dcSAM

dcSAM, short for Domain Controller Security Accounts Manager, is a term used in Windows security to describe the subsystem that handles security account data on a domain controller. It represents the set of components and interfaces that integrate domain accounts with the local security policy, authentication flows, and policy enforcement in an Active Directory environment. In practice, dcSAM is part of the security stack that coordinates with the Local Security Authority (LSA), the Netlogon service, and Active Directory Domain Services (AD DS) to support logon and access control.

Operationally, domain controllers rely on the dcSAM interfaces during authentication, which may involve Kerberos authentication for

Security researchers and incident responders sometimes reference dcSAM when discussing credential theft techniques that target domain