Glossary


administrative model

The administrative model implemented by a business determines who holds the decision-making authority and who is responsible for implementing decisions. The most common administrative models are centralized and decentralized.



blocking

In Active Directory, blocking enables an administrator to modify the inheritance of a GPO so it is not passed on from parent container to child container.



bridgehead servers

The bridgehead servers are responsible for replicating information between sites. After a bridgehead server receives updates, it is responsible for ensuring that changes are replicated to other domain controllers in the site. This optimizes inter-site replication because multiple connections do not have to be established across a slow link to send and receive updates.



contiguous namespace

The type of namespace created when a child object inherits a portion of its namespace from its parent domain.



delegation

The act of assigning administrative duties and responsibilities to other individuals and groups in a business. Delegation eliminates the need to have one user or group responsible for all network administration.



Delegation of Control Wizard

A wizard built in to Windows 2000 that walks you through the process of assigning a user or group administrative privileges over a container in the Active Directory hierarchy.



disjoint namespace

The type of namespace created when a child object's namespace remains independent from that of its parent domain.



DNS servers

DNS servers are name servers responsible for a portion of the domain namespace. Client resolvers contact the DNS servers to map domain names to IP addresses (known as name resolution ).



domain

A domain is the main administrative unit in Active Directory. It's a collection of computer, user, and group accounts that are maintained by the domain administrator and share a common directory database.



domain controller

A computer running Windows 2000 Server that is responsible for authenticating user logons and managing access to resources on the network.



domain local group

A domain local group is used to assign users permissions to resources in the domain in which the group is created. This type of group can contain user accounts, universal groups, and global groups from any domain in the forest.



external trust

An external trust is a one-way explicit trust that can be established between two domains in different forests. This type of trust is one way, so if A trusts B, B does not trust A. Also, an external trust applies only to the domains specified.



filtering

Using filtering, an administrator can limit the scope of a GPO and exclude certain groups from being affected by the policy. Those groups specified are exempt from the settings in the GPO.



forest

A forest is a group of Windows 2000 domains that share a common schema, configuration container, and Global Catalog. Two-way transitive trusts are automatically established between domains in the same forest.



Global Catalog Server

The Global Catalog Server is a Windows 2000 domain controller that maintains a copy of the Global Catalog for the entire forest. The Global Catalog contains a replica of every object in Active Directory and a subset of attributes pertaining to each one.



global group

A global group is used to assign users permission to resources throughout the forest. This type of group can contain user accounts from the domain in which the group is created.



Group Policy Object ( GPO )

A GPO is simply a collection of Group Policy settings. It's basically a container for the policy settings specified in the Group Policy snap-in.



inheritance

With inheritance, permissions that have been set on a parent object can be passed on to any child objects. This makes administration simpler in that permissions might need to be set only once on the parent object.



inheritance modification

Inheritance modification enables an administrator to change how a GPO is inherited from parent to child. Modifying inheritance involves using either blocking or override.



intersite replication

The replication traffic that occurs between two or more Active Directory sites.



intrasite replication

The replication traffic that occurs within a single Active Directory site.



Kerberos

Kerberos version 5 is an industry-standard authentication protocol supported by Windows 2000. The Kerberos protocol is responsible for the authentication of users between domains in a forest.



Key Distribution Center ( KDC )

The KDC is a component of the Kerberos version 5 protocol. A KDC exists in each Active Directory domain responsible for authenticating users and for issuing session tickets so users can identify themselves to other KDCs in the forest.



local group

A local group is found on any computer running Windows 2000 Professional and member servers. This type of group is used to assign permissions to resources on the local computer on which the group resides.



Local Group Policy Object

Every computer running Windows 2000 has a local GPO that is stored on the local computer. This GPO is processed first, and nonlocal GPOs overwrite its settings.



Loopback Processing

Loopback Processing is a Group Policy option that forces the computer Group Policy to be reapplied whenever a user logs on. Normally, computer Group Policy is applied only at boot time. However, for special-purpose computers, such as those in public areas and kiosks , the computer policy should be applied each time a user logs on to ensure that the computer's user interface and settings remain consistent.



mixed mode

During a migration to Windows 2000 from Windows NT, the Windows 2000 domain is initially created in mixed mode. While in mixed mode, the Windows 2000 domain controller with the PDC Emulator Operations Master role acts as a PDC for Windows NT BDCs. Certain features of Windows 2000 are unavailable in mixed mode, such as universal groups and group nesting. Also, Active Directory should not contain more than 40,000 objects if Windows NT BDCs still exist in the domain.



native mode

After all the domain controllers have been upgraded to Windows 2000, native mode can be enabled, which allows businesses to take full advantage of Active Directory.



Operations Masters

Operations Masters are those domain controllers that have been assigned responsibility over updates that cannot be replicated using a multimaster model. The Operation Masters' roles include PDC Emulator, Schema Master, Domain Naming Master, Relative Identifier Master, and Infrastructure Master.



organizational unit ( OU )

An OU is a logical container object used to organize objects in a domain. OUs can contain users, groups, computers, printers, data, and other OUs.



override

Setting the override option ensures that a GPO at a lower level in the hierarchy does not overwrite the settings of a GPO at a higher level in the hierarchy.



remote procedure call ( RPC )

RPC is the default transport used for intersite replication. It is synchronous, which means a direct connection with the remote computer must exist before any information is transferred. RPCs can be used for intersite and intrasite replication.



schema

The schema maintains a list of all the object classes that can be stored in Active Directory and the attributes associated with each one. The schema also defines the required syntax for each attribute.



security group

Security groups in Windows 2000 are used to assign permissions to grant users access to network resources.



shortcut trust

A shortcut trust is a two-way transitive trust that must be explicitly created between two domains in the same forest. Shortcut trusts can be defined to shorten the trust path between two domains.



Simple Mail Transfer Protocol ( SMTP )

SMTP can be used only for replication between sites; it cannot be used for intrasite replication. It is asynchronous and ignores the schedules set by administrators on site links, and information is transferred in the form of email messages. If the remote server is unavailable, the information can be stored and forwarded when the server becomes available.



site

A site is a group of IP subnets connected by high-speed reliable links. Sites are created to control the replication process across slow links. Creating sites enables an administrator to take advantage of the physical network and optimize replication and Active Directory access.



site link

A site link is the logical connection between two sites that allows the replication of information to occur. Creating site links enables administrators to control when replication between the sites occurs by setting a schedule on the site link and specifying a time when the site link is available.



site link bridge

In a network that is not fully routable, site link bridges can be created to establish a replication path. Creating site link bridges eliminates the need to have site links defined between every site.



transitive trust

Transitive trusts are the logical links between domains in the same forest. In an Active Directory forest, transitive trusts are automatically established between parent domains and child domains, as well as between forest root domains and any new trees in the forest. Transitive trusts are two-way and establish a trust path in an Active Directory forest.



transport

A transport defines the method that will be used to transfer information between sites. The two choices in Windows 2000 are SMTP and RPC.



trust

A trust is the logical link between two domains that enables passthrough authentication. A user from a trusted domain is granted access to resources in the trusting domain.



universal group

This type of security group is used to grant users access to resources throughout the forest. Universal groups can contain user accounts, global groups, and universal groups from any domain in the forest.





MCSE Active Directory Services Design. Exam Cram 2 (Exam Cram 70-219)
MCSE Windows 2000 Active Directory Services Design Exam Cram 2 (Exam Cram 70-219)
ISBN: 0789728648
EAN: 2147483647
Year: 2003
Pages: 148

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net