A Microsoft Windows NT service that authenticates users who attempt to log on to the domain. For example, if a user attempts to log on interactively to a computer running Windows NT Workstation within the domain, the NetLogon service running on the workstation forwards the logon request to a domain controller within the domain using a process called pass-through authentication.
The workstation knows how to contact the domain controller because during startup the workstation finds a domain controller through a process called discovery, after which an implicit trust relationship establishes a secure communication channel between the workstation and the domain controller.
The NetLogon service also ensures that all domain controllers within the domain are synchronized by having the primary domain controller (PDC) periodically notify groups of backup domain controllers (BDCs) that they should query the PDC for any updates to the Security Account Manager (SAM) database. The NetLogon service also enables and maintains trust relationships between domains on a multidomain deployment of Windows NT.