General Flashcards
Access Control Entry (ACE)
An entry within an access control list (ACL) that grants or denies permissions to users or group for a given resource.
Access Control List (ACL)
A set of access control entries that define an object’s permission settings. ACLs enable administrator to explicitly control access to resources
what is Active Directory?
Active Directory provides a central location for network administration and security. Server computers that run Active Directory are called domain controllers. An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user
Active Directory Federation Services (AD FS)
A new set of technologies in Windows Server 2003 R2 and enhanced in Windows Server 2008 that enables partner companies to access Active Directory resources across the Internet in a trusted manner, without having to have user accounts in the resource domain
Active Directory - integrated zone
A DNS zone that is hosted on a domain controller and stored in one or more AD DS application directory partitions and replicated with AD DS.
Active Directory Lightweight Directory Services (AD LDS)
An update to ADAM that provides directory services for directory-enabled applications on Windows networks without the need for deploying additional domain or domain controllers
Active Directory Migration Tool (ADMT)
A utility that enables you to move objects such as users, groups, and computer from a Windows NT 4.0 domain to an Active Directory domain or to move objects between Active Directory domain in the same or different forests. This tools removes the manual work required to disjoin old domains and join the new domain.
Active Directory Rights Management Services (AD RMS)
A directory service that uses a certification base to confirm the identity of users of information on the network, thereby enabling you to create and work with rights-protected information and ensure that only authorized users have access to these items
Active Directory Users and Computers
primary systems administrator utility for managing users, groups, and computers in a Windows Server 2008 domain, implemented as a Microsoft Management Console (MMC) snap-in
Adprep
A utility that prepares a Windows 2000 or Windows Server 2003 forest or domain for receiving domain controllers running Windows Server 2008. it has several parameters, the most important of which are /forestprep, which prepares the forest, /domainprep, which prepares the domain, and /rodcprep, which prepares the domain for receiving red-only domain controllers (RODC).
AGDLP
An acronym that stands for Microsoft’s recommendation of placing Accounts into Global groups, placing these groups into Domain local groups, and granting Permissions to the domain local group
auditing
A security process that tracks the usage of selected network resources, typically storing the results in a log file. Splunk can be used
auditpol.exe
A command-line tool that enables you to configure audit policy settings and directory service auditing subcategories
authentication
The process by which a server validates a user’s logon credentials so that access to a network resource can be granted or denied
baseline
A term associated with performance monitoring, this is the initial result of monitoring typical network and server performance under a normal load. All future results are measure against the baseline readings. A baseline will typically have performance readings for the processor(s), memory, disk subsystem, and network subsystem.
Bridgehead Server
The contact point for the exchange of directory information between Active Directory sites. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.
Certification Authority (CA)
A trusted authority either within a network or a third-party company that manages security credentials such that is guarantees the user object holding a certificate is who it claims to be.
Certificate Enrollment
The process by which users and computer can be given permission to make requests for certificates, retrieve existing certificates, and renew expired certificates. Each CA that is installed on a server has web pages that users can access to submit basic and advanced certificate requests.
Certificate Revocation List (CRL)
A document published by a CA that lists certificates that have been issued but no longer valid. By default, the CA publishes the CRL on a weekly basis.
Certificate Template
Provided by AD CS to simplify the process of requesting and issuing certificates for various purposes. Each template contains the rules and settings that must be in place to create a certificate of a certain type. Certificate templates are available only on enterprise root and subordinate CAs.
Computer Configuration
The portion of a Group Policy object that allows for computer policies to be configured and applied.
Conditional Forwarding
The relaying of a DNS request for zone information for specific domains from one server to another when the first server is unable to process the request.
Connection object
An Active Directory object stored on domain controllers that is used to represent inbound replication links. Domain controllers create their own connection objects for intrasite replication through the Knowledge Consistency Checker (KCC), whereas only a single domain controller in a site creates connection objects for interstice replication, through the Intersite Topology Generator.
Container
An object in Active Directory that is capable of holding other objects. An example of a container would be the Users folder in Active Directory Users and Computers
Credential Caching
The storing of a limited set of passwords on an RODC. You can configure credential caching to store only those passwords of users who are authorized to log on at a given RODC.
CRL
Certificate Revocation List (CRL)
DCPROMO
The command-line utility used to promote a Windows Server 2008 system to a domain controller. DCPROMO can also be used to demote a domain controller to a member server.
csvde
A utility that imports comma-separated text files into the AD DS database. You can use this utility to automate the bulk creation of user or group accounts
Delegation
The process of offloading the responsibility for a given task or set of tasks to another user or group. Delegation in Windows Server 2008 usually involves granting permission to someone else to perform a specific administrative task such as creating computer accounts.
Distributed File System (DFS)
A Windows Server 2008 service that allows resources from multiple server locations to be presented through Active Directory as a contiguous set of files and folders, resulting in more ease of use of network resources for user.
Dynamic Host Configuration Protocol (DHCP)
A service that allows an administrator to specify a range of valid IP addresses to be used on a network, as well as exclusion IP addresses that should not be assigned (for example, if they were already statically assigned elsewhere). These addresses are automatically given out to computers configured to use DHCP as they boot up on the network, thus saving the administrator from having to configure static IP addresses on each network device.
Directory
A database that contains any number of different types of data. In Windows Server 2008, Active Directory is a database that contains information about objects in the domain, such as computer, users, groups, and printers.
Directory Service (DS)
Provides the methods of storing directory data and making that data available to other directory objects. A directory service makes it possible for users to find any object in the directory given any one of its attributes
Distinguished name
The name that uniquely identifies an object. A distinguished name is composed of the relative distinguished name, the domain name, and the container holding the object. An example would be CN=AnyUser,CN=Examcram,CN=COM. This refers to the AnyUser user account in the examcram.com domain
Distribution Group
An Active Directory group of user accounts or other groups used strictly for email distribution. A distribution group cannot be used to grant permissions to resources. That type of group is called a security group.
dnscmd
A command-line tool that can perform most of the DNS server administrative tasks in Windows Server 2008
Domain
A logical grouping of Windows Server 2008 computers, users, and groups that share a common directory database. Domains act as a security boundary and are defined by an administrator.
Domain Controller (DC)
A server that is capable of performing authentication. In Windows Server 2008, a domain controller holds an editable copy of the Active Directory database.
Domain Functional Level
Windows Server 2008 domains can operate at one of three functional levels: Windows 2000 native, Windows Server 2003 native, or the Windows Server 2008 functional level. Each functional level has different trade-offs between features and limitations
Domain Local Group
A domain local group can contain other domain local groups from its own domain, as well as global groups from any domain in the forest. A domain local group can be used to assign permissions to resources located in the same domain as the group.
Domain Name System (DNS)
A hierarchical name-resolution system that resolves host names (fully qualified domain names, FQDNs) into IP addresses and vice versa. DNS also makes it possible for the distributed Active Directory data-base to function, by allowing clients to query the locations of services in the forest and domain.
Domain Naming Master
One of the two forestwide flexible single master operations (FSMO) roles, the Domain Naming Master’s job is to ensure domain name uniqueness within the forest.
Domain User Account
A user account that is stored in the AD DS database. It permits a user to log on to any computer in the domain where it is located or a trusted domain.
dsadd
A command-line tool that enables you to add objects such as users, groups, contacts, or computer to the AD DS database.
Dynamic Domain Name System (DDNS)
An extension of the DNS that allows Windows 2000 and later systems to automatically register their A records (by themselves or by the DHCP server) with DNS at the time they obtain an IP address from a DHCP server.
Enterprise CA
A CA that is integrated with AD DS. Enterprise CA’s replicate certificates with AD DS replication and require that users be authenticated.
External Trust
A trust relationship created between a Windows Server 2008 Active Directory domain and a Windows NT 4 domain, or between Active Directory domains in different forests.
Federation Trust
In AD FS, a relationship between two organizations that allows for access to web-based applications without establishing an external or forest trust between the organizations’ domains.
File Replication Service (FRS)
A service that provides multimaster replication between specified domain controllers within an Active Directory tree.
Fine-Grained password policies
A new feature of Windows Server 2008 that enables you to configure password policies that apply only to specific users or groups within a domain.
Firewall
A hardware or software security system that limits access to network resources across subnets. Typically, a firewall is used between a private network and the Internet to prevent outsiders from accessing the private network. The firewall also limits what Internet services users of the private network can access.
Flexible single-master operations (FSMO)
Five roles that are required by Windows Server 2008 not to follow the typical multimaster model and instead are hosted on only a single domain controller in each domain, in the case of the Infrastructure Master, PDC Emulator, and RID Master, or on only a single domain controller in the forest, in the case of the Domain Naming Master and the Schema Master.
Folder Redirection
A Windows Server 2008 feature that allows special folders, such as My Documents, on local Windows XP Professional or Vista Business/Enterprise/Ultimate system hard drives to be redirected to a shared network location.
Forest
A grouping of Active Directory trees that have a trust relationship between them. Forests can consist of a noncontiguous namespace and, unlike domains and trees, do not have to be given a specific name.
Forest Functional Level
The three forest functional levels are Windows 2000, Windows Server 2003, and Windows Server 2008. The default forest functional level is Windows 2000. When the forest functional level is raised to Windows Server 2003 or Windows Server 2008, advanced forestwide Active Directory features are available according to the level chosen.
Forest Root
The first domain created in a forest.
Forest Trust
A trust relationship established between two Active Directory forests
Forward Lookup Query
A DNS name-resolution process by which a hostname is resolved to an IP address
Forwarding
The relaying of a DNS request from one server to another, when the first server is unable to process the request.
FQDN (Fully Qualified Domain Name)
A DNS domain name that unambiguously describes the location of the host within a domain tree. An example of an FQDN would be the computer www.examcram.com
Functional Level
A concept introduced in Windows Server 2003 that determines what level of features and interoperability with other Windows operating systems is available in a domain or forest. In Windows 2000, functional levels were referred to as modes.
Global Catalog (GC)
Contains a partial replica of every Windows Server 2008 domain object within the Active Directory, enabling users to find any object in the directory. The partial replica contains the most commonly used attributes of an object, as well as information on how to locate a complete replica elsewhere in the directory, if needed.
Global Catalog Server
The Windows Server 2008 server that holds the Global Catalog for the forest
Global Group
A global group can contain users from the same domain in which the group is located, and global groups can be added to domain local groups to control access to network resources.
Globally Unique Identifier (GUID)
A hexadecimal number supplied by the manufacturer of a product that uniquely identifies the hardware or software. A GUID is in the form of eight characters, followed by three sets of four characters, followed by 12 characters. For example, {15DEF489-AE24-10BF-C11A-00BB844CE637} is a valid format for a GUID (braces included) A namespace , such as with DNS, that can be partitioned out in the form of a tree. This allows great flexibility in using a domain name because any number of subdomains can be created under a parent domain.
gpresult
A command-line utility that displays information about the current effect Group Policy has had on the local computer and logged-in user account.
Group Policy Object (GPO)
A collection of policies that apply to a specific target, such as the domain itself (Default Domain Policy) or an Organizational Unit (OU). GPOs are modified through the Group Policy Editor to define policy settings.
Group Policy
The Windows Server 2008 feature that allows for policy creation, which affects domain users and computer. Policies can be anything from desktop settings to application assignments to security settings and more.