MCSA Exam 70-742, Chapter 1 - Introducing Active Directory - Terms
GPO scope
A property of GPO processing that defines which objects a GPO affects.
multimaster replication
A replication system where updates can be performed on any server and are replicated to all other servers.
directory partition
A section of an Active Directory database stored on a domain controller's hard drive. These sections are managed by different processes and replicated to other domain controllers in an Active Directory network.
domain user account
A user account created in Active Directory that provides a single logon for users to access all resources in the domain for which they have been authorized.
local user account
A user account that is stored in the Security Account Manager (SAM) database on the local computer.
intrasite replication
Active Directory replication between domain controllers in the same site.
organizational unit - OU
An Active Directory container used to organize a network's users and resources into logical administrative units.
operations master
An Active Directory object which is a specialized domain controller that performs certain tasks so that multi-master domain controllers can operate and synchronize properly.
schema directory partition
An Active Directory partition that contains the information needed to define objects and object attributes for all domains in the forest.
assigned application
An application package made available to users via Group Policy and places a shortcut to the application in the Start screen. The application is installed automatically if a user tries to run it or opens a document associated with it. If the assigned application applies to a computer account, the application is installed the next time Windows boots.
published application
An application package made available via Group Policy for users to install by using Programs and Features in Control Panel. The application is installed automatically if a user tries to run it or opens a document associated with it.
trust relationship
An arrangement that defines whether and how security principals from one domain can access network resources in another domain.
extension
An item in a GPO that allows an administrator to configure a policy setting.
Install from media - IFM
An option when installing a DC in an existing domain; much of the Active Directory database contents are copied to the new DC from media created from an existing DC.
Knowledge Consistency Checker - KCC
Application data partition replicas are managed using the _________, which ensures that the designated domain controllers receive updated replica information.
Access tokens
Assigned to users during logon and contains SIDs
Active Directory forest
Has the following attributes: * Can contain trees with different naming structures * Allows independent domain administration * Represents the broadest element in Active Directory
leaf object
In Active Directory Domain Services, an object, such as a user or computer, which is incapable of containing any other object.
attribute value
Information stored in each attribute
Kerberos Delegation
Is a feature of Kerberos authentication that allows a service to "impersonate" a client, relieving the client from having to authenticate to more than one service. If a client has authenticated to a service successfully, the service can then use the user's credentials to authenticate to another service on the client's behalf.
configuration partition
The Active Directory partition that holds general information about the Active Directory forest and application configuration information. It is replicated to all domain controllers in the Active Directory forest.
Active Directory
The Windows directory service that enables administrators to create and manage users and groups, set network-wide user and computer policies, manage security, and organize network resources.
tree
The connected graph structure of Active Directory.
domain
The core logical structure container in Active Directory.
forest root domain
The first domain created in an Active Directory forest.
relative identifier - RID
The part of a SID that's unique for each Active Directory object. See also security identifier - SID.
Active Directory replication
The transfer of information among domain controllers to make sure all domain controllers have consistent and up-to-date information.
user principal name - UPN
is a type of logon identification suffix that allows a user to log on using an e-mail address style name
right
is the attribute that specifies what types of actions a user can perform on a computer or network?
global catalog partition
it is the Active Directory directory partition that holds the DNS database.
schema
it is the attribute that all domains in the same forest have in common?
built-in user account
the administrator and guest user accounts are examples of?
authentication
verifying the identity of the person or device attempting to access the system
Security Identifier - SID
- An entry in windows access control that is a unique number issued to the user for security. - A unique identifier assigned to all users, computers and security groups.
Kerberos
- The primary authentication protocol for AD DS
domain controller (DC)
A Windows Server that contains a full copy of the Active Directory information, is used to add a new object to Active Directory, and replicates all changes made to it so the changes are updated on every DC in the same domain.
Directory Services Restore Mode - DSRM
A boot mode used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally.
schema classes
A category of schema information that defines the types of objects that can be stored in Active Directory, such as user or computer accounts.
schema attributes
A category of schema information that defines what type of information is stored in each object.
Lightweight Directory Access Protocol - LDAP
A client/server-based directory query protocol loosely based upon X.500, commonly used for managing user information
Group Policy Object - GPO
A list of settings that administrators use to configure user and computer operating environments remotely through Active Directory.
site
A physical location in which domain controllers communicate and replicate information regularly.
intersite replication
Process of replicating Active Directory information from one site to another.
Flexible Single Master Operation - FSMO roles
Specialized domain controller tasks that handle operations that can affect the entire domain or forest. Only one domain controller can be assigned a particular FSMO.
permissions
define who can access certain resources and defines the level of access to those resources.
directory service
A database that stores information about a computer network and includes features for retrieving and managing that information.
application directory partition
A directory partition that applications and services use to store information that benefits from automatic Active Directory replication and security.
domain directory partition
A directory partition that contains all objects in a domain, including users, groups, computers, OUs, and so forth.
replication partner
A domain controller configured to replicate with another domain controller.
child domain
A domain established within another domain in a Windows Server domain tree.
fully qualified domain name - FQDN
Domain name that specifies its exact location in the tree hierarchy of the domain names system.
Access Control List (ACL)
Part of files, folders, and directory objects that grant access to users, groups, and computers.
SYSVOL folder
a shared folder containing file-based information that's replicated to other domain controllers
Security principal
any object with a SID
object
anything that is visible, tangible, and stable in form which has different attributes.