Glossary

A universal reference to the directory in which the Windows system files are installed. Typically, %SystemRoot% is C:\Winnt or C:\Windows. By default, clean installations of Windows Server 2003 use the Windows directory. If multiple copies of Windows are installed in a multiboot system, each copy has its own %SystemRoot% directory.

The directory services included with Windows Server 2003. Based on the DNS hierarchy, Active Directory provides a domain-based directory service for organizing all of the objects and services in a Windows Server 2003 network.

A service that allows information to be transferred back and forth between the Exchange Server 5.5 directory and Active Directory.

The collections of Exchange Server 2003 computers, control of which can be delegated to users and groups.

A protocol in the IPSec suite that is used to authenticate IP traffic. The AH is inserted into the original IP packet immediately after the IP header.

A server located inside the protected internal network that communicates with a front-end server located in a screened subnet. The back-end server contains the data, such as mailbox stores, that clients want to access.

The action of making a reliable copy of critical data so that it can be recovered (restored) at a later date in the event of an emergency or casualty.

A set of collected data that is representative of the normal or beginning performance statistics. You can compare the current performance statistics against a baseline to troubleshoot problems.

A situation resulting from the inability of a computer system to meet or keep up with the demands placed on it.

A server that is used as the replication point between two different Active Directory sites.

A credential that is used to authenticate the origin, identity, and purpose of the public half of a public/private key pair. A certificate ensures that the data sent and received is kept secure.

A service that issues digital certificates to users and computers. In addition, CAs maintain a current list of revoked certificates that are no longer considered valid.

A list maintained by certificate authorities that includes all certificates that are no longer valid, but have not yet reached their configured expiration date. Clients validating a certificate can check the CRL to determine if a presented certificate is still valid.

A public folder that is located inside a parent folder. It is possible for a folder to be both a child and a parent at the same time depending on its location in the folder structure.

A configuration option that instructs Exchange Server 2003 to write over transaction logs to save disk space. The downside to circular logging is that it prevents any restoration capability other than what is contained on your backup media.

A group of two or more independent servers that operate together and are viewed and accessed as a single resource. Also referred to as clustering.

A network application, service, or hardware device (such as a network adapter or storage system) that is defined and managed by the cluster service.

A defined set of resources contained within a cluster. Cluster resource groups are used as failover units within a cluster. When a cluster resource group fails and cannot be automatically restarted by the cluster service, the entire cluster resource group is placed in an offline status and failed over to another node.

A cluster resource group to which a network name and IP address are assigned. Cluster virtual servers are accessible by their NetBIOS name, DNS name, or IP address.

The ADC component that controls the replication between AD and the Exchange Server 5.5 directory.

A mail-enabled Active Directory object that can be used to send email to individuals outside of the Exchange Server 2003 organization.

The process by which clustering nodes determine a new, stable state among themselves and elect a new default host after the failure of one or more cluster nodes.

The part of an object in the Performance Monitor that can have usage and performance statistics measured.

A log that can be created by using the Performance console for later viewing and comparison against current performance statistics.

A location to which certificate distribution lists are published.

An Exchange Server 2003 address list that can be created using any desired filtering criteria.

A symmetric encryption scheme that requires the sender and the receiver to know the secret key. DES uses a 56-bit key that provides approximately 7.2x10¹⁶ different key combinations.

An operating system support tool used to check the functionality of the Active Directory environment.

The group of default address lists that are created when Exchange Server 2003 is installed within the organization. Exchange Server 2003 provides five default address lists: All Contacts, All Groups, All Users, Public Folders, and the Default Global Address List (GAL).

The public folder tree that is created automatically with the Exchange Server 2003 installation and is configured to automatically replicate to all public folder servers by default. This is the public folder tree that you will see listed in the Exchange System Manager as "Public Folders" and in Outlook as "All Public Folders." Clients can access the default public folder tree using MAPI, HTTP, or NNTP. There can be only one public folder tree that can be accessed via MAPI the default public folder tree.

The location between an internal and external firewall where front-end servers are located (also known as a screened subnet).

An internal list that is attached to files and folders on NTFS-formatted volumes and is configured to specify the level of permissions allowed for different users and groups.

The group that is used only for the purpose of easily distributing messages to a common group of objects users, contacts, and other groups. Distribution groups differ from security groups in that they are not access control list (ACL) enabled, and thus cannot be used to assign user rights and permissions.

A container in the DNS name hierarchy or the network organizational unit (OU) for Windows Server 2003 networks.

A server that holds a writable copy of the Active Directory data and manages information contained within the Active Directory database. Domain controllers also function as DNS servers when Active Directory integrated zones are used. The Kerberos Key Distribution Center (KDC) is also located on every domain controller.

A service that dynamically provides name- and address-resolution services in a TCP/IP environment.

A user account that exists within an Active Directory network that allows the user to log on to any computer in the network for which he has the required user rights.

A protocol that is used in the IPSec suite to handle data encryption. ESP is usually used with AH to provide the maximum level of security and integrity for data transmitted in IPSec transmissions. ESP uses DES encryption, by default, but it can be configured to use 3DES.

A mechanism for securing data in which data is translated into a secret code that can be read only with the correct key to translate the secret code back to the original data.

A command-line utility that is used to perform defragmentation on Exchange Server 2003 databases at a low level.

A utility located in the Administrative Tools folder, the Event Viewer contains logs into which system and application events are written that can be used to monitor and troubleshoot a server.

A set of checklists for performing specific Exchange Server 2003 installation tasks.

The administrative tool used for configuring Exchange Server 2003.

The process of moving a cluster group (either manually or automatically) back to the preferred node, after the preferred node has resumed cluster membership. For failback to occur, it must be configured for the cluster group, including the failback threshold and selection of the preferred node.

The process of a cluster group moving from the currently active node to a designated, functioning node in the cluster group. Failover typically occurs when the active node becomes unresponsive (for any reason) and cannot be recovered within the configured failure threshold period.

A device that protects the internal network from the external Internet, WAN, business partner, or anything else you might want to protect against.

The logical structure that contains all domains in the Active Directory model.

A utility that prepares Active Directory for Exchange Server 2003 installation by extending the schema. ForestPrep must be run before Exchange Server 2003 is installed.

The levels of functionality for Active Directory forests and Active Directory domains that determines the unique features they can possess, such as the capability to remain forests and domains that are configured for Windows Server 2003 mode.

The first domain created within an Active Directory forest becomes the forest root.

A server that is located in a screened subnet and provides a connection point for users who want to gain access to resources located inside the internal network.

A host's complete DNS name, including the hostname and all domains that connect the host to the root domain. The FQDN is typically expressed without a trailing period, with the root domain assumed.

Any public folder tree that is created after the installation of Exchange Server 2003. These public folder trees cannot be accessed by MAPI clients such as Outlook.

The primary address list with which Exchange Server 2003 users become familiar. The GAL contains all Exchange Server 2003 recipient objects in the entire organization and is retrieved from the global catalog servers. When Exchange Server 2003 is first installed, a default GAL is created and automatically contains all Exchange Server 2003 recipients as they are created.

A partial replica of every object in an Active Directory database that is used to speed searching.

A network communication sent among individual cluster nodes at intervals of no more than 500 milliseconds (ms), used to determine the status of all cluster nodes.

The standard transfer protocol for access to Web sites. HTTP makes connections using port 80.

A protocol in the TCP/IP suite of protocols that is used for testing connectivity. Common ICMP-based tools include ping and tracert.

One of the core protocols in the TCP/IP suite; a routing protocol that is used as part of multicasting.

An encryption scheme that allows disparate VPN servers to share encryption key information and makes the IPSec protocol practical in today's environment.

An advanced messaging protocol that provides more functionality than POP3, such as the ability to download headers only for new messages, to view more folders than just the inbox, and to work with public folders.

The portion of the TCP/IP protocol suite that is used to provide packet routing.

A protocol that is used to share a public key between sender and receiver of a secure connection. ISAKMP/Oakley allows the receiving system to retrieve a public key and then authenticate the sender using digital certificates.

The 32-bit binary address that is used to identify a TCP/IP host's network and host ID. IPv6 IP addresses are 128 bits in length.

A Layer 3 TCP/IP protocol that provides end-to-end security for data in transit.

An identity-based security protocol that is based on Internet security standards and used by Windows Server 2003 to authenticate users.

The protocol used to access Active Directory as well as other directory services. Exchange Server 2003 uses LDAP to determine the membership of address lists.

A user account that exists only within the scope of the local computer and can be used only to authenticate against the local computer Security Accounts Manager (SAM) database.

A user, group, or contact object that has an email address assigned, but does not have an Exchange Server 2003 mailbox.

A policy that is used to configure how a mailbox store behaves and to enforce limits and policies uniformly across multiple mailbox stores.

A user or group that has an Exchange Server 2003 mailbox assigned.

A server that is part of the Active Directory domain but does not function as a domain controller. Member servers might be SQL servers, Exchange Server 2003 servers, file servers, print servers, or virtually any other type of server.

The API used to access collaborative data on Exchange Server 2003 servers.

The utility used to migrate user mailboxes from one organization or mail system to Exchange Server 2003.

The default mode of Exchange Server 2003, which allows interoperability with Exchange Server 5.5. It can be upgraded to native mode.

An email notification that can be sent from the Exchange Server 2003 server or connection monitors when a specified event has occurred.

The standard allowing different content to be encapsulated into a single message.

A DNS record that is used to locate an organization's mail server.

The mode used with Exchange Server 2003 when no Exchange Server 5.5 servers need to be supported. It contains features that mixed mode does not. Native mode supports both Exchange 2000 Server and Exchange Server 2003 servers.

A device installed into a PC or other host device to allow it to have a MAC address and to be assigned an IP address. This device connects you to the network. It is also referred to as a network adapter.

The protocol that is used with Usenet; it allows for newsgroup messages to be stored.

An individual server within a cluster (in regard to clustering). In regard to networking, a node is a device that communicates on a network and is identified by a unique address. In hierarchies, a node is a container that contains other containers and data.

The command-line version of the Windows Backup utility.

The default offline address list is an address list that is available to Exchange Server 2003 users when they are working offline with an Offline Folder, an .OST file. By default, the default GAL is used to create the default offline address list; however, additional offline address lists can be created and associated with specific mailbox stores.

A file system level backup of an Exchange Server 2003 database that is done with the database offline.

A backup of an Exchange Server 2003 database that is done while the database is online. Online backups are the preferred method of performing Exchange Server 2003 backups.

The standard, and most advanced, messaging client that is commonly used with Exchange Server 2003. Some advanced Exchange Server 2003 features can only be used with Outlook 2003.

A Web-based method of accessing an Exchange Server 2003 mailbox.

The domain that shares the same DNS namespace with one or more child domains under it.

A public folder that contains other public folders.

A protocol that is used by Microsoft and others to create VPNs.

The endpoint of a logical connection to a computer system. TCP/IP traffic uses ports based on protocol. Ports are opened on firewalls to allow certain types of traffic through while blocking other types.

An older, but universally available, messaging protocol that provides basic messaging, but none of the more advanced features, such as calendaring or header download.

An administrative principle which states that users are given only the minimum privileges required to perform the specific set of tasks they have been assigned.

A storage location that can be used to store various types of information, such as email, documents, multimedia files, and so on, for sharing with many users.

A policy that is used to configure how a public folder store behaves and to enforce limits and policies uniformly across multiple public folder stores.

The hierarchical tree structure in which public folders are arranged.

The two-key encryption method in which a user has two keys, a public key available to all and a private key available only to him.

An email-enabled distribution group that has its group membership defined by the results of a Lightweight Directory Access Protocol (LDAP) query made against Active Directory.

The disk drive that contains the definitive cluster-configuration data. Clustering with MSCS requires the use of a quorum disk and requires continuous access to the data contained within the quorum disk. The quorum disk contains vital data about the nodes participating in the cluster, the applications and services defined within the cluster resource group, and the status of each node and cluster resource. The quorum disk is typically located on a shared storage device.

The policies that are applied to Exchange Server 2003 recipient objects to configure items such as how email addresses are configured or to configure retention settings for recipients.

A service that is installed with Exchange Server 2003 and is responsible for building and maintaining all Exchange Server 2003 address lists.

A synchronous connection protocol that allows an application on one computer to execute an application on another computer. Outlook clients use MAPI RPCs to access their mailbox and public folder stores.

The process by which data is copied or updated from one location to another, such as during public folder replication.

The process of replacing or re-creating data on a computer using a set of backup media.

In a hierarchy, the container that holds all other containers.

A group of Exchange Server 2003 servers connected via a high-speed network. Routing groups define the physical Exchange Server 2003 infrastructure, whereas administrative groups define the administrative infrastructure. In native mode, routing group membership is independent of administrative group membership.

The protocol used by Outlook 2003 to retrieve messages using RPC carried over the HTTP protocol.

The location between an internal and an external firewall where front-end servers are located (also known as a DMZ).

An industry standard encryption mechanism developed by Netscape Communications for protecting HTTP connections.

The groups used to configure the security settings for their members. By configuring user rights and permissions on a group, the settings can then be quickly and efficiently applied to all members of the group. Security groups can also be mail-enabled, thus allowing their usage to distribute messages to all members who have a correctly configured email address within Active Directory.

A monitoring object created during the installation of Exchange Server 2003 that can be configured from within the Exchange System Manager to monitor Exchange Server 2003 servers.

A policy that is used to configure how a server behaves and to enforce limits and policies uniformly across multiple servers.

The protocol used by all mail servers on the Internet for the transfer of email.

A group of well-connected TCP/IP subnets.

A subdivision of a TCP/IP internetwork that communicates with other subnets through routers.

In TCP/IP, a mask that is used to determine the subnet to which an IP address belongs. A subnet mask enables a host or a router to determine which portion of an IP address is the network ID and which is the host ID. The host can then use this information to determine whether to send a packet to a host on the local network or to a router.

A generic name for mailbox store, public folder store, and server policies.

A folder that exists directly under the root of the public folder tree.

The suite of communications protocols used to connect hosts on the Internet.

The mode used to secure traffic with IPSec, typically between servers or clients and servers. End-to-end security creates a secure channel for trustworthy communication.

A more secure variant of the DES standard that encrypts data by using three different 56-bit keys in succession. 3DES thus extends the DES key to 168 bits, providing approximately 6.2x10⁵⁷ different keys.

The use of IPSec in a mode in which two endpoints have been configured to create a tunnel, such as when a VPN tunnel is created.

A Windows Server 2003 security group that can be used anywhere within a domain tree or forest; Universal groups can be used only when Windows Server 2003 has been converted to native mode.

A feature that enables users in Universal groups to log on without the presence of a GC server. This feature can be used after a domain has been raised to the Windows Server 2003 functional level.

A naming convention that is used to define a resource on a Windows Server 2003 server network. A share named DOCS on the server SERVER1 could be accessed using the UNC path of \\SERVER1\DOCS.

An Active Directory object representing a network user that can be mail-enabled or mailbox-enabled in an Exchange Server 2003 organization. A user account gives the user the ability to log on to and access resources on the network.

A connectionless protocol that is part of the TCP/IP suite and is frequently used in broadcasts.

A mechanism for providing secure, private communications that uses a public network (such as the Internet) as the transport method. VPNs use a combination of encryption and authentication technologies to ensure data integrity and security.

An instance of an Exchange Server 2003 protocol, such as for HTTP or SMTP, that has its own network properties, such as a unique IP address and port number assignment.

A new feature in Windows Server 2003 that provides distinctly different functions. The first function allows the Windows Backup utility (or ntbackup from the command line) to back up open files, as if they were closed. The second feature provides a means of creating and storing up to 64 historical versions of files that are located within a network share.

The mode that allows Windows NT 4.0 domain controllers to exist and function within a Windows Server 2003 domain. This is the default setting when Active Directory is installed, although it can be changed to native mode.

The mode in which all domain controllers in a domain have been upgraded to Windows Server 2003 and there are no longer any Windows NT 4.0 domain controllers. An administrator explicitly puts Active Directory into native mode, at which time it cannot be returned to mixed mode without removing and reinstalling Active Directory.

The highest functional level of either the domain or the forest in Windows Server 2003. This functional level implements all the new features of Windows Server 2003 Active Directory, but at the expense of some backward compatibility.

A grouping of computers and resources that uses a decentralized authentication and management system.