Information Technology Reference
In-Depth Information
account partner In a federation trust, it's the trusted company
whose users will be accessing resources of the trusting company
(resource partner). See also resource partner.
authoritative server A DNS server that holds a complete copy
of a zone's resource records (typically a primary or secondary zone).
built-in user accounts User accounts created by Windows
automatically during installation.
Active Directory The Windows directory service that enables
administrators to create and manage users and groups, set network-
wide user and computer policies, manage security, and organize net-
work resources.
caching-only DNS server A DNS server with no zones. Its sole
job is to field DNS queries, do recursive lookups to root servers, or
send requests to forwarders, and then cache the results.
Active Directory-integrated zone A primary or stub zone
with the DNS database stored in an Active Directory partition
rather than a text file. Because Active Directory zones are replicated
to other domain controllers automatically, only primary and stub
zones can be Active Directory integrated.
CA Web proxy A server configured with the Web Enrollment
role service. See also registration authority.
certificate practice statement (CPS) A document describing
how a CA issues certificates containing the CA identity, security
practices used to maintain CA integrity, types of certificates issued,
renewal policy, and so forth.
Active Directory replication The transfer of information
among domain controllers to make sure all domain controllers have
consistent and up-to-date information.
AD LDS instance A copy of Active Directory Lightweight
Directory Services (AD LDS) running on a server that has its own
data store and communication ports and a unique service name.
AD RMS root cluster One or more servers configured with the
Active Directory Rights Management Services (AD RMS) server role.
Multiple servers can be used for redundancy and load balancing.
ADFS-enabled Web servers Web servers that host an Active
Directory Federation Services (AD FS) Web agent.
administrative shares Hidden shares created by Windows that
are available only to members of the Administrators group; they
include the root of each volume, the %systemroot% folder, and
IPC$. Hidden shares' names end with a dollar sign.
certificate templates A shell or model of a certificate used to
create new certificates; it defines characteristics of the certificate,
such as the intended use and expiration date.
claim An agreed-on set of user attributes that both parties in a
federation trust use to determine a user's credentials.
conditional forwarder A DNS server to which other DNS
servers send requests targeted for a specific domain.
configuration partition A directory partition that stores con-
figuration information that can affect the entire forest, such as
details on how domain controllers should replicate with one
another.
configuration sets AD LDS instances containing a replica of an
existing AD LDS instance's directory partition. All instances that
replicate with one another are referred to as configuration sets.
administrative template files XML format text files that
define policies in the Administrative Templates folder in a GPO.
You can create custom ADMX files to create your own policies.
connection object An Active Directory object created in Active
Directory Sites and Services that defines the connection parameters
between two replication partners.
administrator role separation A feature available for RODCs
in which a user can be granted local administrative rights on the
RODC without needing broader domain administrator capabilities.
See also read only domain controller (RODC).
contact An Active Directory object that usually represents a person
for informational purposes only, much like an address book entry.
credential caching The process whereby an RODC can be con-
figured to store passwords of selected accounts on the local server
after they are retrieved from a writeable DC. By default, RODCs
don't store any password information for user or computer
accounts.
ADMX central store A centralized location for maintaining
ADMX files so that when an ADMX file is modified from one
domain controller, all DCs receive the updated file.
alternate UPN name suffixes This method enables users to
log on with another name in place of the “domain” in the typical
UPN suffix format username @ domain . These suffixes are used for
security reasons or to simplify logons with lengthy suffixes.
data collector set A Performance Monitor object used to
create a baseline of performance data; can contain performance
counters, counter alerts, event traces, and system configuration
information.
application directory partition A directory partition that
applications and services use to store information that benefits from
automatic Active Directory replication and security.
Datacenter Edition A Windows Server 2008 edition with sup-
port for up to 64 processors, primarily intended for organizations
managing huge amounts of data, using virtualization on a large
scale, consolidating servers, or running high-volume, transaction-
heavy applications.
attribute value Information stored in each attribute. See also
schema attributes.
authentication A process that confirms a user's identity; the
account is then assigned permissions and rights that authorize the
user to access resources and perform certain tasks on the computer
or domain.
dedicated forest root domain The first domain in a forest;
contains only the forest-wide administrative accounts and domain
controllers needed to run the forestwide operations master roles.
authoritative restore A method of restoring Active Directory
data from a backup to ensure that restored objects aren't overwrit-
ten by changes from other domain controllers through replication.
delegated installation An RODC installation method that
doesn't require domain administrator credentials; a regular user at
a branch office can perform the installation.
607
 
 
 
Search WWH ::




Custom Search