Chapter 1 | Vocabulary | Windows Server
authentication
A process that confirms a user's identity, and the account is assigned permissions and rights that authorize the user to access resources and perform certain tasks on the computer or domain.
Knowledge Consistency Checker (KCC)
A process that runs on every domain controller to determine the replication topology.
leaf object
A type of Active Directory object that doesn't contain other objects and usually represents a security account, network resource, or GPO.
domain user account
A user account created in Active Directory that provides a single logon for users to access all resources in the domain for which they have been authorized.
local user account
A user account defined on a local computer that's authorized to access resources only on that computer.
user principal name (UPN)
A user logon name that follows the format username@domain. Users can use UPNs to sign in to their own domain from a computer that's a member of a different domain.
organizational unit (OU)
An Active Directory container used to organize a network's users and resources into logical administrative units.
operations master
An Active Directory domain controller with sole responsibility for certain domain or forestwide functions.
application directory partition
An Active Directory partition that applications and services use to store information that benefits from automatic Active Directory replication and security.
domain directory partition
An Active Directory partition that contains all objects in a domain, including users, groups, computers, OUs, and so forth.
object
In Active Directory, a group of information that describes a network resource, such as a shared printer, or an organizing structure, such as a domain or OU.
attribute value
Information stored in each attribute.
Active Directory
The Windows directory service that enables administrators to create and manage users and groups, set networkwide user and computer policies, manage security, and organize network resources.
domain
The core structural unit of Active Directory; contains OUs and represents administrative, security, and policy boundaries.
forest root domain
The first domain created in a new forest.
relative identifier (RID)
The part of a SID that's unique for each Active Directory object. See also security identifier (SID).
Active Directory replication
The transfer of information between and among all domain controllers to make sure they have consistent and up-to-date information.
domain controller (DC)
A Windows server that has Active Directory installed and is responsible for allowing client computers access to domain resources.
Directory Services Restore Mode (DSRM)
A boot mode used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally.
Group Policy Object (GPO)
A list of settings that administrators use to configure user and computer operating environments remotely through Active Directory.
Security Identifier (SID)
A numeric value assigned to each object in a domain that uniquely identifies the object; composed of a domain identifier, which is the same for all objects in a domain, and an RID.
forest
A collection of one or more Active Directory trees. A forest can consist of a single tree with a single domain, or it can contain several trees, each with a hierarchy of parent and child domains.
GPO scope
A combination of GPO linking, inheritance, and filtering that defines which objects are affected by the settings in a GPO.
replication partner
A domain controller configured to replicate another domain controller.
fully qualified domain name (FQDN)
A domain name that includes all parts of the name, including the top-level domain.
tree
A grouping of domains that share a common naming structure.
child domains
Domain that shares at least the top-level and second-level domain name structure as an existing domain in the forest; also called subdomain.
built-in user accounts
One of two user accounts created by Windows automatically during installation.