (SAM) database is also known as the domain directory database, or sometimes simply the directory database.

The SAM database occupies a portion of the Windows NT registry. All user accounts, group accounts, and resource definitions such as shares and printers have their security principals defined in the SAM database. Because the entire SAM database must reside in a domain controller’s RAM, it cannot exceed about 40 MB in Windows NT, which works out to about 40,000 user accounts, or 26,000 users and Windows NT workstations combined. (The following table lists the size of common objects in a SAM database.)

The master copy of the SAM database is stored on the primary domain controller (PDC). Periodic directory synchronization ensures that backup domain controllers (BDCs) have an accurate replica of this master database, so BDCs can also be used for logons and for pass-through authentication of users attempting to access network resources.

Object Sizes in a SAM Database
Object Size in SAM Database
User account
1.0 KB
Computer account
0.5 KB
Global group account
0.5 KB plus 12 bytes per user
Local group account
0.5 KB plus 36 bytes per user
NOTE

In Microsoft Windows 2000, the functions of the SAM database have been migrated to the more powerful and scalable Active Directory.