General Flashcards
Access Control Entry (ACE)
An entry within an access control list (ACL) that grants or denies permissions to users or group for a given resource.
Access Control List (ACL)
A set of access control entries that define an object’s permission settings. ACLs enable administrator to explicitly control access to resources
what is Active Directory?
Active Directory provides a central location for network administration and security. Server computers that run Active Directory are called domain controllers. An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user
Active Directory Federation Services (AD FS)
A new set of technologies in Windows Server 2003 R2 and enhanced in Windows Server 2008 that enables partner companies to access Active Directory resources across the Internet in a trusted manner, without having to have user accounts in the resource domain
Active Directory - integrated zone
A DNS zone that is hosted on a domain controller and stored in one or more AD DS application directory partitions and replicated with AD DS.
Active Directory Lightweight Directory Services (AD LDS)
An update to ADAM that provides directory services for directory-enabled applications on Windows networks without the need for deploying additional domain or domain controllers
Active Directory Migration Tool (ADMT)
A utility that enables you to move objects such as users, groups, and computer from a Windows NT 4.0 domain to an Active Directory domain or to move objects between Active Directory domain in the same or different forests. This tools removes the manual work required to disjoin old domains and join the new domain.
Active Directory Rights Management Services (AD RMS)
A directory service that uses a certification base to confirm the identity of users of information on the network, thereby enabling you to create and work with rights-protected information and ensure that only authorized users have access to these items
Active Directory Users and Computers
primary systems administrator utility for managing users, groups, and computers in a Windows Server 2008 domain, implemented as a Microsoft Management Console (MMC) snap-in
Adprep
A utility that prepares a Windows 2000 or Windows Server 2003 forest or domain for receiving domain controllers running Windows Server 2008. it has several parameters, the most important of which are /forestprep, which prepares the forest, /domainprep, which prepares the domain, and /rodcprep, which prepares the domain for receiving red-only domain controllers (RODC).
AGDLP
An acronym that stands for Microsoft’s recommendation of placing Accounts into Global groups, placing these groups into Domain local groups, and granting Permissions to the domain local group
auditing
A security process that tracks the usage of selected network resources, typically storing the results in a log file. Splunk can be used
auditpol.exe
A command-line tool that enables you to configure audit policy settings and directory service auditing subcategories
authentication
The process by which a server validates a user’s logon credentials so that access to a network resource can be granted or denied
baseline
A term associated with performance monitoring, this is the initial result of monitoring typical network and server performance under a normal load. All future results are measure against the baseline readings. A baseline will typically have performance readings for the processor(s), memory, disk subsystem, and network subsystem.
Bridgehead Server
The contact point for the exchange of directory information between Active Directory sites. The bridgehead server receives information replicated from other sites and replicates it to its site’s other domain controllers. It ensures that the greatest portion of replication occurs within sites rather than between them.
Certification Authority (CA)
A trusted authority either within a network or a third-party company that manages security credentials such that is guarantees the user object holding a certificate is who it claims to be.
Certificate Enrollment
The process by which users and computer can be given permission to make requests for certificates, retrieve existing certificates, and renew expired certificates. Each CA that is installed on a server has web pages that users can access to submit basic and advanced certificate requests.
Certificate Revocation List (CRL)
A document published by a CA that lists certificates that have been issued but no longer valid. By default, the CA publishes the CRL on a weekly basis.
Certificate Template
Provided by AD CS to simplify the process of requesting and issuing certificates for various purposes. Each template contains the rules and settings that must be in place to create a certificate of a certain type. Certificate templates are available only on enterprise root and subordinate CAs.
Computer Configuration
The portion of a Group Policy object that allows for computer policies to be configured and applied.
Conditional Forwarding
The relaying of a DNS request for zone information for specific domains from one server to another when the first server is unable to process the request.
Connection object
An Active Directory object stored on domain controllers that is used to represent inbound replication links. Domain controllers create their own connection objects for intrasite replication through the Knowledge Consistency Checker (KCC), whereas only a single domain controller in a site creates connection objects for interstice replication, through the Intersite Topology Generator.
Container
An object in Active Directory that is capable of holding other objects. An example of a container would be the Users folder in Active Directory Users and Computers
Credential Caching
The storing of a limited set of passwords on an RODC. You can configure credential caching to store only those passwords of users who are authorized to log on at a given RODC.
CRL
Certificate Revocation List (CRL)
DCPROMO
The command-line utility used to promote a Windows Server 2008 system to a domain controller. DCPROMO can also be used to demote a domain controller to a member server.
csvde
A utility that imports comma-separated text files into the AD DS database. You can use this utility to automate the bulk creation of user or group accounts
Delegation
The process of offloading the responsibility for a given task or set of tasks to another user or group. Delegation in Windows Server 2008 usually involves granting permission to someone else to perform a specific administrative task such as creating computer accounts.
Distributed File System (DFS)
A Windows Server 2008 service that allows resources from multiple server locations to be presented through Active Directory as a contiguous set of files and folders, resulting in more ease of use of network resources for user.
Dynamic Host Configuration Protocol (DHCP)
A service that allows an administrator to specify a range of valid IP addresses to be used on a network, as well as exclusion IP addresses that should not be assigned (for example, if they were already statically assigned elsewhere). These addresses are automatically given out to computers configured to use DHCP as they boot up on the network, thus saving the administrator from having to configure static IP addresses on each network device.
Directory
A database that contains any number of different types of data. In Windows Server 2008, Active Directory is a database that contains information about objects in the domain, such as computer, users, groups, and printers.
Directory Service (DS)
Provides the methods of storing directory data and making that data available to other directory objects. A directory service makes it possible for users to find any object in the directory given any one of its attributes
Distinguished name
The name that uniquely identifies an object. A distinguished name is composed of the relative distinguished name, the domain name, and the container holding the object. An example would be CN=AnyUser,CN=Examcram,CN=COM. This refers to the AnyUser user account in the examcram.com domain
Distribution Group
An Active Directory group of user accounts or other groups used strictly for email distribution. A distribution group cannot be used to grant permissions to resources. That type of group is called a security group.
dnscmd
A command-line tool that can perform most of the DNS server administrative tasks in Windows Server 2008
Domain
A logical grouping of Windows Server 2008 computers, users, and groups that share a common directory database. Domains act as a security boundary and are defined by an administrator.
Domain Controller (DC)
A server that is capable of performing authentication. In Windows Server 2008, a domain controller holds an editable copy of the Active Directory database.
Domain Functional Level
Windows Server 2008 domains can operate at one of three functional levels: Windows 2000 native, Windows Server 2003 native, or the Windows Server 2008 functional level. Each functional level has different trade-offs between features and limitations
Domain Local Group
A domain local group can contain other domain local groups from its own domain, as well as global groups from any domain in the forest. A domain local group can be used to assign permissions to resources located in the same domain as the group.
Domain Name System (DNS)
A hierarchical name-resolution system that resolves host names (fully qualified domain names, FQDNs) into IP addresses and vice versa. DNS also makes it possible for the distributed Active Directory data-base to function, by allowing clients to query the locations of services in the forest and domain.
Domain Naming Master
One of the two forestwide flexible single master operations (FSMO) roles, the Domain Naming Master’s job is to ensure domain name uniqueness within the forest.
Domain User Account
A user account that is stored in the AD DS database. It permits a user to log on to any computer in the domain where it is located or a trusted domain.
dsadd
A command-line tool that enables you to add objects such as users, groups, contacts, or computer to the AD DS database.
Dynamic Domain Name System (DDNS)
An extension of the DNS that allows Windows 2000 and later systems to automatically register their A records (by themselves or by the DHCP server) with DNS at the time they obtain an IP address from a DHCP server.
Enterprise CA
A CA that is integrated with AD DS. Enterprise CA’s replicate certificates with AD DS replication and require that users be authenticated.
External Trust
A trust relationship created between a Windows Server 2008 Active Directory domain and a Windows NT 4 domain, or between Active Directory domains in different forests.
Federation Trust
In AD FS, a relationship between two organizations that allows for access to web-based applications without establishing an external or forest trust between the organizations’ domains.
File Replication Service (FRS)
A service that provides multimaster replication between specified domain controllers within an Active Directory tree.
Fine-Grained password policies
A new feature of Windows Server 2008 that enables you to configure password policies that apply only to specific users or groups within a domain.
Firewall
A hardware or software security system that limits access to network resources across subnets. Typically, a firewall is used between a private network and the Internet to prevent outsiders from accessing the private network. The firewall also limits what Internet services users of the private network can access.
Flexible single-master operations (FSMO)
Five roles that are required by Windows Server 2008 not to follow the typical multimaster model and instead are hosted on only a single domain controller in each domain, in the case of the Infrastructure Master, PDC Emulator, and RID Master, or on only a single domain controller in the forest, in the case of the Domain Naming Master and the Schema Master.
Folder Redirection
A Windows Server 2008 feature that allows special folders, such as My Documents, on local Windows XP Professional or Vista Business/Enterprise/Ultimate system hard drives to be redirected to a shared network location.
Forest
A grouping of Active Directory trees that have a trust relationship between them. Forests can consist of a noncontiguous namespace and, unlike domains and trees, do not have to be given a specific name.
Forest Functional Level
The three forest functional levels are Windows 2000, Windows Server 2003, and Windows Server 2008. The default forest functional level is Windows 2000. When the forest functional level is raised to Windows Server 2003 or Windows Server 2008, advanced forestwide Active Directory features are available according to the level chosen.
Forest Root
The first domain created in a forest.
Forest Trust
A trust relationship established between two Active Directory forests
Forward Lookup Query
A DNS name-resolution process by which a hostname is resolved to an IP address
Forwarding
The relaying of a DNS request from one server to another, when the first server is unable to process the request.
FQDN (Fully Qualified Domain Name)
A DNS domain name that unambiguously describes the location of the host within a domain tree. An example of an FQDN would be the computer www.examcram.com
Functional Level
A concept introduced in Windows Server 2003 that determines what level of features and interoperability with other Windows operating systems is available in a domain or forest. In Windows 2000, functional levels were referred to as modes.
Global Catalog (GC)
Contains a partial replica of every Windows Server 2008 domain object within the Active Directory, enabling users to find any object in the directory. The partial replica contains the most commonly used attributes of an object, as well as information on how to locate a complete replica elsewhere in the directory, if needed.
Global Catalog Server
The Windows Server 2008 server that holds the Global Catalog for the forest
Global Group
A global group can contain users from the same domain in which the group is located, and global groups can be added to domain local groups to control access to network resources.
Globally Unique Identifier (GUID)
A hexadecimal number supplied by the manufacturer of a product that uniquely identifies the hardware or software. A GUID is in the form of eight characters, followed by three sets of four characters, followed by 12 characters. For example, {15DEF489-AE24-10BF-C11A-00BB844CE637} is a valid format for a GUID (braces included) A namespace , such as with DNS, that can be partitioned out in the form of a tree. This allows great flexibility in using a domain name because any number of subdomains can be created under a parent domain.
gpresult
A command-line utility that displays information about the current effect Group Policy has had on the local computer and logged-in user account.
Group Policy Object (GPO)
A collection of policies that apply to a specific target, such as the domain itself (Default Domain Policy) or an Organizational Unit (OU). GPOs are modified through the Group Policy Editor to define policy settings.
Group Policy
The Windows Server 2008 feature that allows for policy creation, which affects domain users and computer. Policies can be anything from desktop settings to application assignments to security settings and more.
Group Policy Management Editor
The Microsoft Management Console (MMC) snap-in that is used to modify the settings of a Group Policy object.
Hyper-V
The new virtualization tool included with the 64-bit editions of Windows Server 2008 that enables you to run multiple instances of the operating system on a single server.
Infrastructure Master
The FSMO role that is responsible for receiving replicated changes from other domains within the forest and replicating these changes to all domain controllers within its domain. Each domain has one Infrastructure Master; it also is responsible fro tracking what Active Directory container an object is located in.
Inheritance
The process by which an object obtains settings information from a parent object.
Issuing CA
A CA server that is involved in the day-to-day issuing of certificates for computers and users on the network.
Kerberos
An Internet standard security protocol that has largely replaced the older LAN Manager user-authentication mechanism from earlier Windows NT versions.
Knowledge Consistency Checker (KCC)
A Windows Server 2008 service that ensures consistent database information is kept across all domain controllers. It attempts to ensure that replication can always take place.
Latency
The delay that occurs in replication from the time a change is made to one replica and the time that change is applied to all other replicas in the directory.
Lightweight Directory Access Protocol (LDAP)
The Lightweight Directory Access Protocol (LDAP; pron.: /ˈɛldæp/) is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[1] Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
LDIFDE
A utility that enables you to import data formatted in the LDAP Data Interchange Format (LDIF) format to the AD DS database. You can use this tool to automate the creation of user, computer, or group accounts.
Lightweight Directory Access Protocol
The protocol that allows access to Active Directory. LDAP is an Internet standard for accessing directory services.
Linked Policy
A Group Policy that exists in one object and is linked to another object. Linked policies are used to reduce administrative duplication in applying the same policies to multiple OUs.
Local Area Network (LAN)
A network where all hosts are connected over fast connections (4MBps or greater for Token Ring; 10MBps or better for Ethernet). LANs typically do not involve outside data carriers (such as Frame Relay lines or T1 circuits) and are generally wholly owned by the organization.
Local Group
A security group that exists on a local workstation or sever and is used for granting permissions to local resources. Typically, global groups from a domain are placed inside a local group to gain access to resources on a local machine.
Local Group Policy Objects
Objects that exist on the local Windows Server 2008 system. Site-, domain-, and OU-applied GPOs take precedence over local GPOs.
Local User Account
A user account that is stored in the SAM of a member server or client computer. Such an account can be used to log on to that computer only and does not possess domain privileges.
Member Server
A server that is a member of a domain but is not a domain controller. A Windows Server 2008 domain can have Windows NT, Windows 2000, Windows Server 2003, and Windows Server 2008 member servers, regardless of the domain functional level.
Microsoft Management Console (MMC)
An extensible management framework that provides a common look and feel to all Windows Server 2008 utilities.
Multihomed
A server that has two or more network cards. This allows a server either to function as a router or to belong to more than one subnet simultaneously. Alternatively, multiple network adapters can be used for load balancing or fault tolerance.
Multimaster replication
A replication model in which any domain controller will replicate data to any other domain controller. This is the default behavior in Windows Server 2008. It contrasts with the single-master replication model of Windows NT 4, in which a PDC contained the master copy of everything and BDCs contained backup copies.
Name Resolution
The process of resolving a hostname into a format that computers can understand. This is typically resolving a DNS name or NetBIOS name to an IP address but could also be a MAC address on non-TCP/IP networks.
NetBIOS
An application programming interface (API) used on Windows NT 4 and earlier networks by services requesting and providing name resolution and network data management.
Network Monitor
A utility that enables you to capture, view, and analyze frames transmitted across the network to network adapter cards on your computer. It is useful for detecting incursions by unauthorized users and tracing their activity on the network.
Nonlocal Group Policy objects
GPOs that are stored in Active Directory rather than on the local machine. These can be site-, domain-, or OU-level GPOs.
Nslookup
A TCP/IP utility used in troubleshooting DNS name resolution problems
Ntdsutil
A command-line utility that provides a number of Active Directory management functions.
NTFS
The Windows NT/2000 file system that supports a much more robust feature set than either FAT16 or FAT32 (which was used on Windows 9x). You should use NTFS whenever possible on Windows Server 2008 systems; indeed, the server installation utility automatically creates an NTFS partition during installation.
Object
A distinct entity represented by a series of attributes within Active Directory. An object can be a user, group, computer, folder, file, printer, and so on.
Object Identifier
A number that uniquely identifies an object class or attribute. In the United States, the American National Standards Institute (ANSI) issues object identifiers, which take the form of an x.x.x.x dotted decimal format. Microsoft, for example, was issued the root object identifier of 1.2.840.113556, from which it can create further subobject identifiers.
Operations Master
A Windows Server 2008 domain controller that has been assigned one or more of the special Active Directory domain roles, such as Schema Master, Domain Naming Master, PDC Emulator, Infrastructure Master, and Relative Identifier (RID) Master.
Organizational Unit (OU)
An Active Directory container object that allows an administrator to logically group users, groups, computers, and other OUs into administrative units.
Package
A collection of software compiled into a distributable form, such as a Windows Installer (.msi) package created with WinInstall.
Parent-Child Trust Relationship
The relationship whereby a child object trusts its parent object, and the parent object is trusted by tall child objects under it. Active Directory automatically creates two-way transitive trust relationships between parent and child objects.
Password Settings Object (PSO)
An object class defined in the AD DS schema that holds attributes for the fine-grained password and account lockout policy settings.
Password Synchronization
A new feature of Windows Server 2003 R2 that contributes to better Active Directory and UNIX interoperability by automatically synchronizing passwords between the two.
Primary domain controller (PDC)
A Windows NT 4 (and earlier) server that contains the master copy of the domain database and the only writable copy of the database. PDCs authenticate user logon requests and track security-related changes with-in the domain.
PDC Emulator
The domain-level FSMO role that replicates data with Windows NT 4 BDCs in a domain, in effect functioning as an NT 4 PDC.
Ping
A TCP/IP utility that tests for basic connectivity between the client machine running Ping and any other TCP/IP host.
Policy
Settings and rules that are applied to users or computers, usually Group Policy in Windows Server 2008 and System Policy in Windows NT 4.
Preferred Bridgehead Server
Rather than letting the KCC decide which server should be a bridgehead server, you can designate preferred bridgehead servers to be used if the primary goes down. Only one preferred bridgehead server can be active at a time.
Primary Zone
A master copy of the DNS zone data hosted on a server that is the primary source of information for records found in this zone.
Public Key Infrastructure (PKI)
An industry standard technology that allows for the establishment of secure communication between hosts based on a public key/private key or certificate-based system.
Published Applications
Through the software Installation utility in Group Policy, administrators can publish applications to users. Published applications appear in Add/Remove Programs and can be optionally installed by the user.
Relative distinguished name (RDN)
The part of a DNS name that defines the host. For example, in the FQDN www.examcram.com, www is the relative distinguished name.
Read-only domain controller (RODC)
A new Windows Server 2008 feature in which the domain controller is installed with a read-only directory database. You cannot perform directory updates directly from the RODC. It is especially suitable in reduced security environments such as branch offices.
Realm Trust
A trust relationship in Windows Server 2008 that is created between an Active Directory domain and a Unix realm.
Registry
A data repository on each computer that contains information about that computer’s configuration. The Registry is organized into a hierarchical tree and is made up of hives, keys, and values
Relative Identifier (RID)
The part of the security identifier (SID) that uniquely identifies an account or group within a domain.
Replica
A copy of any given Active Directory object. Each copy of an object stored on multiple domain controllers is a replica.
Replication
The process of copying data from one Windows Server 2008 domain controller to another. Replication is a process managed by an administrator and typically occurs automatically whenever changes are made to a replica of an object.
Resource Partner
In AD FS, an organization that hosts a server containing a web-based application that has been configured for access by users in the trusted organization.
Resource Records
Standard database record types used in DNS zone database files. Common types of resource records include Address (A), Mail Exchanger (MX), Start of Authority (SOA), and Name Server (NS), among others.
Resultant Set of Policy (RSoP)
A Windows Server 2008 Group Policy tool that lets you simulate the effects of Group Policies without actually implementing them. RSoP has two modes: logging mode and planning mode. Logging mode determines the resultant effect of policy settings that have been applied to an existing user and computer based on a site, domain, or organizational unit. Planning mode simulates the resultant effect of policy settings that are applied to a user and computer.
Reverse lookup query
A DNS name-resolution process by which an IP address is resolved to a hostname.
RID Master
The domain-level FSMO role that is responsible for managing pools of RIDs and ensuring that every object in the domain gets a unique RID.
Root CA
The topmost CA in a PKI hierarchy, this is the most authoritative certificate server. You should protect this server with the highest level of security possible, such as storing it offline in a vault. If it is compromised, the entire PKI hierarchy is compromised.
Root Hints
A load-balancing mechanism that DNS servers use to distribute name resolution activity among all available DNS servers.
Router
A dedicated network hardware appliance or a server running routing software and multiple network cards. Routers join dissimilar network topologies (such as Ethernet to Frame Relay) or simply segment networks into multiple subnets.
Scalability
Measurement (often subjective) of how well a resource such as a server can expand to accommodate growing needs.
Scavenging
The process by which a DNS server searches for and deletes aged (stale) resource records
Schema
In Active Directory, a schema is a database that contains the description of object classes and the attributes that the object classes must possess and can possess.
Schema Master
The Windows Server 2008 domain controller that has been assigned the Operations Master role to control all schema updates within a forest.
Secondary Zone
An additional copy of DNS zone data hosted on a DNS server that is a secondary source for this zone information.
Secure Dynamic DNS (SDDNS)
An enhancement to DNS that enables you to permit dynamic updates only from authorized client computers in an Active Directory-integrated zone.
Security Group
A type of group that can contain user accounts or other groups and can be used to assign levels of access (permissions) to shared resources.
Security Identifier (SID)
A number that uniquely identifies a user, group, or computer account. Every account is issued one when created. If the account is later deleted and re-created with the same name, it will have a different SID. Once an SID is used in a domain, it can never be used again.
Security Templates
Collections of standard settings that can be applied administratively to give a consistent level of security to a system.
Seizing a role
The act of moving an operations master role from one domain controller to another when the original role holder is no longer available on the network. You cannot seize a role if the original role holder is available; you must transfer it instead. Once you have seized a role, you cannot bring back the original role holder without reinstalling Active Directory in most cases.
Server core
A new feature of Windows Servers 2008 that enables you to install a minimal version of the server without a GUI, Start menu, taskbar, or many ancillary components. A Server Core computer can hold most of the roles that an ordinary Windows Server 2008 computer holds, but with a smaller network footprint and fewer points of attack.
Server Performance Advisor
A utility that provides an in-depth view of current server performance and suggestions for making improvements.
Shortcut Trust
A Windows Server 2008 trust relationship between two domains within the same forest. Shortcut trusts are used to reduce the path authentication needs to travel by directly connecting child domains.
SID Filtering
A mechanism that validates the SIDs of users in a trusted domain that is attempting to authenticate across a trust relationship to a trusting domain. It enhances security by verifying that the authentication request contains only SIDs of security principals in the trusted domain.
Single-Master Operations
Certain Active Directory operations that are only allowed to occur in one place at any given time (as opposed to being allowed to occur in multiple locations simultaneously). Examples of single-master operations include schema modifications, RID assignments, and infrastructure changes.
Site
A physical component of Active Directory. Sites are created for the purpose of balancing logon authentication with replication. They can have zero (in planning), one, or multiple IP subnets. These subnets should be well connected with fast LAN links.
Site Link
A connection between sites, it is used to join multiple locations.
Site Link Bridge
A collection of site links that helps Active Directory work out the cost of replicating traffic from one point to another within the network infrastructure that is not directly connected by a single site link. By default, all site links are bridged, but this can be disabled in favor of manually configured site link bridges.
Site Link Cost
A way for AD to determine what path to replicate traffic over on a routed network. The lower the cost, the more preferable it is for AD to use a particular site link. For example, if you have a T1 and an ISDN site link connecting the same sites, the T1 site link would have a lower cost than the ISDN site link, making it the preferred path for traffic. In other words, the faster the link, the lower the site link cost.
Slow Link
A connection between sites that is not fast enough to provide full functionality in an acceptable timeframe. Site connections below 512KBps are defined as slow links in Windows Server 2008.
Standalone CA
A CA whose database is stored locally and not integrated with AD DS. Typically, an organization has a standalone root CA coupled with enterprise subordinate CA’s. This practice enables the administrator to keep the standalone root CA offline and secured in a safe location such as a vault. It is brought back online only when required fro issuing certificates to subordinate CAs.
Stub Zone
A DNS zone that contains source information about authoritative name servers for its zone only. The DNS server hosting the stub zone obtains its information from another server that hosts a primary or secondary copy of the same zone data.
Subnet
A collection of hosts on a TCP/IP network that are not separated by routers. A basic corporate LAN with one location would be referred to as a subnet when it is connected by a router to another network, such as that of an Internet service provider.
Subordinate CA
A CA whose certificates come from a root CA. The subordinate CA’s job is to issue certificates to users and computers on the network. Each subordinate CA may be dedicated to a single type of certificate, such as smart cards, Encrypting File System (EFS), or a geographical location of multisite network.
SYSVOL
A shared folder on an NTFS partition on every AD domain controller that contains information (scripts, Group Policy info, and so on) that is replicated to other domain controllers in the domain. The SYSVOL folder is created during the installation of Active Directory.
Time to Live (TTL)
The amount of time a packet destined for a host will exist before it is deleted from the network. TTLs are used to prevent networks from becoming congested with packages that cannot reach their destinations.
Transferring a Role
The act of moving one of the operations masters roles from one domain controller to another when the original role holder is available on the network. You cannot transfer the role if the original holder is not available.
Transitive Trust
An automatically created trust in Windows Server 2008 that exists between domain trees within a forest and domains within a tree. Transitive trusts are two-way trust relationships. Unlike with Windows NT 4, transitive trusts in Windows Server 2008 can flow between domains. This way, if Domain1 trusts Domain2, and Domain2 trusts Domain3, Domain1 automatically trusts Domain3.
Tree
A collection of Active Directory domains that are connected through transitive trusts and share a common Global Catalog and schema. Domains with a tree must form a contiguous namespace. A tree is contained within a forest, and multiple trees can exist within a forest.
Universal Group
An Active Directory security group that can be used anywhere within a domain tree or forest, the only caveat being that universal groups can only be used when an Active Directory domain has been converted to native mode.
Universal Group Caching
A feature that can be used once a domain has been raised to the Windows Server 2008 functional level, it allows users in universal groups to log on without the presence of a GC server.
UPN Suffix
The portion of the UPN following the @ character. By default, this is the DNS domain name of the domain where the user account is located. However, you can define an alternate UPN suffix that enables you to conceal the actual domain structure of the forest or match the user’s email address domain name.
User Configuration
The portion of a Group Policy object that allows for user policy settings to be configured and applied.
User Principal Name (UPN)
An alternate username that is formatted in a manner similar to that of an email address (for example, user@domain.com). Its use enables a user to more easily log on to a domain in the forest other than the domain she belongs to.
User Profile
Contains settings that define the user environment, typically applied when the user logs on to the system.
Wide-area network (WAN)
Multiple networks connected by slow connections between routers.
Wbadmin.exe
A command-line tool that enables you to perform backups and restores. In Windows Server 2008, this is the only tool that you can use to perform system state backups and restores.
Windows 2000 Functional Level
The default functional level that exists when you install AD DS on Windows Server 2008. In this functional level, you can have any combination of domain controllers running Windows 2000, Windows Server 2003, and Windows Server 2008.
Windows Internet Name Service (WINS)
A dynamic name-resolution system that resolves NetBIOS names to IP addresses on Windows TCP/IP networks. With Windows Server 2008, WINS has been kept in place as a feature so that any legacy clients or applications on the network can use it.
Windows Management Instrumentation (WMI)
A Windows Server 2008 management infrastructure for monitoring and controlling system resources. WMI filters are commonly used in Group Policy to modify the scope of a GPO according to the attributes of destination computers.
Windows Server Virtualization
The capability of running multiple copies of different operating systems on a single server. The 64-bit edition of Windows 2008 contains a built-in virtualization capability known as Hyper-V. You can use Microsoft Virtual Serer 2005 on 32-bit editions of Windows Server 2008 or on older Windows Server versions.
Windows Management Instrumentation (WMI)
kind of progrmming interface allowing you to get system info
Workgroup
A group of workstations and servers that are networked but not within the concept of a domain. In a workgroup, each machine maintains its own local accounts database and can be difficult to administer as the number of computer in the workgroup grows.
Zone
A discrete portion of the local or Internet-based DNS namespace, for which a single DNS server is authoritative.
Zone Delegation
The act of dividing the DNS namespace into a series of zones and delegating their management by creating resource records in other zones that point to the authoritative DNS servers for the zone being delegated
