windows Server 2008 Active Directory Domain Services Lesson 1
Publish
1) An option that allows users to access network resources by searching the Active Directory database for the desired resource. 2) An option used to deploy applications. It allows users to install the applications that they consider useful to them.
LDAP was developed in the early
1990s by the Internet Engineering Task Force (IETF) to facilitate the implementation of X.500 in email. (X.500 is the standard that defines how global directories should be structured and organized.)
Active Directory is theoretically scalable to holding
4,294,967,041 (232 - 255) separate objects.
globally unique identifier (GUID)
A 128-bit hexadecimal number that is assigned to every object in the Active Directory forest upon its creation. This number does not change even when the object itself is renamed.
organizational unit (OU)
A container that represents a logical grouping of resources that have similar security or administrative guidelines.
Read-Only Domain Controller (RODC) A domain controller that contains a copy of the ntds.dit file that cannot be modified and that does not replicate its changes to other domain controllers within Active Directory. This feature was introduced in Windows Server 2008.
A domain controller that contains a copy of the ntds.dit file that cannot be modified and that does not replicate its changes to other domain controllers within Active Directory. This feature was introduced in Windows Server 2008.
shortcut trust
A manually created nontransitive trust that allows child domains in separate trees to communicate more efficiently by eliminating the tree-walking of a trust path.
external trust
A one-way, non transitive trust that is established with a Windows NT domain or a Windows 2000 domain in a separate forest.
application partition
A partition that allows information to be replicated to administratively chosen domain controllers. An example of information that is commonly stored in an application partition is DNS data. Application partitions offer control over the scope and placement of information that is to be replicated
domain controller (DC)
A server that stores the Active Directory database and authenticates users with the network during logon.
locator service
Active Directory DNS provides direction for network clients that need to know which server performs what function.
Domain NC
Active Directory domain partition that is replicated to each domain controller within a particular domain. Each domain's Domain NC contains information about the objects that are stored within that domain: users, groups, computers, printers, Organizational Units, and more.
delegation
Administration of an Organizational Unit is tasked to a departmental supervisor or manager, thus allowing that person to manage day-to-day resource access as well as more mundane tasks, such as resetting passwords.
directory service
Allows businesses to define, manage, access, and secure network resources, including files, printers, people, and applications.
naming context (NC)
An Active Directory partition.
object
An element in Active Directory that refers to a resource. Objects can be container objects or leaf objects. Containers are used to organize resources for security or organizational purposes; leaf objects refer to the end- node resources, such as users, computers, and printers.
Knowledge Consistency Checker (KCC)
An internal Active Directory process that automatically creates and maintains the replication topology. The KCC operates based on the information provided by an administrator in the Active Directory Sites and Services snap-in, which is located in the Administrative Tools folder on a domain controller, or an administrative workstation that has the Administrative Tools installed.
leaf object An object, such as a domain or an Organizational Unit, that is used to organize other objects. Also known as a container object.
An object, such as a domain or an Organizational Unit, that is used to organize other objects. Also known as a container object.
container object
An object, such as a domain or an Organizational Unit, that is used to organize other objects. Also known as a leaf object.
attribute
Characteristics associated with an object class in Active Directory that make the object class unique within the database. The list of attributes is defined only once in the schema, but the same attribute can be associated with more than one object class.
functional levels
Designed to offer support for Active Directory domain controllers running various supported operating systems by limiting functionality to specific software versions. As legacy domain controllers are decommissioned, administrators can modify the functional levels to expose new functionality within Active Directory. Some features in Active Directory cannot be activated, for example, until all domain controllers in a forest are upgraded to a specific level.
Domain rename.
Domains can be renamed within this functional level to accommodate major design changes on your network.
trust relationship
Enables administrators from a particular domain to grant access to their domain's resources to users in other domains.
Improved Intersite Topology Generator (ISTG).
ISTG is the process used to initiate the creation and management of the replication topology between sites. In Windows 2000, this feature was limited by the number of sites in the forest. In Windows Server 2003, this feature scales to allow a greater number of sites.
domain tree
In Active Directory, a logical grouping of network resources and devices that can contain one or more domains configured in a parent-child relationship. Each Active Directory forest can contain one or more domain trees, each of which can, in turn, contain one or more domains.
Improved replication of group objects.
In Windows 2000, whenever you make a change to the member list of a group object, the entire member list is replicated throughout the domain. By raising the forest functional level to Windows Server 2003, Active Directory can take advantage of link-value replication, which will replicate only the portions of the member list that have actually been added, modified, or deleted.
loose consistency
Individual domain con- trollers in an Active Directory database may contain slightly different infor- mation, because it can take anywhere from a few seconds to several hours for changes to replicate throughout a given environment.
Application Directory partitions.
Like the Windows 2000 native domain functionality, this allows a separate replication partition for application data that does not need to be globally available. It allows greater control over the scope of replication within a network.
schema
Master database that contains definitions of all objects in the Active Directory.
inbound replication
Occurs when a domain controller receives updates to the Active Directory database from other domain controllers on the network.
outbound replication
Occurs when a domain controller transmits replication information to other domain controllers on the network.
site
One or more IP subnets connected by fast links.
partition
Portion of Active Directory database used to divide the database into manageable pieces.
fault tolerant
The ability to respond gracefully to a software or hardware failure. In particular, a system is considered to be fault tolerant when it has the ability to continue providing authentication services after the failure of a domain controller.
Configuration NC
The configuration partition contains information regarding the physical topology of the network, as well as other configuration data that must be replicated throughout the forest.
forest root domain
The first domain created within an Active Directory forest.
distinguished name (DN)
The full name of an object that includes all hierarchical containers leading up to the root domain. The distinguished name begins with the object's common name and appends each succeeding parent container object, reflecting the object's location in the Active Directory structure.
User objects can be converted to inetOrgPerson objects.
The inetOrgPerson object is used by non-Microsoft LDAP directory services, such as Novell. This new base object in Windows Server 2003 allows easier migration of objects from these other platforms. • Schema deactivations. Windows Server 2003 allows you to deactivate (though not delete) classes or attributes that have been added to the schema.
forest
The largest container object within Active Directory. The forest container defines the fundamental security boundary within Active Directory, which means that a user can access resources across an entire Active Directory forest using a single logon/ password combination
SRV record
The locator records within DNS that allows clients to locate an Active Directory domain controller or global catalog.
Domain Name System (DNS)
The name resolution mechanism computers use for all Internet communications and for private networks that use the Active Directory domain services included with Microsoft Windows Server 2008, Windows Server 2003, and Windows 2000 Server.
Schema NC
The partition that contains the rules and definitions used for creating and modifying object classes and attributes within Active Directory.
replication
The process of keeping each domain controller in sync with changes made elsewhere on the network.
Lightweight Directory Access Protocol (LDAP)
The protocol that has become an industry standard that enables data exchange between directory services and applications. The LDAP standard defines the naming of all objects in the Active Directory database and, therefore, provides a directory that can be integrated with other directory serv- ices, such as Novell eDirectory, and Active Directory-aware applications, such as Microsoft Exchange.
Universal group caching.
This feature allows users to log on to a domain at a remote site without having a global catalog server present in that site.
Dynamic auxiliary class objects.
This is a new schema modification option that provides support for dynamically linking auxiliary classes to individual objects. Prior to this functionality, an auxiliary class object could be linked only to an entire class of objects.
Install from Media
This is the same feature that was described in the Windows 2000 native domain functional level. It allows servers to be promoted to domain controllers using a backup replica from another domain controller.
Cross-forest trusts permitted
This trust type was introduced in Windows Server 2003 and allows resources to be shared between Active Directory forests.
cross-forest trust
Trust type that allows resources to be shared between Active Directory forests.
rolling upgrades
Upgrade strategy based on functional levels that allows enterprises to migrate their Active Directory domain controllers gradually, based on the need and desire for the new functionality.
link-value replication
When a change is made to the member list of a group object, only the portion of the member list that has been added, modified, or deleted will be replicated.
Schema deactivations.
Windows Server 2003 allows you to deactivate (though not delete) classes or attributes that have been added to the schema.
Active Directory Domain Services (AD DS)
Windows Server 2008 service that provides a centralized authentication service for Microsoft networks. Provides the full fledged directory service that is called Active Directory in Windows Server 2008 and previous versions of Windows Server.
When you configure a Windows 2008 Server as an Active Directory domain controller, you will see the following tools added to the Administrative Tools folder:
• Active Directory Users and Computers • Active Directory Domains and Trusts • Active Directory Sites and Services • ADSI Edit