Glossary

Active Directory

Active Directory is implemented as a service that enables network administrators to centrally organize and manage objects such as users, computers, printers, applications, and profiles.



Active Directory Integrated Zones

Active Directory integrated zones are DNS zones that are located on a DNS server that is also a domain controller. Since domain controllers replicate information to each other on an ongoing basis, the DNS server can piggyback its information onto the Active Directory replication. This eliminates the need for zone transfer and conserves available bandwidth.



Administrative Model

The administrative model implemented by a business essentially determines who holds the decision-making authority and who is responsible for implementing decisions. The most common administrative models are centralized and decentralized.



Automatic Private IP Addressing

Automatic Private IP Addressing (APIPA) is a service that provides an IP address to a client when the client is set to obtain an address automatically and a DHCP server is unavailable. The addresses range from 169.254.0.1 to 169.254.255.254.



BIND

BIND (Berkeley Internet Name Domain) is a Unix-based DNS service. Windows Server 2003 DNS is capable of interoperating with various versions of BIND.



Caching-Only DNS Servers

Caching-only DNS servers are servers with DNS installed and set with forwarders but no zone information. These servers are generally used with a small remote office that has a relatively slow link to the main office. They resolve queries and cache the responses without the need for zone transfer. This conserves bandwidth on the slower link.



Conditional Forwarding

Conditional forwarding is a new feature in Windows Server 2003 that forwards DNS name resolution requests to specified servers based on the hostname requested. It is used to make the process of name resolution more efficient.



Delegation

The act of assigning administrative duties and responsibilities to other individuals and groups within a business. Delegation eliminates the need to have one user or group responsible for all network administration.



DHCP

Dynamic Host Configuration Protocol (DHCP) is a service that dynamically assigns IP addresses and other IP configuration settings to clients that connect to a network.



DNS Servers

DNS servers are name servers responsible for a portion of the domain namespace. Client resolvers contact the DNS servers to map domain names to IP addresses (known as name resolution).



Domain

A domain is the main administrative unit within Active Directory. It's a collection of computer, user, and group accounts that are maintained by the domain administrator and share a common directory database.



Domain Local Group

A domain local group is used to assign users permissions to resources within the domain in which the group is created. This type of group can contain user accounts, universal groups, and global groups from any domain in the forest.



Dynamic DNS

Dynamic DNS (DDNS) is a service that dynamically registers hostnames when a computer connects to a network.



Dynamic Updates

Dynamic updates enable computers running Windows 2000, Windows XP, and Windows Server 2003 to automatically update their own A records with the DNS server.



Filtering

Filtering is a feature that enables an administrator to exclude certain security groups from being affected by a group policy by limiting the scope of the policy.



Firewall

A firewall is hardware, software, or a combination of the two, that dynamically filters packets into and out of a network. Firewalls are an essential component for a secure network design.



Flexible Single Master Operations

Flexible Single Master Operations (FSMO) are roles that must be performed as single master. These roles include schema master, domain naming master, PDC emulator, RID master, and infrastructure master.



Forest

A forest is one or more Windows Server 2003 domains that share a common schema, configuration container, and Global Catalog. Two-way transitive trusts are automatically established between domains in the same forest.



Global Catalog

The Global Catalog is a list of all the objects in the Active Directory and a subset of all the attributes of all the objects. It is used by users, administrators, and applications to search the Active Directory.



Global Catalog Server

Global Catalog servers are domain controllers that also replicate the Global Catalog. This can be set in the NTDS settings for the server. You should have at least one Global Catalog server per site.



Global Group

A global group is used to assign users permission to resources throughout the forest. This type of group can contain user accounts from the domain in which the group is created.



Group Policy Object

A Group Policy Object (GPO) is simply a collection of Group Policy settings. It's basically a container for the policy settings specified in the Group Policy snap-in.



ICANN

The Internet Corporation of Assigned Names and Numbers (ICANN) is the official registry for IP addresses and domain names. ICANN and its associated registries are responsible for ensuring that IP addresses and domain names remain unique throughout the world.



Incremental Zone Transfer

Incremental zone transfer (IXFR) is the capability to transfer only what has changed on a DNS database on each transfer, rather than the entire database. This capability allows for more frequent zone transfer and therefore keeps the zone information more current and accurate.



Internet Connection Sharing

Internet Connection Sharing (ICS) allows an Internet connection hosted by one machine to be shared by many machines.



Kerberos

Kerberos version 5 is an industry-standard authentication protocol supported by Windows Server 2003. The Kerberos protocol is the default authentication protocol used by clients within a Windows Server 2003 forest.



NetBIOS Name Resolution

NetBIOS name resolution is the process of resolving a user-friendly NetBIOS name to an IP address and vice versa.



Network Address Translation

Network Address Translation (NAT) is a service that translates an IP address that is valid for one network to an IP address that is valid for another connected network.



Organizational Unit

An organizational unit (OU) is a logical container object used to organize objects within a domain. OUs can contain users, groups, computers, printers, data, and other OUs.



Proxy Server

A proxy server is used in larger networks for network address translation. Proxy servers also provide more control over which users have access to the Internet and what sites they can access. In addition, proxy servers cache Internet requests from users. These caches can be used to provide greater security and to provide faster response to users seeking a frequently used site.



RAS

Remote Access Services (RAS) enable a user to access resources from the network by connecting through telephone lines, cable modems, or any other connection medium.



Remote Access Policies

Remote access policies control authentication and authorization to a remote access server. They contain three elements: conditions, permissions, and profile.



Scope

In terms of Active Directory, the scope determines the areas within a company that will be included in the design plan. Scope can also be used in the context of permissions and privileges. The scope of one's privileges determines what objects you have the right to administer.



Screened Subnet

A screened subnet is a special private network between two firewalls. It is used to provide a balance of security and accessibility of servers that are used on the Intranet and from the Internet. Also known as a DMZ.



Site

A site is a group of IP subnets connected by high-speed reliable links. Sites are created to control the replication process across slow links. Creating sites enables an administrator to take advantage of the physical network and optimize replication and Active Directory access.



SRV Records

In Windows Server 2003 (as well as Windows 2000), the DNS service locator records (SRV records) are used to locate servers that are running specific services. SRV record support is mandatory to support Active Directory with Windows Server 2003 domain controllers.



Stub Zone

A stub zone is a small, read-only copy of a zone. It contains only the SRV record, name server record, and glue A host record for the zones. Stub zones are used in noncontiguous namespaces to make name resolution more efficient.



Tree

Within a forest, domains that share a contiguous namespace form a tree. After a tree has been established within a forest, any new domains added to an existing tree will inherit a portion of its namespace from its parent domain.



Trust

A trust is the logical link between two domains that allows for passthrough authentication. A user from a trusted domain is granted access to resources in the trusting domain.



Universal Group

A universal group is a type of security group that is used to grant users access to resources throughout the forest. Universal groups can contain user accounts, global groups, and universal groups from any domain within the forest.



Virtual Private Network

A virtual private network (VPN) is a secure communication channel through a nonsecure medium the Internet. This is accomplished through protocol encapsulation.



WINS

Window Internet Name Systems (WINS) is a service that dynamically registers NetBIOS names and resolves NetBIOS names to IP addresses.



Zone

A zone is a discrete, contiguous portion of a DNS namespace. An administrator or a group of administrators typically has responsibility for maintaining a zone.





MCSE Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Exam Cram 2
MCSE Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Exam Cram 2 (Exam Cram 70-297)
ISBN: 0789730154
EAN: 2147483647
Year: 2003
Pages: 152

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net