Information Technology Reference
In-Depth Information
delegation of control
The process of a user with higher secu-
rity privileges assigning authority to perform certain tasks to a user
with lesser security privileges; usually used to give a user adminis-
trative permission for an OU.
Dynamic DNS (DDNS)
A DNS name-registering process
whereby computers in the domain can register or update their
own DNS records.
Echo Reply
An ICMP message that's the response when a com-
puter receives an Echo Request, generated by the Ping program.
directory-enabled application
An application that uses a direc-
tory service to store program, configuration, or user information.
Echo Request
An ICMP message generated by the Ping program
used to test network connectivity and IP configuration. If a com-
puter receives an Echo Request, it responds with an Echo Reply.
directory partition
A section of an Active Directory database
stored on a domain controller's hard drive. These sections are man-
aged by different processes and replicated to other domain con-
trollers in an Active Directory network.
effective permissions
A combination of a user's assigned
permissions through group membership, explicit user permission
assignments, and inherited permissions.
directory service
A database that stores information about a
computer network and includes features for retrieving and manag-
ing that information.
Enterprise Edition
A Windows Server 2008 edition suitable for
medium to large businesses that need high-availability network serv-
ices. Supports up to eight processors and up to 2 TB RAM. Its most
notable feature that isn't available in Standard Edition is clustering.
external trust
A one-way or two-way nontransitive trust
between two domains that aren't in the same forest.
failover clustering
A Windows Server 2008 feature in
Enterprise and Datacenter editions in which a group of servers is
connected by both cabling and software; if one server fails, another
takes over to provide services.
Directory Services Restore Mode
A boot mode used to per-
form restore operations on Active Directory if it becomes corrupted
or parts of it are deleted accidentally.
disk quotas
An option on NTFS volumes that enables adminis-
trators to limit how much disk space a user can occupy with his or
her files.
Distributed File System (DFS)
A feature that makes shared
files more accessible by grouping shared folders from multiple
servers into a single folder hierarchy.
federated Web SSO
An AD FS design in which a trust relation-
ship is established between the resource partner and the account
partner.
distribution group
A group type used when you want to group
users together, mainly for sending e-mails to several people at once
with an Active Directory-integrated e-mail application, such as
Microsoft Exchange.
federated Web SSO with forest trust
An AD FS design that
involves a trust between two Active Directory forests. One forest,
located in the perimeter network, is considered the resource partner.
The second forest, located in the internal network, is the account
partner.
distribution list
An Active Directory object consisting of a list
of users in a distribution group, used for sending an e-mail to mul-
tiple people simultaneously.
federation servers
A server configured to run the Federation
Service role service. When used in an account partner network, its
function is to gather user credentials into claims and package them
into a security token. When used on the resource partner network,
it receives security tokens and claims from the account partner and
presents the claims to Web-based applications for authorization.
DNS namespace
Defines the structure of the names used to
identify resources in Internet domains. It consists of a root name
(defined as a period), top-level domains, second-level domains,
optionally one or more subdomains, and hostnames separated by
periods.
domain
The core structural unit of Active Directory; contains
OUs and represents administrative, security, and policy boundaries.
federation service proxy
Installed on servers in a perimeter
network outside the corporate firewall, this service fields authenti-
cation requests from browser clients and passes them to the federa-
tion server inside the firewall.
domain controller
A Windows server that has Active Directory
installed and is responsible for allowing client computers access to
domain resources.
federation trust
A trust between two networks using AD FS;
one side of the trust is considered the account partner, and the
other side is called the resource partner.
See also
account partner
and
resource partner.
domain directory partition
A directory partition that contains
all objects in a domain, including users, groups, computers, OUs,
and so forth.
domain GPOs
Group Policy Objects stored in Active Directory
on domain controllers. They can be linked to a site, a domain, or
an OU and affect users and computers whose accounts are stored in
these containers.
file system
Defines the method and format an OS uses to store,
locate, and retrieve files from electronic storage media.
filtered attribute set
A collection of attribute data used to
specify domain objects that aren't replicated to RODCs, thereby
increasing the security of sensitive information.
domain local group
A group scope that's the main security
principal recommended for assigning rights and permissions to
domain resources.
fine-grained password policies
A new feature in Server
2008, used to set different password and account lockout policies
for targeted users and groups. These policies are created by defining
a Password Settings Object (PSO) in the Password Settings
Container (PSC).
domain user account
A user account created in Active
Directory that provides a single logon for users to access all
resources in the domain for which they have been authorized.
dual-IP layer architecture
The current implementation of IPv6
in Windows Vista and Server 2008. Both IPv4 and IPv6 share the
other components of the stack; the dual-stack layer used by
Windows XP and Server 2003 duplicates the other TCP/IP layers.
Flexible Single Master Operation (FSMO) roles
Specialized
domain controller tasks that handle operations that can affect the
entire domain or forest. Only one domain controller can be
assigned a particular FSMO.
Search WWH ::
Custom Search