Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CIT226 Ch 4 AD

Chapter 4 - Intro to AD and Account Mangement

access control list (ACL) A list of all security descriptors that have been set up for a particular object, such as for a shared folder or a shared printer.
bridgehead server A domain controller at each Active Directory site with access to a site network link, which is designated as the DC to exchange replication information. There is only one bridgehead server per site. See site.
container An Active Directory object that houses other objects, such as a tree that houses domains or a domain that houses organizational units.
contiguous namespace A namespace in which every child object has a portion of its name from its parent object.
directory service A large container (database) of network data and resources, such as computers, printers, user accounts, and user groups, that enables management and fast access to those resources.
disjointed namespace A namespace in which the child object name does not resemble the parent object name.
distribution group A list of users that enables one e-mail message to be sent to all users on the list. A distribution group is not used for security and thus cannot appear in an access control list (ACL).
domain controller (DC) A Windows Server 2003 or 2008 server that contains a full copy of the Active Directory information, is used to add a new object to Active Directory, and replicates all changes made to it so the changes are updated on every DC in the same domain.
domain functional level Refers to the Windows Server operating systems on domain controllers and the domain-specific functions they support.
domain local security group A group that is used to manage resources—shared folders and printers, for example—in its home domain, and that is primarily used to give global groups access to those resources.
external trust Establishes a one- or two-way trust between a domain outside a forest and a domain within a forest.
forest A grouping of Active Directory trees that each have contiguous namespaces within their own domain structure, but that have disjointed namespaces between trees. The trees and their domains use the same schema and global catalog.
forest functional level A forest-wide setting that refers to the types of domain controllers in a forest, which can be any combination of Windows 2000 Server, Windows Server 2003, or Windows Server 2008.
global catalog A repository for all objects and the most frequently used attributes for each object in all domains. Each forest has a single global catalog that can be replicated onto multiple servers.
global security group A group that typically contains user accounts from its home domain, and that is a member of domain local groups in the same or other domains, so as to give that global group’s member accounts access to the resources defined to the domain local groups.
globally unique identifier (GUID) A unique number, up to 16 characters long, that is associated with an Active Directory object.
Kerberos transitive trust relationship A set of two-way trusts between two or more domains (or forests in a forest trust) in which Kerberos security is used.
local security group A group of user accounts that is used to manage resources on a stand-alone computer.
local user profile A desktop setup that is associated with one or more accounts to determine what startup programs are used, additional desktop icons, and other customizations. A user profile is local to the computer in which it is stored.
mandatory user profile A user profile set up by the server administrator that is loaded from the server to the client each time the user logs on; changes that the user makes to the profile are not saved.
member server A server on an Active Directory managed network that is not installed to have Active Directory.
multimaster replication Windows Server 2003 and 2008 networks can have multiple servers called DCs that store Active Directory information and replicate it to each other.
name resolution A process used to translate a computer’s logical or host name into a network address, such as to a dotted decimal address associated with a computer—and vice versa.
namespace A logical area on a network that contains directory services and named objects, and that has the ability to perform name resolution.
object A network resource, such as a server or a user account, that has distinct attributes or properties, is defined in a domain, and exists in Active Directory.
organizational unit (OU) A grouping of objects within a domain that provides a means to establish specific policies for governing those objects, and that enables object management to be delegated.
Read-Only Domain Controller (RODC) A domain controller that houses Active Directory information, but cannot be updated, such as to create a new account.
realm trust Creates a one- or two-way trust between a domain in a Windows Server forest and a group of non-Windows Server computers, such as UNIX/Linux computers. must all be configured for Kerberos version 5 (or above) authentication services.
roaming profile Desktop settings that are associated with an account so that the same settings are employed no matter which computer is used to access the account (the profile is downloaded to the client from a server).
schema Elements used in the definition of each object contained in Active Directory, including the object class and its attributes.
scope of influence (scope) The reach of a type of group, such as access to resources in a single domain or access to all resources in all domains in a forest
security group Used to assign a group of users permission to access network resources.
shortcut trust Creates a trust between two domains in two different forests and is typically used to enable faster access between lower level or child domains in different forests.
site An option in Active Directory to interconnect IP subnets so that the server can determine the fastest route to connect clients for authentication and to connect DCs for replication of Active Directory.
transitive trust A trust relationship between two or more domains in a tree, in which each domain has access to objects in the others.
tree Related domains that use a contiguous namespace, share the same schema, and have two-way transitive trust relationships.
two-way trust A domain relationship in which both domains are trusted and trusting, enabling one to have access to objects in the other.
universal security group A group that is used to provide access to resources in any domain within a forest. A common implementation is to make global groups that contain accounts members of a universal group that has access to resources.
Created by: Leisac