[1] The concept of Windows domain is in contrast with that of a workgroup in which each computer maintains its own database of security principals.
The computers in a domain can share physical proximity on a small LAN or they can be located in different parts of the world.
Whichever package is used to control it, the database contains the user accounts and security information for the resources in that domain.
A workgroup does not have servers and clients, and hence represents the peer-to-peer (or client-to-client) networking paradigm, rather than the centralized architecture constituted by Server-Client.
Workgroups are considered difficult to manage beyond a dozen clients, and lack single sign on, scalability, resilience/disaster recovery functionality, and many security features.