Term
| Access Control Entry (ACE) |
|
Definition
| An entry within an access control list (ACL) that grants or denies permissions to users or group for a given resource. |
|
|
Term
| Access Control List (ACL) |
|
Definition
| A set of access control entries that define an object's permission settings. ACLs enable administrator to explicitly control access to resources |
|
|
Term
|
Definition
| In AD FS, an organization that has been granted access to a resource partner's we-based application. Users in the account partner can access this application without the need for a separate user account in the resource partner's domain |
|
|
Term
|
Definition
| The Windows Server 2008 directory service that replaces the antiquated Windows NT domain structure. Active Directory forms the basis for centralized network management on Windows Server 2008 networks, providing a hierarchical view of network resources. Also known in Windows Server 2008 as Active Directory Domain Services (AD DS). Active Directory Application Mode (ADAM) |
|
|
Term
| Active Directory Application Mode (ADAM) |
|
Definition
| A standalone mode of Active Directory that enables organizations to use directory-enabled applications in their own directory, with its own schema, independently of the main corporate Active Directory database. |
|
|
Term
| Active Directory Federation Services (AD FS)_ |
|
Definition
| A new set of technologies in Windows Server 2003 R2 and enhanced in Windows Server 2008 that enables partner companies to access Active Directory resources across the Internet in a trusted manner, without having to have user accounts in the resource domain |
|
|
Term
| Active Directory - integrated zone |
|
Definition
| A DNS zone that is hosted on a domain controller and stored in one or more AD DS application directory partitions and replicated with AD DS. |
|
|
Term
| Active Directory Lightweight Directory Services (AD LDS) |
|
Definition
| An update to ADAM that provides directory services for directory-enabled applications on Windows networks without the need for deploying additional domain or domain controllers |
|
|
Term
| Active Directory Migration Tool (ADMT) |
|
Definition
| A utility that enables you to move objects such as users, groups, and computer from a Windows NT 4.0 domain to an Active Directory domain or to move objects between Active Directory domain in the same or different forests. This tools removes the manual work required to disjoin old domains and join the new domain. |
|
|
Term
| Active Directory Rights Management Services (AD RMS) |
|
Definition
| A directory service that uses a certification base to confirm the identity of users of information on the network, thereby enabling you to create and work with rights-protected information and ensure that only authorized users have access to these items |
|
|
Term
| Active Directory Service Interfaces (ADSI) |
|
Definition
| A directory service model implemented as a set of COM interfaces. ADSI allows Windows application to access Active Directory, often through ActiveX interfaces such as VBScript. |
|
|
Term
| Active Directory Users and Computers |
|
Definition
| the primary systems administrator utility for managing users, groups, and computers in a Windows Server 2008 domain, implemented as a Microsoft Management Console (MMC) snap-in |
|
|
Term
|
Definition
| A single running copy of the AD LDS directory service, which includes a separate directory data store, a unique service name, and a unique service description. |
|
|
Term
|
Definition
| A utility that prepares a Windows 2000 or Windows Server 2003 forest or domain for receiving domain controllers running Windows Server 2008. it has several parameters, the most important of which are /forestprep, which prepares the forest, /domainprep, which prepares the domain, and /rodcprep, which prepares the domain for receiving red-only domain controllers (RODC). |
|
|
Term
|
Definition
| Active Directory Rights Management Services |
|
|
Term
|
Definition
| Active Directory Service Interfaces |
|
|
Term
|
Definition
| A utility that enables you to view and edit information about any AD DS or AD LDS object, including schema and configuration data |
|
|
Term
|
Definition
| An acronym that stands for Microsoft's recommendation of placing Accounts into Global groups, placing these groups into Domain local groups, and granting Permissions to the domain local group |
|
|
Term
|
Definition
| Authority Information Access |
|
|
Term
| Application Directory Partition |
|
Definition
| A partitioned section of Active Directory that is replicated only to specified domain controllers. Applications use application directory partitions to store their application-specific data |
|
|
Term
|
Definition
| Through the Software Installation utility in Group Policy, administrator can assign applications to users and computers. Assigned applications are always available to the user, even if the user attempts to uninstall them. Applications assigned to a computer will automatically be installed on the next restart. |
|
|
Term
|
Definition
| Occurs when one task waits until another is finished before beginning. This is typically associated with scripts, such as a user logon script not running before the computer startup script has completed. This is the default behavior in Windows Server 2008 |
|
|
Term
|
Definition
| The basic unit of an object, this is the single property contained in the schema that defines the object through it's values. For example, an attribute of a standard user account is the account name. |
|
|
Term
|
Definition
| A security process that tracks the usage of selected network resources, typically storing the results in a log file. |
|
|
Term
|
Definition
| A command-line tool that enables you to configure audit policy settings and directory service auditing subcategories. |
|
|
Term
|
Definition
| The process by which a server validates a user's logon credentials so that access to a network resource can be granted or denied |
|
|
Term
| Authority Information Access (AIA) |
|
Definition
| A certificate extension that points to URLs where you can retrieve an issuing CA's certificate |
|
|
Term
|
Definition
| The ability to automatically enroll users and computers for certificates, retrieve existing certificates, and renew expired certificates without user intervention. |
|
|
Term
|
Definition
|
|
Term
| Backup Domain Controller (BDC) |
|
Definition
| A Windows NT 3.x or 4.0 server that contains a backup read-only copy of the domain security accounts manager (user account and security information). BDCs take the load off the primary domain controller (PDC) by servicing logon requests. Periodic synchronizing ensures that data between the PDC and BDCs remains consistent. |
|
|
Term
|
Definition
| A term associated with performance monitoring, this is the initial result of monitoring typical network and server performance under a normal load. All future results are measure against the baseline readings. A baseline will typically have performance readings for the processor(s), memory, disk subsystem, and network subsystem. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A new feature o windows Server 2008 and Windows Vista that enables you to encrypt the entire contents of your system partition. It is useful for protecting sensitive data on computers such as laptops or branch office domain controllers that are susceptible to theft. |
|
|
Term
|
Definition
| The contact point for the exchange of directory information between Active Directory sites. The bridgehead server receives information replicated from other sites and replicates it to its site's other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them. |
|
|
Term
|
Definition
| A user account that is created by default when Windows is installed on a computer. An example is the local Administrator account. |
|
|
Term
|
Definition
| Certification Authority (CA) |
|
|
Term
|
Definition
| CRL distribution point (CDP) |
|
|
Term
|
Definition
| The process by which users and computer can be given permission to make requests for certificates, retrieve existing certificates, and renew expired certificates. Each CA that is installed on a server has web pages that users can access to submit basic and advanced certificate requests. |
|
|
Term
| Certificate Revocation List (CRL) |
|
Definition
| A document published by a CA that lists certificates that have been issued but no longer valid. By default, the CA publishes the CRL on a weekly basis. |
|
|
Term
|
Definition
| Provided by AD CS to simplify the process of requesting and issuing certificates for various purposes. Each template contains the rules and settings that must be in place to create a certificate of a certain type. Certificate templates are available only on enterprise root and subordinate CAs. |
|
|
Term
| Certificate Authority (CA) |
|
Definition
| A trusted authority either within a network or a third-party company that manages security credentials such that is guarantees the user object holding a certificate is who it claims to be. |
|
|
Term
|
Definition
| Indicates the location of the last information successfully written from the transaction logs to the database. In a data-recovery scenario, the checkpoint file indicates where the recovery or replaying of data should begin. |
|
|
Term
|
Definition
| When a log file fills up, it is overwritten with new data rather than a new log file being created. This conserves disk space but can result in data loss in a disaster recovery scenario. |
|
|
Term
|
Definition
| In AD FS, a statement made by a server about a client, such as its name, identity, key, group, privilege, or capability. You can enable specific claim types that are accepted by the account partner; claims that fail to match these types will be rejected. Claim types can include identity claims, group claims, or custom claims, and identity claims can include UPN claims, email claims, and common name claims. |
|
|
Term
|
Definition
| In AD FS, the act of processing incoming claims to the resource application hosted by the resource federation service. |
|
|
Term
|
Definition
| The portion of a Group Policy object that allows for computer policies to be configured and applied. |
|
|
Term
|
Definition
| The relaying of a DNS request for zone information for specific domains from one server to another when the first server is unable to process the request. |
|
|
Term
|
Definition
| An Active Directory object stored on domain controllers that is used to represent inbound replication links. Domain controllers create their own connection objects for intrasite replication through the Knowledge Consistency Checker (KCC), whereas only a single domain controller in a site creates connection objects for interstice replication, through the Intersite Topology Generator. |
|
|
Term
|
Definition
| An object in Active Directory that is capable of holding other objects. An example of a container would be the Users folder in Active Directory Users and Computers |
|
|
Term
|
Definition
| The process of stabilization after network changes occur. Often associated with routing or replication, this ensures each router or server contains consistent information. |
|
|
Term
|
Definition
| The metrics used in performance monitoring, these are what you are actually monitoring. An example of a counter for a CPU object would be %Processing Time. |
|
|
Term
|
Definition
| The storing of a limited set of passwords on an RODC. You can configure credential caching to store only those passwords of users who are authorized to log on at a given RODC. |
|
|
Term
|
Definition
| Certificate Revocation List (CRL) |
|
|
Term
| CRL Distribution Point (CDP) |
|
Definition
| A certificate extension that indicates URL locations where a CRL can be retrieved. Multiple HTTP, FTP, FILE, or LDAP locations can be included. |
|
|
Term
|
Definition
| A utility that imports comma-separated text files into the AD DS database. You can use this utility to automate the bulk creation of user or group accounts |
|
|
Term
|
Definition
|
|
Term
|
Definition
| The command-line utility used to promote a Windows Server 2008 system to a domain controller. DCPROMO can also be used to demote a domain controller to a member server. |
|
|
Term
|
Definition
| Dynamic Domain Name System (DDNS) |
|
|
Term
|
Definition
| The process of offloading the responsibility for a given task or set of tasks to another user or group. Delegation in Windows Server 2008 usually involves granting permission to someone else to perform a specific administrative task such as creating computer accounts. |
|
|
Term
|
Definition
| A CRL that includes the list of certificates revoked since the issuance of the most recent complete (base) CRL. Its use optimizes bandwidth usage when certificates are frequently revoked |
|
|
Term
|
Definition
| Distributed File System (DFS) |
|
|
Term
|
Definition
| Dynamic Host Configuration Protocol (DHCP) |
|
|
Term
|
Definition
| A database that contains any number of different types of data. In Windows Server 2008, Active Directory is a database that contains information about objects in the domain, such as computer, users, groups, and printers. |
|
|
Term
|
Definition
| Provides the methods of storing directory data and making that data available to other directory objects. A directory service makes it possible for users to find any object in the directory given any one of its attributes |
|
|
Term
| Directory System Agent (DSA) |
|
Definition
| Makes data within Active Directory accessible to application that want it, acting as a liaison between the directory database and the applications. |
|
|
Term
|
Definition
| An administrative disk space limitation set on the server storage space, on a per-volume basis, that can be used by any particular user. |
|
|
Term
|
Definition
| The name that uniquely identifies an object. A distinguished name is composed of the relative distinguished name, the domain name, and the container holding the object. An example would be CN=AnyUser,CN=Examcram,CN=COM. This refers to the AnyUser user account in the examcram.com domain |
|
|
Term
| Distributed File System (DFS) |
|
Definition
| A Windows Server 2008 service that allows resources from multiple server locations to be presented through Active Directory as a contiguous set of files and folders, resulting in more ease of use of network resources for user. |
|
|
Term
|
Definition
| An Active Directory group of user accounts or other groups used strictly for email distribution. A distribution group cannot be used to grant permissions to resources. That type of group is called a security group. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A command-line tool that can perform most of the DNS server administrative tasks in Windows Server 2008 |
|
|
Term
|
Definition
| A process in which the master DNS server for a zone notifies secondary servers of changes so that the secondary servers can determine whether they need to initiate a zone transfer. |
|
|
Term
|
Definition
| A logical grouping of Windows Server 2008 computers, users, and groups that share a common directory database. Domains act as a security boundary and are defined by an administrator. |
|
|
Term
|
Definition
| A server that is capable of performing authentication. In Windows Server 2008, a domain controller holds an editable copy of the Active Directory database. |
|
|
Term
|
Definition
| Windows Server 2008 domains can operate at one of three functional levels: Windows 2000 native, Windows Server 2003 native, or the Windows Server 2008 functional level. Each functional level has different trade-offs between features and limitations |
|
|
Term
|
Definition
| A domain local group can contain other domain local groups from its own domain, as well as global groups from any domain in the forest. A domain local group can be used to assign permissions to resources located in the same domain as the group. |
|
|
Term
|
Definition
| A hierarchical name-resolution system that resolves host names (fully qualified domain names, FQDNs) into IP addresses and vice versa. DNS also makes it possible for the distributed Active Directory data-base to function, by allowing clients to query the locations of services in the forest and domain. |
|
|
Term
|
Definition
| One of the two forestwide flexible single master operations (FSMO) roles, the Domain Naming Master's job is to ensure domain name uniqueness within the forest. |
|
|
Term
|
Definition
| A user account that is stored in the AD DS database. It permits a user to log on to any computer in the domain where it is located or a trusted domain. |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| A command-line tool that enables you to add objects such as users, groups, contacts, or computer to the AD DS database. |
|
|
Term
| Dynamic Domain Name System (DDNS) |
|
Definition
| An extension of the DNS that allows Windows 2000 and later systems to automatically register their A records (by themselves or by the DHCP server) with DNS at the time they obtain an IP address from a DHCP server. |
|
|
Term
| Dynamic Host Configuration Protocol (DHCP) |
|
Definition
| A service that allows an administrator to specify a range of valid IP addresses to be used on a network, as well as exclusion IP addresses that should not be assigned (for example, if they were already statically assigned elsewhere). These addresses are automatically given out to computers configured to use DHCP as they boot up on the network, thus saving the administrator from having to configure static IP addresses on each network device. |
|
|
Term
|
Definition
| A user who has been issued a special certificate that grants him the authority to enroll users into advanced security and issue certificates on behalf of the users. |
|
|
Term
|
Definition
| The physical workstation or server where the enrollment agent certificate is installed and used by the authorized person to enroll uses and issue certificates. |
|
|
Term
|
Definition
| A CA that is integrated with AD DS. Enterprise CA's replicate certificates with AD DS replication and require that users be authenticated. |
|
|
Term
|
Definition
| Extensible Storage Engine |
|
|
Term
| Extensible Storage Engine (ESE) |
|
Definition
| The Active Directory database engine, ESE is an improved version of the older Jet database technology. The ESE database uses the concept of discrete transactions and log files to ensure the integrity of Active Directory. Each request to the DSA to add, modify, or delete an object or attribute is treated as an individual transaction. As these transactions occur on each domain controller, they are recorded in a series of log files that are associated with each ntds.dit file. |
|
|
Term
|
Definition
| A trust relationship created between a Windows Server 2008 Active Directory domain and a Windows NT 4 domain, or between Active Directory domains in different forests. |
|
|
Term
|
Definition
| In AD FS, a web-based application that is configured so that uses in an organization connected by means of a federation trust can be authenticated to access this application without the need for a separate AD DS user account. |
|
|
Term
|
Definition
| In AD FS, a relationship between two organizations that allows for access to web-based applications without establishing an external or forest trust between the organizations' domains. |
|
|
Term
| File Replication Service (FRS) |
|
Definition
| A service that provides multimaster replication between specified domain controllers within an Active Directory tree. |
|
|
Term
| File Transfer Protocol (FTP) |
|
Definition
| A standard TCP/IP utility that allows for the transfer of files from an FTP server to a client machine running the FTP client. |
|
|
Term
| Fine-Grained password policies |
|
Definition
| A new feature of Windows Server 2008 that enables you to configure password policies that apply only to specific users or groups within a domain. |
|
|
Term
|
Definition
| A hardware or software security system that limits access to network resources across subnets. Typically, a firewall is used between a private network and the Internet to prevent outsiders from accessing the private network. The firewall also limits what Internet services users of the private network can access. |
|
|
Term
|
Definition
| A namespace that cannot be partitioned to produce additional domains. Windows NT 4 and earlier domains were examples of flat namespaces, as opposed to the Windows Server 2008 hierarchical namespace |
|
|
Term
| Flexible single-master operations (FSMO) |
|
Definition
| Five roles that are required by Windows Server 2008 not to follow the typical multimaster model and instead are hosted on only a single domain controller in each domain, in the case of the Infrastructure Master, PDC Emulator, and RID Master, or on only a single domain controller in the forest, in the case of the Domain Naming Master and the Schema Master. |
|
|
Term
|
Definition
| A Windows Server 2008 feature that allows special folders, such as My Documents, on local Windows XP Professional or Vista Business/Enterprise/Ultimate system hard drives to be redirected to a shared network location. |
|
|
Term
|
Definition
| A grouping of Active Directory trees that have a trust relationship between them. Forests can consist of a noncontiguous namespace and, unlike domains and trees, do not have to be given a specific name. |
|
|
Term
|
Definition
| The three forest functional levels are Windows 2000, Windows Server 2003, and Windows Server 2008. The default forest functional level is Windows 2000. When the forest functional level is raised to Windows Server 2003 or Windows Server 2008, advanced forestwide Active Directory features are available according to the level chosen. |
|
|
Term
|
Definition
| The first domain created in a forest. |
|
|
Term
|
Definition
| A trust relationship established between two Active Directory forests |
|
|
Term
|
Definition
| A DNS name-resolution process by which a hostname is resolved to an IP address |
|
|
Term
|
Definition
| The relaying of a DNS request from one server to another, when the first server is unable to process the request. |
|
|
Term
|
Definition
| Fully Qualified Domain Name (FQDN) |
|
|
Term
|
Definition
| File Replication Service (FRS) |
|
|
Term
|
Definition
| Flexible Single-Master Operations (FSMO) |
|
|
Term
|
Definition
| File Transfer Protocol (FTP) |
|
|
Term
| Full Zone Transfer (AXFR) |
|
Definition
| A zone transfer in which the master server transmits the entire zone database to that zone's secondary servers. |
|
|
Term
| Fully Qualified Domain Name (FQDN) |
|
Definition
| A DNS domain name that unambiguously describes the location of the host within a domain tree. An example of an FQDN would be the computer www.examcram.com |
|
|
Term
|
Definition
| A concept introduced in Windows Server 2003 that determines what level of features and interoperability with other Windows operating systems is available in a domain or forest. In Windows 2000, functional levels were referred to as modes. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Contains a partial replica of every Windows Server 2008 domain object within the Active Directory, enabling users to find any object in the directory. The partial replica contains the most commonly used attributes of an object, as well as information on how to locate a complete replica elsewhere in the directory, if needed. |
|
|
Term
|
Definition
| The Windows Server 2008 server that holds the Global Catalog for the forest |
|
|
Term
|
Definition
| A global group can contain users from the same domain in which the group is located, and global groups can be added to domain local groups to control access to network resources. |
|
|
Term
| Globally Unique Identifier (GUID) |
|
Definition
| A hexadecimal number supplied by the manufacturer of a product that uniquely identifies the hardware or software. A GUID is in the form of eight characters, followed by three sets of four characters, followed by 12 characters. For example, {15DEF489-AE24-10BF-C11A-00BB844CE637} is a valid format for a GUID (braces included) |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A command-line utility that displays information about the current effect Group Policy has had on the local computer and logged-in user account. |
|
|
Term
|
Definition
| The Windows Server 2008 feature that allows for policy creation, which affects domain users and computer. Policies can be anything from desktop settings to application assignments to security settings and more. |
|
|
Term
| Group Policy Management Editor |
|
Definition
| The Microsoft Management Console (MMC) snap-in that is used to modify the settings of a Group Policy object. |
|
|
Term
| Group Policy Object (GPO) |
|
Definition
| A collection of policies that apply to a specific target, such as the domain itself (Default Domain Policy) or an Organizational Unit (OU). GPOs are modified through the Group Policy Editor to define policy settings. |
|
|
Term
|
Definition
| Globally Unique Identifier |
|
|
Term
|
Definition
| A namespace , such as with DNS, that can be partitioned out in the form of a tree. This allows great flexibility in using a domain name because any number of subdomains can be created under a parent domain. |
|
|
Term
|
Definition
| The new virtualization tool included with the 64-bit editions of Windows Server 2008 that enables you to run multiple instances of the operating system on a single server. |
|
|
Term
| Incremental zone transfer (IXFR) |
|
Definition
| A zone transfer in which the master server transmits only the modified portion of each zone file to that zone's secondary servers. |
|
|
Term
|
Definition
| The FSMO role that is responsible for receiving replicated changes from other domains within the forest and replicating these changes to all domain controllers within its domain. Each domain has one Infrastructure Master; it also is responsible fro tracking what Active Directory container an object is located in. |
|
|
Term
|
Definition
| The process by which an object obtains settings information from a parent object. |
|
|
Term
| Intersite Topology Generator (ISTG) |
|
Definition
| The Windows Server 2008 server that is responsible for evaluating and creating the topology for intersite replication. |
|
|
Term
|
Definition
| A CA server that is involved in the day-to-day issuing of certificates for computers and users on the network. |
|
|
Term
|
Definition
| Intersite Topology Generator (ISTG) |
|
|
Term
|
Definition
| Incremental zone transfer (IXFR) |
|
|
Term
|
Definition
| Technology that allows software features to be updated when they are accessed. Whereas in the past, missing application features needed to be manually installed, JIT technology allows the features to be install on the fly as they are accessed, with no other intervention required. |
|
|
Term
|
Definition
| Knowledge Consistency Checker (KCC) |
|
|
Term
|
Definition
| An Internet standard security protocol that has largely replaced the older LAN Manager user-authentication mechanism from earlier Windows NT versions. |
|
|
Term
| Knowledge Consistency Checker (KCC) |
|
Definition
| A Windows Server 2008 service that ensures consistent database information is kept across all domain controllers. It attempts to ensure that replication can always take place. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| The delay that occurs in replication from the time a change is made to one replica and the time that change is applied to all other replicas in the directory. |
|
|
Term
|
Definition
| Lightweight Directory Access Protocol (LDAP) |
|
|
Term
|
Definition
| A utility that enables you to import data formatted in the LDAP Data Interchange Format (LDIF) format to the AD DS database. You can use this tool to automate the creation of user, computer, or group accounts. |
|
|
Term
|
Definition
| A GUI-based tool that enables you to perform several types of administrator actions on any LDAP directory service, including AD DS and AD LDS. |
|
|
Term
| Lightweight Directory Access Protocol |
|
Definition
| The protocol that allows access to Active Directory. LDAP is an Internet standard for accessing directory services. |
|
|
Term
|
Definition
| A Group Policy that exists in one object and is linked to another object. Linked policies are used to reduce administrative duplication in applying the same policies to multiple OUs. |
|
|
Term
|
Definition
| A network where all hosts are connected over fast connections (4MBps or greater for Token Ring; 10MBps or better for Ethernet). LANs typically do not involve outside data carriers (such as Frame Relay lines or T1 circuits) and are generally wholly owned by the organization. |
|
|
Term
|
Definition
| A security group that exists on a local workstation or sever and is used for granting permissions to local resources. Typically, global groups from a domain are placed inside a local group to gain access to resources on a local machine. |
|
|
Term
| Local Group Policy Objects |
|
Definition
| Objects that exist on the local Windows Server 2008 system. Site-, domain-, and OU-applied GPOs take precedence over local GPOs. |
|
|
Term
|
Definition
| A user account that is stored in the SAM of a member server or client computer. Such an account can be used to log on to that computer only and does not possess domain privileges. |
|
|
Term
|
Definition
| A server that is a member of a domain but is not a domain controller. A Windows Server 2008 domain can have Windows NT, Windows 2000, Windows Server 2003, and Windows Server 2008 member servers, regardless of the domain functional level. |
|
|
Term
| Microsoft Management Console (MMC) |
|
Definition
| An extensible management framework that provides a common look and feel to all Windows Server 2008 utilities. |
|
|
Term
|
Definition
| Microsoft Management Console (MMC) |
|
|
Term
|
Definition
| A server that has two or more network cards. This allows a server either to function as a router or to belong to more than one subnet simultaneously. Alternatively, multiple network adapters can be used for load balancing or fault tolerance. |
|
|
Term
|
Definition
| A replication model in which any domain controller will replicate data to any other domain controller. This is the default behavior in Windows Server 2008. It contrasts with the single-master replication model of Windows NT 4, in which a PDC contained the master copy of everything and BDCs contained backup copies. |
|
|
Term
|
Definition
| The process of resolving a hostname into a format that computers can understand. This is typically resolving a DNS name or NetBIOS name to an IP address but could also be a MAC address on non-TCP/IP networks. |
|
|
Term
|
Definition
| An application programming interface (API) used on Windows NT 4 and earlier networks by services requesting and providing name resolution and network data management. |
|
|
Term
|
Definition
| A utility that enables you to capture, view, and analyze frames transmitted across the network to network adapter cards on your computer. It is useful for detecting incursions by unauthorized users and tracing their activity on the network. |
|
|
Term
| Nonlocal Group Policy objects |
|
Definition
| GPOs that are stored in Active Directory rather than on the local machine. These can be site-, domain-, or OU-level GPOs. |
|
|
Term
|
Definition
| A TCP/IP utility used in troubleshooting DNS name resolution problems |
|
|
Term
|
Definition
| A command-line utility that provides a number of Active Directory management functions. |
|
|
Term
|
Definition
| The Windows NT/2000 file system that supports a much more robust feature set than either FAT16 or FAT32 (which was used on Windows 9x). You should use NTFS whenever possible on Windows Server 2008 systems; indeed, the server installation utility automatically creates an NTFS partition during installation. |
|
|
Term
|
Definition
| A distinct entity represented by a series of attributes within Active Directory. An object can be a user, group, computer, folder, file, printer, and so on. |
|
|
Term
|
Definition
| A number that uniquely identifies an object class or attribute. In the United States, the American National Standards Institute (ANSI) issues object identifiers, which take the form of an x.x.x.x dotted decimal format. Microsoft, for example, was issued the root object identifier of 1.2.840.113556, from which it can create further subobject identifiers. |
|
|
Term
|
Definition
| Online Certificate Status Protocol (OCSP) |
|
|
Term
| Online Certificate Status Protocol (OCSP) |
|
Definition
| A protocol that enables rapid certificate status validations. AD CS in Windows Server 2008 includes an OCSP Responder role service. |
|
|
Term
|
Definition
| A Windows Server 2008 domain controller that has been assigned one or more of the special Active Directory domain roles, such as Schema Master, Domain Naming Master, PDC Emulator, Infrastructure Master, and Relative Identifier (RID) Master. |
|
|
Term
|
Definition
| An Active Directory container object that allows an administrator to logically group users, groups, computers, and other OUs into administrative units. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A collection of software compiled into a distributable form, such as a Windows Installer (.msi) package created with WinInstall. |
|
|
Term
| Parent-Child Trust Relationship |
|
Definition
| The relationship whereby a child object trusts its parent object, and the parent object is trusted by tall child objects under it. Active Directory automatically creates two-way transitive trust relationships between parent and child objects. |
|
|
Term
|
Definition
| A schema attribute that tracks the internal replication status of partial replicas, such as those found on GC servers. |
|
|
Term
| Password Settings Object (PSO) |
|
Definition
| An object class defined in the AD DS schema that holds attributes for the fine-grained password and account lockout policy settings. |
|
|
Term
|
Definition
| A new feature of Windows Server 2003 R2 that contributes to better Active Directory and UNIX interoperability by automatically synchronizing passwords between the two. |
|
|
Term
|
Definition
| The process of modifying or updating software packages |
|
|
Term
|
Definition
| Primary domain controller (PDC) |
|
|
Term
|
Definition
| The domain-level FSMO role that replicates data with Windows NT 4 BDCs in a domain, in effect functioning as an NT 4 PDC. |
|
|
Term
|
Definition
| A TCP/IP utility that tests for basic connectivity between the client machine running Ping and any other TCP/IP host. |
|
|
Term
|
Definition
| Public Key Infrastructure (PKI) |
|
|
Term
|
Definition
| Settings and rules that are applied to users or computers, usually Group Policy in Windows Server 2008 and System Policy in Windows NT 4. |
|
|
Term
| Preferred Bridgehead Server |
|
Definition
| Rather than letting the KCC decide which server should be a bridgehead server, you can designate preferred bridgehead servers to be used if the primary goes down. Only one preferred bridgehead server can be active at a time. |
|
|
Term
| Primary Domain Controller (PDC) |
|
Definition
| A Windows NT 4 (and earlier) server that contains the master copy of the domain database and the only writable copy of the database. PDCs authenticate user logon requests and track security-related changes with-in the domain. |
|
|
Term
|
Definition
| A master copy of the DNS zone data hosted on a server that is the primary source of information for records found in this zone. |
|
|
Term
|
Definition
|
|
Term
| Public Key Infrastructure (PKI) |
|
Definition
| An industry standard technology that allows for the establishment of secure communication between hosts based on a public key/private key or certificate-based system. |
|
|
Term
|
Definition
| Through the software Installation utility in Group Policy, administrators can publish applications to users. Published applications appear in Add/Remove Programs and can be optionally installed by the user. |
|
|
Term
|
Definition
| Relative distinguished name (RDN) |
|
|
Term
| Read-only domain controller (RODC) |
|
Definition
| A new Windows Server 2008 feature in which the domain controller is installed with a read-only directory database. You cannot perform directory updates directly from the RODC. It is especially suitable in reduced security environments such as branch offices. |
|
|
Term
|
Definition
| A trust relationship in Windows Server 2008 that is created between an Active Directory domain and a Unix realm. |
|
|
Term
|
Definition
| A data repository on each computer that contains information about that computer's configuration. The Registry is organized into a hierarchical tree and is made up of hives, keys, and values. |
|
|
Term
| Relative distinguished name (RDN) |
|
Definition
| The part of a DNS name that defines the host. For example, in the FQDN www.examcram.com, www is the relative distinguished name. |
|
|
Term
| Relative Identifier (RID) |
|
Definition
| The part of the security identifier (SID) that uniquely identifies an account or group within a domain. |
|
|
Term
| Reliability and Performance Monitor |
|
Definition
| A Microsoft Management Console application that contains several tools for monitoring your computer's performance. |
|
|
Term
|
Definition
| A component of the Reliability and Performance Monitor that provides a trend analysis of you computer's system stability with time. It shows how events such as hardware or application failures, software installations or removals, and so on affect your computer's stability. |
|
|
Term
|
Definition
| A copy of any given Active Directory object. Each copy of an object stored on multiple domain controllers is a replica. |
|
|
Term
|
Definition
| The process of copying data from one Windows Server 2008 domain controller to another. Replication is a process managed by an administrator and typically occurs automatically whenever changes are made to a replica of an object. |
|
|
Term
| Request for Comments (RFC) |
|
Definition
| Official uniquely numbered documents that specify Internet standards for the TCP/IP protocol. |
|
|
Term
|
Definition
| In AD FS, an organization that hosts a server containing a web-based application that has been configured for access by users in the trusted organization. |
|
|
Term
|
Definition
| Standard database record types used in DNS zone database files. Common types of resource records include Address (A), Mail Exchanger (MX), Start of Authority (SOA), and Name Server (NS), among others. |
|
|
Term
| Resultant Set of Policy (RSoP) |
|
Definition
| A Windows Server 2008 Group Policy tool that lets you simulate the effects of Group Policies without actually implementing them. RSoP has two modes: logging mode and planning mode. Logging mode determines the resultant effect of policy settings that have been applied to an existing user and computer based on a site, domain, or organizational unit. Planning mode simulates the resultant effect of policy settings that are applied to a user and computer. |
|
|
Term
|
Definition
| A DNS name-resolution process by which an IP address is resolved to a hostname. |
|
|
Term
|
Definition
| Relative Identifier (RID) |
|
|
Term
|
Definition
| The domain-level FSMO role that is responsible for managing pools of RIDs and ensuring that every object in the domain gets a unique RID. |
|
|
Term
|
Definition
| Read-Only Domain Controller (RODC) |
|
|
Term
|
Definition
| The topmost CA in a PKI hierarchy, this is the most authoritative certificate server. You should protect this server with the highest level of security possible, such as storing it offline in a vault. If it is compromised, the entire PKI hierarchy is compromised. |
|
|
Term
|
Definition
| A list of the names and IP addresses of DNS servers that are authoritative for the Internet root domains. Used by a DNS server to forward queries for Internet domains that it is unable to resolve from its own database. |
|
|
Term
|
Definition
| A load-balancing mechanism that DNS servers use to distribute name resolution activity among all available DNS servers. |
|
|
Term
|
Definition
| A dedicated network hardware appliance or a server running routing software and multiple network cards. Routers join dissimilar network topologies (such as Ethernet to Frame Relay) or simply segment networks into multiple subnets. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Measurement (often subjective) of how well a resource such as a server can expand to accommodate growing needs. |
|
|
Term
|
Definition
| The process by which a DNS server searches for and deletes aged (stale) resource records |
|
|
Term
|
Definition
| In Active Directory, a schema is a database that contains the description of object classes and the attributes that the object classes must possess and can possess. |
|
|
Term
|
Definition
| The Windows Server 2008 domain controller that has been assigned the Operations Master role to control all schema updates within a forest. |
|
|
Term
|
Definition
| Secure dynamic DNS (SDDNS). |
|
|
Term
|
Definition
| An additional copy of DNS zone data hosted on a DNS server that is a secondary source for this zone information. |
|
|
Term
| Secure Dynamic DNS (SDDNS) |
|
Definition
| An enhancement to DNS that enables you to permit dynamic updates only from authorized client computers in an Active Directory-integrated zone. |
|
|
Term
|
Definition
| A type of group that can contain user accounts or other groups and can be used to assign levels of access (permissions) to shared resources. |
|
|
Term
| Security Identifier (SID) |
|
Definition
| A number that uniquely identifies a user, group, or computer account. Every account is issued one when created. If the account is later deleted and re-created with the same name, it will have a different SID. Once an SID is used in a domain, it can never be used again. |
|
|
Term
|
Definition
| Collections of standard settings that can be applied administratively to give a consistent level of security to a system. |
|
|
Term
|
Definition
| The act of moving an operations master role from one domain controller to another when the original role holder is no longer available on the network. You cannot seize a role if the original role holder is available; you must transfer it instead. Once you have seized a role, you cannot bring back the original role holder without reinstalling Active Directory in most cases. |
|
|
Term
|
Definition
| A new feature of Windows Servers 2008 that enables you to install a minimal version of the server without a GUI, Start menu, taskbar, or many ancillary components. A Server Core computer can hold most of the roles that an ordinary Windows Server 2008 computer holds, but with a smaller network footprint and fewer points of attack. |
|
|
Term
|
Definition
| A new feature of Windows Server 2003 R2 that helps integrate Active Directory and UNIX by enabling an Active Directory domain controller to function as a UNIX NIS server. |
|
|
Term
| Server Performance Advisor |
|
Definition
| A utility that provides an in-depth view of current server performance and suggestions for making improvements. |
|
|
Term
|
Definition
| A Windows Server 2008 trust relationship between two domains within the same forest. Shortcut trusts are used to reduce the path authentication needs to travel by directly connecting child domains. |
|
|
Term
|
Definition
| Security Identifier (SID) |
|
|
Term
|
Definition
| A mechanism that validates the SIDs of users in a trusted domain that is attempting to authenticate across a trust relationship to a trusting domain. It enhances security by verifying that the authentication request contains only SIDs of security principals in the trusted domain. |
|
|
Term
|
Definition
| Certain Active Directory operations that are only allowed to occur in one place at any given time (as opposed to being allowed to occur in multiple locations simultaneously). Examples of single-master operations include schema modifications, RID assignments, and infrastructure changes. |
|
|
Term
|
Definition
| The ideal of having one username and password that works for everything on a network. Windows Server 2008 features like Active Directory Federations Services bring this closer to a reality than ever before. |
|
|
Term
|
Definition
| A physical component of Active Directory. Sites are created for the purpose of balancing logon authentication with replication. They can have zero (in planning), one, or multiple IP subnets. These subnets should be well connected with fast LAN links. |
|
|
Term
|
Definition
| A connection between sites, it is used to join multiple locations. |
|
|
Term
|
Definition
| A collection of site links that helps Active Directory work out the cost of replicating traffic from one point to another within the network infrastructure that is not directly connected by a single site link. By default, all site links are bridged, but this can be disabled in favor of manually configured site link bridges. |
|
|
Term
|
Definition
| A way for AD to determine what path to replicate traffic over on a routed network. The lower the cost, the more preferable it is for AD to use a particular site link. For example, if you have a T1 and an ISDN site link connecting the same sites, the T1 site link would have a lower cost than the ISDN site link, making it the preferred path for traffic. In other words, the faster the link, the lower the site link cost. |
|
|
Term
|
Definition
| A connection between sites that is not fast enough to provide full functionality in an acceptable timeframe. Site connections below 512KBps are defined as slow links in Windows Server 2008. |
|
|
Term
|
Definition
| A credit card-sized device that is used with an access code to enable certificate-based authentication and single sign-on to the enterprise. Smartcards securely store certificates, public and private keys, passwords, and other types of personal information. A smartcard reader attached to the computer reads the smartcard. |
|
|
Term
|
Definition
| A Group Policy component that allows administrators to optionally assign applications to be available to users and computers or publish applications to users. |
|
|
Term
|
Definition
| A component that can be added or removed from a Microsoft Management Console (MMC) console to provide specific functionality. The Windows Server 2008 administrative tools are implemented as snap-ins. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A CA whose database is stored locally and not integrated with AD DS. Typically, an organization has a standalone root CA coupled with enterprise subordinate CA's. This practice enables the administrator to keep the standalone root CA offline and secured in a safe location such as a vault. It is brought back online only when required fro issuing certificates to subordinate CAs. |
|
|
Term
|
Definition
| Also called a static address, this is where a network device (such as a server) is manually configured with an IP address that doesn't change rather than obtaining an address automatically from a DHCP server. |
|
|
Term
|
Definition
| Implemented using the Extensible Storage Engine, this is the physical storage of each Active Directory replica. |
|
|
Term
|
Definition
| A DNS zone that contains source information about authoritative name servers for its zone only. The DNS server hosting the stub zone obtains its information from another server that hosts a primary or secondary copy of the same zone data. |
|
|
Term
|
Definition
| A collection of hosts on a TCP/IP network that are not separated by routers. A basic corporate LAN with one location would be referred to as a subnet when it is connected by a router to another network, such as that of an Internet service provider. |
|
|
Term
|
Definition
| A CA whose certificates come from a root CA. The subordinate CA's job is to issue certificates to users and computers on the network. Each subordinate CA may be dedicated to a single type of certificate, such as smart cards, Encrypting File System (EFS), or a geographical location of multisite network. |
|
|
Term
|
Definition
| Synchronous processing occurs when one task does not wait for another to complete before it begins. Rather, the two run concurrently. This is typically associated with scripts in Windows Server 2008, such as a user logon script running without waiting for the computer startup script to finish. |
|
|
Term
|
Definition
| A locally store system key that encrypts the SAM database on Windows 2000 and later computers. It is required for computers to start. For added security, you can remove this key and store it on a floppy disk or specify a password to be entered manually on startup. |
|
|
Term
|
Definition
| Windows NT 4 Registry-based policy settings that have largely been replaced in Windows Server 2008 by Group Policy. System Policies can still be created using poledit.exe, however, for backward compatibility with pre-Windows 2000 clients. |
|
|
Term
|
Definition
| A shared folder on an NTFS partition on every AD domain controller that contains information (scripts, Group Policy info, and so on) that is replicated to other domain controllers in the domain. The SYSVOL folder is created during the installation of Active Directory. |
|
|
Term
|
Definition
| Transmission Control Protocol/Internet Protocol |
|
|
Term
|
Definition
| A special account created for the sold purpose of copying as needed when creating a large number of user accounts with similar privileges. |
|
|
Term
|
Definition
| The amount of time a packet destined for a host will exist before it is deleted from the network. TTLs are used to prevent networks from becoming congested with packages that cannot reach their destinations. |
|
|
Term
|
Definition
| The act of moving one of the operations masters roles from one domain controller to another when the original role holder is available on the network. You cannot transfer the role if the original holder is not available. |
|
|
Term
|
Definition
| An automatically created trust in Windows Server 2008 that exists between domain trees within a forest and domains within a tree. Transitive trusts are two-way trust relationships. Unlike with Windows NT 4, transitive trusts in Windows Server 2008 can flow between domains. This way, if Domain1 trusts Domain2, and Domain2 trusts Domain3, Domain1 automatically trusts Domain3. |
|
|
Term
| Transmission Control Protocol/Internet Protocol (TCP/IP) |
|
Definition
| The standard suite of networking protocols for communicating on the Internet. It is the default protocol in Windows Server 2008. |
|
|
Term
|
Definition
| A collection of Active Directory domains that are connected through transitive trusts and share a common Global Catalog and schema. Domains with a tree must form a contiguous namespace. A tree is contained within a forest, and multiple trees can exist within a forest. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| An Active Directory security group that can be used anywhere within a domain tree or forest, the only caveat being that universal groups can only be used when an Active Directory domain has been converted to native mode. |
|
|
Term
|
Definition
| A feature that can be used once a domain has been raised to the Windows Server 2008 functional level, it allows users in universal groups to log on without the presence of a GC server. |
|
|
Term
| Update Sequence Number (USN) |
|
Definition
| A 64-bit number that keeps track of changes as they are written to copies of Active Directory. As changes are made, this number increments by one. Every attribute in Active Directory has a USN value. |
|
|
Term
|
Definition
| User Principal Name (UPN) |
|
|
Term
|
Definition
| The portion of the UPN following the @ character. By default, this is the DNS domain name of the domain where the user account is located. However, you can define an alternate UPN suffix that enables you to conceal the actual domain structure of the forest or match the user's email address domain name. |
|
|
Term
|
Definition
| The portion of a Group Policy object that allows for user policy settings to be configured and applied. |
|
|
Term
|
Definition
| The name employed by a user to log on to a domain. AD DS uses this name and its associated password to authenticate the user. |
|
|
Term
| User Principal Name (UPN) |
|
Definition
| An alternate username that is formatted in a manner similar to that of an email address (for example, user@domain.com). Its use enables a user to more easily log on to a domain in the forest other than the domain she belongs to. |
|
|
Term
| User Principal Name (UPN) suffix |
|
Definition
|
|
Term
|
Definition
| Contains settings that define the user environment, typically applied when the user logs on to the system. |
|
|
Term
|
Definition
| Update sequence number (USN) |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A command-line tool that enables you to perform backups and restores. In Windows Server 2008, this is the only tool that you can use to perform system state backups and restores. |
|
|
Term
|
Definition
| A network that contains only fast connections between domains and hosts. The definition of "fast" is somewhat subjective and may vary from organization to organization. |
|
|
Term
|
Definition
| Multiple networks connected by slow connections between routers. |
|
|
Term
| Windows 2000 Functional Level |
|
Definition
| The default functional level that exists when you install AD DS on Windows Server 2008. In this functional level, you can have any combination of domain controllers running Windows 2000, Windows Server 2003, and Windows Server 2008. |
|
|
Term
| Windows Internet Name Service (WINS) |
|
Definition
| A dynamic name-resolution system that resolves NetBIOS names to IP addresses on Windows TCP/IP networks. With Windows Server 2008, WINS has been kept in place as a feature so that any legacy clients or applications on the network can use it. |
|
|
Term
| Windows Management Instrumentation (WMI) |
|
Definition
| A Windows Server 2008 management infrastructure for monitoring and controlling system resources. WMI filters are commonly used in Group Policy to modify the scope of a GPO according to the attributes of destination computers. |
|
|
Term
|
Definition
| Enables the running of VBScript or JavaScript scripts natively on a Windows system, offering increased power and flexibility over traditional batch files. |
|
|
Term
| Windows Server 2003 Functional Level |
|
Definition
| The functional level of either the domain or forest that you can select after you have removed or upgraded all Windows 2000 domain controllers. This functional level implements all the features of Windows Server 2003 Active Directory but at the expense of some backward compatibility; it does not implement new features of Windows Server 2008 Active Directory. |
|
|
Term
| Windows Server 2008 Functional Level |
|
Definition
| The highest functional level of the domain or forest that you can select after you have removed or upgraded all Windows 2000 and Windows Server 2003 domain controllers. This functional level implements all the features of Windows Server 2008 Active Directory but at the expense of backward compatibility with old Windows servers. |
|
|
Term
| Windows Server Virtualization |
|
Definition
| The capability of running multiple copies of different operating systems on a single server. The 64-bit edition of Windows 2008 contains a built-in virtualization capability known as Hyper-V. You can use Microsoft Virtual Serer 2005 on 32-bit editions of Windows Server 2008 or on older Windows Server versions. |
|
|
Term
| Windows System Resource Manager (WSRM) |
|
Definition
| An administrative feature that enables you to control how processor and memory resources are allocated to applications, services, and processes running on the server. |
|
|
Term
|
Definition
| An optional utility that ships with Windows Server 2008 and can be used to create Windows Installer packages. |
|
|
Term
|
Definition
| Windows Internet Name Service (WINS) |
|
|
Term
|
Definition
| Windows Management Instrumentation (WMI) |
|
|
Term
|
Definition
| A group of workstations and servers that are networked but not within the concept of a domain. In a workgroup, each machine maintains its own local accounts database and can be difficult to administer as the number of computer in the workgroup grows. |
|
|
Term
|
Definition
| The Windows interface to Windows Script Host (WSH). |
|
|
Term
|
Definition
| Windows Rights Resource Manager (WSRM) |
|
|
Term
|
Definition
| A set of standards developed by the International Standards Organization (ISO) that defines distributed directory services. |
|
|
Term
|
Definition
| A discrete portion of the local or Internet-based DNS namespace, for which a single DNS server is authoritative. |
|
|
Term
|
Definition
| The act of dividing the DNS namespace into a series of zones and delegating their management by creating resource records in other zones that point to the authoritative DNS servers for the zone being delegated |
|
|
