Information Technology Reference
In-Depth Information
Directory partitions are sections of the Active Directory database that hold varied types of
data and are managed by different processes. Directory partitions can be replicated from one
domain controller to another. FSMO roles are functions carried out by a single domain con-
troller per domain or forest and perform vital functions that affect Active Directory operations.
■
The forest is the broadest logical Active Directory component. All domains in a forest share
some common characteristics, such as a single schema, the global catalog, and trusts between
domains. The global catalog facilitates several important functions, such as cross-domain
logon and forestwide searching. The forest root domain is the first domain created in a forest.
■
Trusts permit domains to accept user authentication from another domain and facilitate cross-
domain and cross-forest resource access with a single logon. The types of trusts an administra-
tor can create include shortcut trusts, forest trusts, realm trusts, and external trusts.
■
A domain is the primary identifying and administrative unit of Active Directory. Each domain
has a unique name, and there's an administrative account with full control over objects in the
domain. Some organizations can benefit by using multiple domains when different security or
account policies are required, among other reasons. A tree consists of one or more domains
with a contiguous namespace. An Active Directory forest might require multiple trees when
an organization is composed of companies with a noncontiguous namespace.
■
An Active Directory site represents a physical location where domain controllers reside.
Multiple sites are used for authentication efficiency, replication efficiency, and application
efficiency. Site components include subnets, site links, and bridgehead servers.
■
application directory partition
A directory partition that applications and services use to
store information that benefits from automatic Active Directory replication and security.
configuration partition
A directory partition that stores configuration information that can
affect the entire forest, such as details on how domain controllers should replicate with one
another.
dedicated forest root domain
The first domain in a forest; contains only the forestwide
administrative accounts and domain controllers needed to run the forestwide operations
master roles.
delegation of control
The process of a user with higher security privileges assigning authority
to perform certain tasks to a user with lesser security privileges; usually used to give a user
administrative permission for an OU.
directory partition
A section of an Active Directory database stored on a domain controller's
hard drive. These sections are managed by different processes and replicated to other domain
controllers in an Active Directory network.
domain directory partition
A directory partition that contains all objects in a domain,
including users, groups, computers, OUs, and so forth.
effective permissions
A combination of a user's assigned permissions through group
membership, an explicit user permission assignment, and inherited permissions.
external trust
A one-way or two-way nontransitive trust between two domains that aren't in
the same forest.
Flexible Single Master Operation (FSMO) roles
Specialized domain controller tasks that
handle operations that can affect the entire domain or forest. Only one domain controller can
be assigned a particular FSMO.
forest root domain
The first domain created in a new forest.
forest trust
A trust that provides a one-way or two-way transitive trust between forests, which
enables security principals in one forest to access resources in any domain in another forest.
global catalog partition
A directory partition that stores the global catalog, which is a partial
replica of all objects in the forest. It contains the most commonly accessed object attributes to
facilitate object searches and user logons across domains.
Search WWH ::
Custom Search