Windows Server Study Guide
Knowledge Consistency Checker (KCC)
A process that runs on every domain controller to determine the replication topology.
Lightweight Directory Access Protocol (LDAP)
A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects. It's based on a suite of protocols called X.500 developed by the International Telecommunications Union
directory partition
A section of an Active Directory database stored on a domain controller's hard drive. These sections are managed by different processes and replicated to other domain controllers in an Active Directory network.
right
A setting that specifies what types of actions a user can perform on a computer or network.
SYSVOL folder
A shared folder that stores information from Active Directory that's replicated to other domain controllers.
Flexible Single Master Operation (FSMO) role
A specialized domain controller task that handles operations that can affect the entire domain or forest. Only one domain controller can be assigned a particular FSMO role.
leaf object
A type of Active Directory object that doesn't contain other objects and usually represents a security account, network resource, or GPO.
domain user account
A user account created in Active Directory that provides a single logon for users to access all resources in the domain for which they have been authorized.
local user account
A user account defined on a local computer that's authorized to access resources only on that computer. Local user accounts are mainly used on standalone computers or in a workgroup network with computers that aren't part of an Active Directory domain.
user principal name (UPN)
A user logon name that follows the format username@domain. Users can use UPNs to sign in to their own domain from a computer that's a member of a different domain.
Intrasite replication
Active Directory replication between domain controllers in the same site.
intersite replication
Active Directory replication that occurs between two or more sites.
organizational unit (OU)
An Active Directory container used to organize a network's users and resources into logical administrative units.
operations master
An Active Directory domain controller with sole responsibility for certain domain or forestwide functions.
application directory partition
An Active Directory partition that applications and services use to store information that benefits from automatic Active Directory replication and security.
domain directory partition
An Active Directory partition that contains all objects in a domain, including users, groups, computers, OUs, and so forth.
configuration partition
An Active Directory partition that stores configuration information that can affect the entire forest, such as details on how domain controllers should replicate with one another.
global catalog partition
An Active Directory partition that stores the global catalog, which is a partial replica of all objects in the forest. It contains the most commonly accessed object attributes to facilitate object searches and user logons across domains.
assigned application
An application package made available to users via Group Policy and places a shortcut to the application in the Start screen. The application is installed automatically if a user tries to run it or opens a document associated with it. If the assigned application applies to a computer account, the application is installed the next time Windows boots.
published application
An application package made available via Group Policy for users to install by using Programs and Features in Control Panel. The application is installed automatically if a user tries to run it or opens a document associated with it.
trust relationship
An arrangement that defines whether and how security principals from one domain can access network resources in another domain.
extension
An item in a Group Policy Object (GPO) that allows an administrator to configure a policy setting.
Install from Media (IFM)
An option when installing a DC in an existing domain; much of the Active Directory database contents are copied to the new DC from media created from an existing DC.
site
In Active Directory, a physical location in which domain controllers communicate and replicate information regularly.
attribute value
Information stored in each attribute. See also schema attributes.
schema
Information that defines the type, organization, and structure of data stored in the Active Directory database.
Active Directory
The Windows directory service that enables administrators to create and manage users and groups, set network wide user and computer policies, manage security, and organize network resources.
domain
The core structural unit of Active Directory; contains OUs and represents administrative, security, and policy boundaries.
forest root domain
The first domain created in a new forest.
relative identifier (RID)
The part of a SID that's unique for each Active Directory object. See also security identifier (SID).
multimaster replication
The process for replicating Active Directory objects; changes to the database can occur on any domain controller and are propagated, or replicated, to all other domain controllers
Active Directory replication
The transfer of information between and among all domain controllers to make sure they have consistent and up-to-date information.
object
, a group of information that describes a network resource, such as a shared printer, or an organizing structure, such as a domain or OU.
domain controller (DC)
A Windows server that has Active Directory installed and is responsible for allowing client computers access to domain resources.
Directory Services Restore Mode (DSRM)
A boot mode used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally.
Schema classes
A category of schema information that defines the types of objects that can be stored in Active Directory, such as user or computer accounts.
Schema attributes
A category of schema information that defines what type of information is stored in each object.
tree
A grouping of domains that share a common naming structure.
Group Policy Object (GPO)
A list of settings that administrators use to configure user and computer operating environments remotely through Active Directory.
security identifier
A numeric value assigned to each object in a domain that uniquely identifies the object; composed of a domain identifier, which is the same for all objects in a domain, and an RID. See also relative identifier (RID)
Authentication
A process that confirms a user's identity, and the account is assigned permissions and rights that authorize the user to access resources and perform certain tasks on the computer or domain.
Permissions
Settings that define which resources users can access and what level of access they have to resources.
forest
A collection of one or more Active Directory trees. A forest can consist of a single tree with a single domain, or it can contain several trees, each with a hierarchy of parent and child domains.
GPO scope
A combination of GPO linking, inheritance, and filtering that defines which objects are affected by the settings in a GPO.
directory service
A database that stores information about a computer network and includes features for retrieving and managing that information.
schema directory partition
A directory partition containing the information needed to define Active Directory objects and object attributes for all domains in the forest.
fully qualified domain name (FQDN)
A domain name that includes all parts of the name, including the top-level domain.
child domains
Domain that shares at least the top-level and second-level domain name structure as an existing domain in the forest; also called subdomain.
built-in user accounts
One of two user accounts created by Windows automatically during installation.