Chapter 4: Introduction to Active Directory and Account Management Flashcards
A Windows Server 2003 0r 2008 Server that contains a full copy of the Active Directory infornation, is used to add a new object to Active Directory, and replicates all changes made to it so the changes are updated on every DC in the same domain.
Directory Service
A Windows Server 2003 0r 2008 Server that contains a full copy of the Active Directory infornation, is used to add a new object to Active Directory, and replicates all changes made to it so the changes are updated on every DC in the same domain.
Domain Controller (DC)
A server on an Active Directory managed network that is not installed to have Active Directory.
Member Server
Windows Server 2003 and 2008 networks can have multiple servers called DCs that store Active Directory information and replicate it to each other. Because each DC acts as a master, replication does not stop when one DC is down, and updates to Active Directory continue, for example creating a new account.
Multimaster Replication
A network resource, such as a server or user account, that has distinct attributes or properties, is defined in a domain, and exists in Active Directory.
Object
Elements used in the definition of each object contained in Active Directory, including the object class and it’s attributes.
Schema
A repository for all objects and the most frequently used attributes for each object in all domains. Each forest has a single global catalog that can be replicated on multiple servers.
Global Catalog
A unique number, up to 16 characters long, that is associated with an Active Directory object.
Globally Unique Identifier (GUID)
A namespace in which every child object has a portion of it’s name from it’s parent object
Contiguous Namespace
A namespace in which the child object name does not resemble the parent object name.
Disjointed Namespace
A process used to translate a computer’s logical or host name into a network address, such as to a dotted decimal address associated with a computer - and vice versa.
Name Resolution
A logical area on a network that contains directory services and named objects, and that has the ability to perform name resolution.
Namespace
An active directory object that houses other objects, such as a tree that houses domains or a domain that houses organizational units.
Container
A grouping of Active Directory trees that each have contiguous namespaces within their own domain structure, but that have disjointed namespaces between trees. The trees and their domains use the same schema and global catalog.
Forest
A forest-wide setting that refers to the types of domain controllers in a forest, which can be any combination of Windows 2000 Server, Windows Server 2003, or Windows Server 2008. The level also reflects the types of Active Directory services and functions supported.
Forest Functional Level
Set of two-way trusts between two or more domains
(or forests in a forest trust) in which Kerberos security is used.
Kerberos Transitive Trust Relationship
A trust relationship between 2 or more domains in a tree, in which each domain has access to objects in others.
Transitive Trust
Related domains that use a contiguous namespace, share the same schema, and have 2 way transitive trust relationships.
Tree
A domain relationship in which both domains are trusted and trusting, enabling one to have have access to objects in the other.
Two-Way Trust
A grouping of objects that typically exists as a logical Partition and primary container within Active Directory
Domain
Refers to the Windows Server operating systems on domain controllers and the domain-specific functions they support. Depending on the functional level, one, two, or all of the following operating systems are supported: Windows 2000 Server, Windows Server 2003, and Windows Server 2008.
Domain Functional Level
A grouping of objects within a domain that provides a means to establish specific policies for governing those objects, and that enables object management to be delagated.
Organizational Unit (OU)
An option in Active Directory to interconnect IP subnets so that the server can determine the fastest route to connect clients for authentication and to connect DCs for replication of Active Directory. _____ information also enables Active Directory to create redundant routes for DC replication.
Site
A domain controller at each Active Directory site with access to a site network link, which is designated as the DC to exchange replication information. There is only 1 _____ _____ per site.
Bridgehead Server
Establishes a one or two-way trust between a domain outside a forest and a domain within a forest.
External Trust
Creates a one or two-way trust between a domain in a Windows Server forest and a group of non-Windows Server computers such as UNIX/Linux computers. The Windows Server and non-Windows Server computers must all be configured for Kerberos version 5 (or above) authentication services.
Realm Trust
A list of users that enables one email message to be sent to all users on the list. A _____ _____ is not used for security and thus cannot appear in an access control list (ACL).
Distribution Group
Creates a trust between 2 domains in 2 different forests and is typically used to enable faster access between lower level or child domains in different forests.
Shortcut Trust
The reach of a type of group, such as access to resources in a single domain or access to all resources in all domains in a forest (see domain local, global, and universal security groups). (Another meaning for the word _____ in the beginning through ending IP addresses defined in a DHCP server for use by DHCP clients; See chapter 8).
Scope of Influence (Scope)
Used to assign a group of users permission to access network resources.
Security Group
A group of user accounts that is used to manage resources on a stand alone computer.
Local Security Group
A list of all security descriptors (privelages) that have been set up for a particular object, such as for a shared folder or a shared printer.
Access Control List (ACL)
A group that is used to manage resources - shared folders and printers, for example - in it’s home domain, and that is primarily used to give global groups access to those resources.
Domain Local Security Group
A group that typically contains user accounts for it’s home domain, and that is a member of domain local groups in the same or other domains, so as to give that global group’s member accounts access to the resources defined to the domain local groups.
Global Security Group
A desktop setup that is associated with one or more accounts to determine what startup programs are used, additional desktop icons, and other customizations. A user profile is local to the computer on which it is stored.
Local User Profile
A user profile set up by the server administrator that is loaded from the server to the client each time the user logs on; changes that the user makes to the profile are not saved.
Mandatory User Profile
A domain controller that houses Active Directory information, but cannot be updated, such as to create a new account. This specialized domain controller receives updates from regular DCs, but does not replicate to any DCs because it is read-only by design.
Read-Only Domain Controller (RODC)
Desktop settings that are associated with an account so that the same settings are employed no matter which server is used to access the account (the profile is downloaded to the client from a server).
Roaming Profile
A group that is used to provide access to resources in any domain within a forest. A common implementation is to make global groups that contain accounts members of a universal group that has access to resources.
Universal Security Group
