Application directory partition

a user or application created partition; this partition type is only available on domain controllers running Windows .NET. Can store any type of object (including dynamic objects) except for security principals. Data from application partitions are not replicated to Global Catalog. The replication scope of an application partition is defined by administrators and can include any set of domain controllers in the forest. By default, built-in application partitions ForestDnsZones and DomainDnsZones with different replication scopes are used to store DNS information when the Windows .NET DNS Server is installed automatically on the first domain controller in a forest.

See also Directory partition.

Authoritative restore

a type of restore operation in Active Directory domains in which objects of the restored directory subtree are treated as authoritative, replacing all copies of these objects that exist in a domain or in the forest. To make a normal restore the authoritative restore, use the NTDSutil tool.

See also Non-authoritative restore.

Authoritative server

a DNS server that registers resource records for a domain and is allowed to resolve queries about the names stored in the appropriate zone. The authoritative server is specified in SOA and NS records for this zone.

Authoritative zone

a DNS zone that contains resource records related to a domain name. The right to resolve this domain's names is delegated to that zone.

Backup Domain Controller (BDC)

in a Windows NT 4.0 or earlier domain, domain controllers that store a read-only copy of the directory database that is replicated from the PDC. They are used for fault tolerance and distributing logon attempts.


see Backup Domain Controller.

Caching name server

does not contain any zone files and is only used for improving DNS performance in local networks. The caching server can store a resolved query and quickly respond to subsequent queries from clients by using cached information without addressing the remote authoritative servers.

Cross-reference object

the Active Directory object that stores information about "external" directory objects and services, e.g., about an object that belongs to another domain (and, therefore, is stored in another directory partition).

Delegation (DNS)

a method for distributing the workload among several name servers within the Internet or a domain. A name server may itself have the right to resolve queries for domain names, or can delegate some of the authority to other servers. This right is stated in the appropriate authoritative zones (with SOA and NS records).

Directory partition

a unit of replication in Active Directory, a part of directory namespace. There are at least three directory partitions: schema, configuration, and domain. Every domain controller holds two former partitions and its own domain partition. So, the forest of 5 domains will contain 7 directory partitions: one schema, one configuration, and 5 domains. The domain partition is replicated only within a given domain. The schema and configuration partitions are replicated through the whole forest. Global Catalog contains a subset of attributes of all domain objects.

See also Application directory partition.

Directory System Agent (DSA)

a core Active Directory service that manages the directory information stored on a hard disk. Runs on Active Directory domain controllers only.

Distinguished Name (DN)

the name that uniquely identifies an object within Active Directory. DN consists of the relative distinguished name (RDN) of the object and a set of parent objects' RDNs, e.g., CN=dc1, OU=Domain Controllers, DC=domain, DC=com.


see Distinguished Name.


see Domain Name System.


1. DNS domain

any tree or subtree that is a part of DNS namespace. DNS naming starts with the root domain represented as "." (period). 2. Active Directory domain (Windows 2000 or Windows .NET) — a group of computers and other network resources that can be administered as a whole. The security parameters (i.e., policies) of one domain do not affect other domains and are not affected by them.

Domain local group

a security or distribution group that can be granted rights and permissions on resources that only reside in the same domain where this group is located. Groups with that scope can contain universal, global, and other domain local groups from their own domain, as well as accounts from any domain in the forest.

Domain Name System (DNS)

de facto Internet standard used for registering a computer's friendly names and IP addresses. DNS has a hierarchical structure of names that form a single namespace called the domain tree. DNS is, by nature, a static service, but later realizations (RFC 2136) describe a dynamic method of updating DNS information (recourse records). In Active Directory domains, DNS is a must-have service, and if configured incorrectly, can generate many problems with authentication, administering, etc.


see Directory System Agent.

Dynamic object

an Active Directory object which has an associated Time-To-Live (TTL) value that is set when the object is created; when TTL expires, a dynamic object disappears. Therefore, clients that store dynamic information will need to periodically refresh that information. This object type is only supported on Windows .NET.

File Replication Service (FRS)

a standard Windows 2000/.NET Server service used for replicating system policies and logon scripts stored in System Volume (SYSVOL). FRS also replicates data sets defined by the Distributed File System (DFS).


Active Directory domains that are linked with automatically established two-way, transitive trusts. They share the same schema, replication information, and Global Catalog.


a DNS server that can continue resolving the client query if the client's preferred server could not answer the query. A typical example is the ISP's DNS server configured as a forwarder on a local DNS server.


see Fully Qualified Domain Name.


see File Replication Service.

Fully Qualified Domain Name (FQDN)

a DNS name that uniquely identifies a computer on the network and consists of the computer (host) name plus all names in the domain tree starting with the root domain. An FQDN name reflects the hierarchy of all host's parent domains. For example, the FQDN for a host1 that is a member of the department in the company will be

Global Catalog

a directory that contains a partial replica of every object in the forest. Clients can use it to quickly locate any object that can belong to any domain. Global Catalog is hosted on one or more domain controllers called Global Catalog servers. A forest should contain at least one Global Catalog server.

Globally Unique Identifier (GUID)

a 128-bit (8-byte) number that is automatically generated for referencing objects in the Active Directory. Here is an example of GUID: 7050f604-9f15-4536-a592-76d5af2e3487 (32 hex digit).


see Globally Unique Identifier.


a computer or other TCP/IP network resource with a unique name and IP address. Hosts can communicate one with another in a network using their IP addresses or some name resolving system (such as DNS or WINS).


an object class that is defined in RFC 2798 and supported by Active Directory on Windows .NET servers. The InetOrgPerson object is derived from the user class and can be used as a security principal. Support for InetOrgPerson makes easier migration from other LDAP directories to Active Directory.

Master server

same as Authoritative server. Master servers will either be primary or secondary; this depends on the method of obtaining zone data.

Name server (NS) or service

a service that resolves friendly names (DNS or WINS) to IP address(es). Name servers store all information about the namespace. In Active Directory domains, name services are widely used for locating sites, domain controllers, Global Catalog servers, and many other network resources.


a list of available named objects that forms a hierarchical tree. An example of a namespace might be the folder structure on a hard disk. For name services, the DNS namespace is hierarchical, while the WINS namespace is flat.

Non-authoritative restore

the normal restore operation in Active Directory domains. The objects restored from backup media can be updated with new object copies stored on other domain controllers.

See also Authoritative restore.


see Primary Domain Controller.

Primary Domain Controller (PDC)

in a Windows NT 4.0 or earlier domain, a singular domain controller that holds the master read-write copy of the directory database for the domain; authenticates domain logon attempts, and updates user, computer, and group accounts in the domain. In an Active Directory domain, the PDC Emulator provides PDC functionality for pre-Windows 2000 client computers.

Primary master server

the master server that can be used for direct updating of zone information. The primary master is the source for replicating the zone file to other (secondary) DNS servers.

Primary zone

a directly updatable store for DNS resource records that belong to that zone. Can be considered to be an analog of the PDC's database, replicated to all other replicas (BDCs).


see Relative Distinguished Name.

Recursive query

one of two methods used by DNS servers to resolve queries (see also Iterative query). If a DNS server cannot answer the query itself, in recursive mode it becomes a resolver of another DNS server, retrieves its answer, and passes it to the waiting client. In this mode, the DNS server performs all the work in finding the final answer.

Relative Distinguished Name (RDN)

the name that uniquely identifies an object within a directory container. In a sense, SAM account names can be regarded as RDNs in the domain container. The same RDN may be repeated in a naming tree (in a domain or in a forest), but must be unique in a particular chain of parent names, i.e., distinguished names cannot be repeated.


a DNS client that submits queries to name servers and receives IP address(es) that correspond(s) to a requested name. Windows 2000/XP/.NET resolver also performs the caching and some other "intellectual" functions.


in DNS or WINS, the process (and mechanism) of finding a host IP address using its name, or vice versa. This process has two participants: a client issues a request to a name server, and this server returns the appropriate information.

Resource record (RR)

an element of the DNS database. A group of RRs make up a DNS zone. Depending on their purpose, resource records vary by type: there are A, PTR, CNAME, SRV, MX, and other records.

Secondary master server

a master that cannot perform zone updates on its own and renews its data only as a result of zone replication from primary masters.

Secondary zone

a read-only copy of the primary zone, updated from it with zone transfers. It is used for DNS load distribution and fault tolerance. Can be considered to be an analog of a BDC's database that contains the information replicated from the master store (PDC).

Security principal

a user, security group, or computer account. In Windows .NET, a new security principal, InetOrgPerson, has been introduced.


see Start of Authority.

SRV record

a resource record type used for registering and locating well-known TCP/IP services. Vitally important for Active Directory domains, because such records are used to locate domain controllers, sites, Global Catalog servers, and other resource.

Start of Authority (SOA)

for DNS, a resource record that specifies the domain's authoritative name server. The required first record in all forward and reverse zone files.

System state

system state is used for backing up and restoring system-specific information including Active Directory. On domain controllers, it consists of the registry, class registration database, system boot files, Active Directory database files, and SYSVOL volume.

Time-To-Live (TTL)

a time interval of caching a resource record on a client side (in the resolver) or on a name server. In Windows .NET, this term is also applicable to dynamic objects, too.


a "hidden" Active Directory object that is removed from the directory but not yet entirely deleted. Tombstones are necessary to replicate deleted objects trough the entire forest.


see Time-To-Live.

Update Sequence Number (USN)

a 64-bit counter that is used for tracing replication changes between Active Directory domain controllers. Each domain controller increments its current (highest committed) USN at the start of each object update transaction.


see User Principal Name.

User Principal Name (UPN)

the standard naming format for logging on to Windows 2000 domains: Consists of a user logon name and a UPN suffix that by default is equal to the domain name where the user account is registered. To simplify logging on, additional UPN suffixes can be used for any users in the domain tree. These suffixes are not required to be valid DNS domain names, e.g., such UPNs as user@corpName or user@local are valid.


see Update Sequence Number.

Windows Name System (WINS)

a naming service that permits clients to get the IP address(es) corresponding to the requested NetBIOS name. Since clients can register or release their own names, WINS is a dynamic service in contrast to standard DNS. In Active Directory domains, WINS can be used in conjunction with a Windows 2000/.NET DNS Server to allow pre-Windows 2000 clients to update their names.


see Windows Name System.


a part of DNS database stored on a name server. Zone is an element of DNS domain namespace and DNS database.

Zone transfer

the process of copying a DNS zone file from the primary master to the secondary master(s).

Windows  .NET Domains & Active Directory
Windows .NET Server 2003 Domains & Active Directory
ISBN: 1931769001
EAN: 2147483647
Year: 2002
Pages: 154 © 2008-2017.
If you may any questions please contact us: