WinServ2008_Ch4

Access Control List: A list of all security descriptors that have been set up for a particular object, such as for a shared folder or a shred printer.

A domain controller at each AD site with access to a site network link, which is designated as the DC to exchange replication information. There is only on e bridgehead server per site.

An AD object that houses other objects, such as a tree that houses domains or a domain that houses organizational units.

A namespace in which every child object has a portion of its name fom its parent object.

A large container (dbs) of network data and resources, such as computers, printer, useraccounts, and user groups, that enables management and fast access to those resources.

A namespace in which the child object name does not resemble the parent object name

A list of users that enables one e-mail message to be sent to all users on the list. A distribution group is not used for secureity and thus cannot appear in an access control list (ACL)

Domain Controller: A Windows Server 03 or 08 server that contains a full copy of the AD information, is used to add a new object to AD, and replicates all changes made to it so the changes are updated on every DC in the same domain.

Refers to the Windows Server operating systems on domain controllers and the domain-specific functions they support. Depending on the functional level, one, two, or all of the flollowing operating systems are supported: Windows 2000, 03, & 08 Servers.

A group that is used to manage resources--shared folders and printers, for example--in its home domain, and that is primarily used to give global groups access to those resources.

A grouping of AD trees that each have contiguous namespaces within their own domain structure, but that have disjointed namespaces between trees. The trees and their domains use the same schema and global catalog.

A forest-wide setting that refers to the types of domain controllers in a forest, which can be any combination of Win 00, 03, 08 Servers. The level also reflects the types of AD services and functions supported.

A repository for all objects and the most frequently used attributes for each object in all domains. Each forest has a single global catalog that can be replicated onto multiple servers.

A group that typically contains user accounts from its home domain, and that is a member of domain local groups in the same or other domains, so as to give that global group's member accounts access to the resources defined to the domain local groups.

Globally Unique Identifier: a unique number, up to 16 characters long, that is associated with an AD object.

A set of two-way trusts between two or more domains (or forests in a forest trust) in which Kerberos security is used.

A group of user accounts that is used to manage resources on a standalone computer

A desktop setup that is associated with one or more accounts to determine what startup programs are used, additional desktop icons, and other customizations. A user profile is local to the computer in which it is stored.

A user profile set up by the server administrator that is loaded from the server to the client each time the user logs on; changes that the user makes to the profile are not saved.

A server on an AD managed network that is not installed to have AD.

Win Server 03 and 08 networks can have multiple servers called DC's that store AD information and replicate it to each other. Because each DC acts as a master, replication does not stop when one DC is down and updates to AD continue, for example creating a new account.

A process used to translate a computer's logical or host name into a network address, such as to a dotted decimal address associated with a computer--and vice versa.

A logical area on a network that contains directory services and named objects, and that has the ability to perform name resolution.

A network resource, such as a server or a user account, that has distinct attributes or properties, is defined in a domain, and exists in AD.

Organizational Unit: A grouping of objects within a domain that provides a means to establish specific policies for governing those objects, and that enables object management to be delegated.

Read-Only Domain Controller: A domain controller that houses AD information, but cannot be updated, such as to create a new account. This specialized domain controller receives updates from regular DC's, but does not replicate to any DCs because it is read-only by design.

Desktop settings that are associated with an account so that the same settings are employed no matter which computer is used to access the account (the profile is downloaded to the client from a server).

Elements used in the definition of each object contained in AD, including the object class and its attributes.

Scope of Influence: the reach of a type of group, such as access to resources in a single domain or access to all resources in all domains in a forest. (another meaning for the term scope is the beginning through ending IP addresses defined in a DHCP server for use by DHCP clients.

Used to assign a group of users permission to access network resources.

An option in AD to interconnect IP subnets so that the server can determine the fastest route to connect clients for authentication and to connect DCs for replication of AD. Site information also enables AD to create redundant routes for DC replication.

A trust relationship between two or more domains in a tree, in which each domain has access to objects in the others.

Related domains that use a contiguous namespace, share the same schema, and have two-way transitive trust relationship.

A domain relationship in which both domains are trusted and trusting, enabling one to have access to objects in the other.

A group that is used to provide access to resources in any domain within a forest. A common implementation is to make global groups that contain accounts members of a universal group that has access to resources.