click below
click below
Normal Size Small Size show me how
CIT233 Ch 1 and 2
CIT233 Ch 1 and 2 Advanced AD terms
Term | Definition |
---|---|
child domains | Domains that have the same second-level and top-level domain names as the parent domain in the same tree and forest. |
domain | The core structural unit of Active Directory; contains OUs and represents administrative, security, and policy boundaries. |
domain functional levels | Properties of domains that determine which features of Active Directory have domain-wide implications and which server OSs are supported on domain controllers. |
external trust | A one-way or two-way nontransitive trust between two domains that aren’t in the same forest. |
Flexible Single Master Operation (FSMO) | roles Specialized domain controller tasks that handle operations that can affect the entire domain or forest. Only one domain controller can be assigned a particular FSMO. |
forest | A collection of one or more Active Directory trees. It can consist of a single tree with a single domain, or it can contain several trees, each with a hierarchy of parent and child domains. |
forest functional level | A property of a forest that determines which features of Active Directory have forest-wide implications and which server OSs are supported on domain controllers. |
forest root domain | The first domain created in a new forest. |
forest trust | A trust that provides a one-way or two-way transitive trust between forests, which enables security principals in one forest to access resources in any domain in another forest. |
forest-wide authentication | A property of a forest trust for granting users in a trusted forest access to the trusting forest. |
global catalog | A partial replica of all objects in the forest. It contains the most commonly accessed object attributes and universal group membership information. |
global catalog (GC) | server A server that holds the global catalog; it facilitates forest-wide Active Directory searches and logons across domains and stores universal group membership information. See also global catalog. |
intersite replication | Active Directory replication that occurs between sites. |
intrasite replication | Active Directory replication between domain controllers in the same site. |
Knowledge Consistency Checker (KCC) | A process that runs on every domain controller to determine the replication topology. |
multimaster replication | The process of replicating Active Directory objects; changes to the database can occur on any domain controller and are propagated to all other domain controllers. |
one-way trust | A trust relationship in which one domain trusts another, but the reverse is not true. |
organizational unit (OU) | An Active Directory container used to organize a network’s users and resources into logical administrative units. |
realm trust | A trust used to integrate users of other OSs into a Windows Server 2012/R2 domain or forest; requires the OS to be running Kerberos V5 authentication. |
referral | The process of sending a request for information about an object to DCs in other domains until the information is found. |
selective authentication | A property of a forest trust that enables administrators to specify users who can be granted access to selected resources in the trusting forest. |
shortcut trust | A manually configured trust between domains in the same forest for the purpose of bypassing the normal referral process. See also referral. |
SID filtering | An option that causes a trusting domain to ignore any SIDs that aren’t from the trusted domain. |
site | A physical location in which domain controllers communicate and replicate information. |
transitive trust | A trust relationship based on the transitive rule of mathematics; therefore, if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C. |
tree | A group of domains sharing a common naming structure. |
trust relationship | An arrangement that defines whether and how security principals from one domain can access network resources in another domain. |
two-way trust | A trust in which both domains in the relationship trust each other, so users from both domains can access resources in the other domain. |
UPN suffix | The part of the user principal name (UPN) |
automatic site coverage | A feature in which each domain controller advertises itself by registering SRV records in DNS in sites that don’t have a DC if the advertising DC has the lowest cost connection to the site. |
bridgehead server | A domain controller in a site that has been assigned to handle replication of one or more directory partitions in that site. |
connection object | An Active Directory object created in Active Directory Sites and Services that defines the connection parameters between two replication partners. |
filtered attribute set | A feature of RODCs that specifies domain objects that aren’t replicated to RODCs. |
Inter-Site Topology Generator (ISTG) | A designated domain controller in each site that’s responsible for assigning bridgehead servers to handle replication for each partition. |
intersite replication | Active Directory replication that occurs between two or more sites. |
intrasite replication | Active Directory replication between domain controllers in the same site. |
Knowledge Consistency Checker (KCC) | A process that runs on every domain controller to determine the replication topology. |
site link | An Active Directory object that represents the path between sites and determines the replication schedule and frequency between sites. |
site link bridge | An Active Directory object that represents site links using a common transport protocol. |
site link bridging | A default property of a site link that makes it transitive. To control the transitive nature of site links, you can create site link bridges manually. |
unidirectional replication | The type of replication used by RODCs, in which writeable DCs replicate to RODCs, but RODCs don’t replicate to other DCs. |
urgent replication | An event triggering immediate notification that a change has occurred instead of waiting for the normal 15-second interval before replication partners are notified. |