Information Technology Reference
In-Depth Information
configuration sets
AD LDS instances containing a replica of an existing AD LDS instance's
directory partition. All instances that replicate with one another are referred to as configuration sets.
credential caching
The process whereby an RODC can be configured to store passwords of
selected accounts on the local server after they are retrieved from a writeable DC. By default,
RODCs don't store any password information for user or computer accounts.
delegated installation
An RODC installation method that doesn't require domain administrator
credentials; a regular user at a branch office can perform the installation.
directory-enabled application
An application that uses a directory service to store program,
configuration, or user information.
federated Web SSO
An AD FS design in which a trust relationship is established between the
resource partner and the account partner.
federated Web SSO with forest trust
An AD FS design that involves a trust between two
Active Directory forests. One forest, located in the perimeter network, is considered the
resource partner. The second forest, located in the internal network, is the account partner.
federation servers
A server configured to run the Federation Service role service. When used
in an account partner network, its function is to gather user credentials into claims and package
them into a security token. When used on the resource partner network, it receives security
tokens and claims from the account partner and presents the claims to Web-based applications
for authorization.
federation service proxy
Installed on servers in a perimeter network outside the corporate
firewall, this service fields authentication requests from browser clients and passes them to the
federation server inside the firewall.
federation trust
A trust between two networks using AD FS; one side of the trust is
considered the account partner, and the other side is called the resource partner.
See also
account partner
and
resource partner.
filtered attribute set
A collection of attribute data used to specify domain objects that aren't
replicated to RODCs, thereby increasing the security of sensitive information.
resource partner
In a federation trust, it's the trusting company whose resources are accessed
by the trusted company (account partner). See also account partner.
unidirectional replication
A replication method used with RODCs in which Active Directory
data is replicated to the RODC, but the RODC doesn't replicate the data to other domain
controllers.
Web SSO
An AD FS design that provides single sign-on access to multiple Web applications
for users who are external to the corporate network.
1. Your network uses Active Directory running on Windows Server 2008, and your company is
about to install an application that integrates with directory services by using LDAP and will
require major schema changes. Another application that integrates with a directory service might
be installed next year, and it will also require many schema changes that are very different from
those the first application requires. Which of the following should you use on your network?
a. A new AD DS instance
b. One AD LDS instance for each application
c. One AD FS instance for each application
d. One AD RMS instance for each application
2. Which of the following is true about AD LDS? (Choose all that apply.)
a.
There's no global catalog.
b.
Multiple instances on the same server are supported.
c.
Trust relationships are supported between instances.
d.
Group policies are supported.
Search WWH ::
Custom Search