- Active Directory
Active Directory is implemented as a service that enables network administrators to centrally organize and manage objects such as users, computers, printers, applications, and profiles.
- Active Directory Integrated Zones
Active Directory integrated zones are DNS zones that are located on a DNS server that is also a domain controller. Since domain controllers replicate information to each other on an ongoing basis, the DNS server can piggyback its information onto the Active Directory replication. This eliminates the need for zone transfer and conserves available bandwidth.
- Administrative Model
The administrative model implemented by a business essentially determines who holds the decision-making authority and who is responsible for implementing decisions. The most common administrative models are centralized and decentralized.
- Automatic Private IP Addressing
Automatic Private IP Addressing (APIPA) is a service that provides an IP address to a client when the client is set to obtain an address automatically and a DHCP server is unavailable. The addresses range from 169.254.0.1 to 169.254.255.254.
- BIND
BIND (Berkeley Internet Name Domain) is a Unix-based DNS service. Windows Server 2003 DNS is capable of interoperating with various versions of BIND.
- Caching-Only DNS Servers
Caching-only DNS servers are servers with DNS installed and set with forwarders but no zone information. These servers are generally used with a small remote office that has a relatively slow link to the main office. They resolve queries and cache the responses without the need for zone transfer. This conserves bandwidth on the slower link.
- Conditional Forwarding
Conditional forwarding is a new feature in Windows Server 2003 that forwards DNS name resolution requests to specified servers based on the hostname requested. It is used to make the process of name resolution more efficient.
- Delegation
The act of assigning administrative duties and responsibilities to other individuals and groups within a business. Delegation eliminates the need to have one user or group responsible for all network administration.
- DHCP
Dynamic Host Configuration Protocol (DHCP) is a service that dynamically assigns IP addresses and other IP configuration settings to clients that connect to a network.
- DNS Servers
DNS servers are name servers responsible for a portion of the domain namespace. Client resolvers contact the DNS servers to map domain names to IP addresses (known as name resolution).
- Domain
A domain is the main administrative unit within Active Directory. It's a collection of computer, user, and group accounts that are maintained by the domain administrator and share a common directory database.
- Domain Local Group
A domain local group is used to assign users permissions to resources within the domain in which the group is created. This type of group can contain user accounts, universal groups, and global groups from any domain in the forest.
- Dynamic DNS
Dynamic DNS (DDNS) is a service that dynamically registers hostnames when a computer connects to a network.
- Dynamic Updates
Dynamic updates enable computers running Windows 2000, Windows XP, and Windows Server 2003 to automatically update their own A records with the DNS server.
- Filtering
Filtering is a feature that enables an administrator to exclude certain security groups from being affected by a group policy by limiting the scope of the policy.
- Firewall
A firewall is hardware, software, or a combination of the two, that dynamically filters packets into and out of a network. Firewalls are an essential component for a secure network design.
- Flexible Single Master Operations
Flexible Single Master Operations (FSMO) are roles that must be performed as single master. These roles include schema master, domain naming master, PDC emulator, RID master, and infrastructure master.
- Forest
A forest is one or more Windows Server 2003 domains that share a common schema, configuration container, and Global Catalog. Two-way transitive trusts are automatically established between domains in the same forest.
- Global Catalog
The Global Catalog is a list of all the objects in the Active Directory and a subset of all the attributes of all the objects. It is used by users, administrators, and applications to search the Active Directory.
- Global Catalog Server
Global Catalog servers are domain controllers that also replicate the Global Catalog. This can be set in the NTDS settings for the server. You should have at least one Global Catalog server per site.
- Global Group
A global group is used to assign users permission to resources throughout the forest. This type of group can contain user accounts from the domain in which the group is created.
- Group Policy Object
A Group Policy Object (GPO) is simply a collection of Group Policy settings. It's basically a container for the policy settings specified in the Group Policy snap-in.
- ICANN
The Internet Corporation of Assigned Names and Numbers (ICANN) is the official registry for IP addresses and domain names. ICANN and its associated registries are responsible for ensuring that IP addresses and domain names remain unique throughout the world.
- Incremental Zone Transfer
Incremental zone transfer (IXFR) is the capability to transfer only what has changed on a DNS database on each transfer, rather than the entire database. This capability allows for more frequent zone transfer and therefore keeps the zone information more current and accurate.
- Internet Connection Sharing
Internet Connection Sharing (ICS) allows an Internet connection hosted by one machine to be shared by many machines.
- Kerberos
Kerberos version 5 is an industry-standard authentication protocol supported by Windows Server 2003. The Kerberos protocol is the default authentication protocol used by clients within a Windows Server 2003 forest.
- NetBIOS Name Resolution
NetBIOS name resolution is the process of resolving a user-friendly NetBIOS name to an IP address and vice versa.
- Network Address Translation
Network Address Translation (NAT) is a service that translates an IP address that is valid for one network to an IP address that is valid for another connected network.
- Organizational Unit
An organizational unit (OU) is a logical container object used to organize objects within a domain. OUs can contain users, groups, computers, printers, data, and other OUs.
- Proxy Server
A proxy server is used in larger networks for network address translation. Proxy servers also provide more control over which users have access to the Internet and what sites they can access. In addition, proxy servers cache Internet requests from users. These caches can be used to provide greater security and to provide faster response to users seeking a frequently used site.
- RAS
Remote Access Services (RAS) enable a user to access resources from the network by connecting through telephone lines, cable modems, or any other connection medium.
- Remote Access Policies
Remote access policies control authentication and authorization to a remote access server. They contain three elements: conditions, permissions, and profile.
- Scope
In terms of Active Directory, the scope determines the areas within a company that will be included in the design plan. Scope can also be used in the context of permissions and privileges. The scope of one's privileges determines what objects you have the right to administer.
- Screened Subnet
A screened subnet is a special private network between two firewalls. It is used to provide a balance of security and accessibility of servers that are used on the Intranet and from the Internet. Also known as a DMZ.
- Site
A site is a group of IP subnets connected by high-speed reliable links. Sites are created to control the replication process across slow links. Creating sites enables an administrator to take advantage of the physical network and optimize replication and Active Directory access.
- SRV Records
In Windows Server 2003 (as well as Windows 2000), the DNS service locator records (SRV records) are used to locate servers that are running specific services. SRV record support is mandatory to support Active Directory with Windows Server 2003 domain controllers.
- Stub Zone
A stub zone is a small, read-only copy of a zone. It contains only the SRV record, name server record, and glue A host record for the zones. Stub zones are used in noncontiguous namespaces to make name resolution more efficient.
- Tree
Within a forest, domains that share a contiguous namespace form a tree. After a tree has been established within a forest, any new domains added to an existing tree will inherit a portion of its namespace from its parent domain.
- Trust
A trust is the logical link between two domains that allows for passthrough authentication. A user from a trusted domain is granted access to resources in the trusting domain.
- Universal Group
A universal group is a type of security group that is used to grant users access to resources throughout the forest. Universal groups can contain user accounts, global groups, and universal groups from any domain within the forest.
- Virtual Private Network
A virtual private network (VPN) is a secure communication channel through a nonsecure medium the Internet. This is accomplished through protocol encapsulation.
- WINS
Window Internet Name Systems (WINS) is a service that dynamically registers NetBIOS names and resolves NetBIOS names to IP addresses.
- Zone
A zone is a discrete, contiguous portion of a DNS namespace. An administrator or a group of administrators typically has responsibility for maintaining a zone.
|