CIS 232 Module 4 Vocab

local user account

A user account that is stored within the SAM database on a Windows system.

rights

A term that refers to a privilege that grants access to the Windows operating system.

permissions

A term that refers to a privilege granted to a resource, such as a shared folder or printer.

Access Control List (ACL)

A list of users and groups that identifies the permissions they have been granted to a resource.

local group accounts

A group account that is stored within the SAM database on a Windows system.

Security Accounts Manager (SAM)

A database that stores local user and group accounts.

standalone server

A Windows Server system that is part of a workgroup.

Local Users and Groups

An MMC snap-in tool that can be used to create and manage local users and groups on a system.

domain user account

A user account that is stored within an Active Directory database.

token

A collection of data that is used to validate the identity of a user to systems on a network.

domain group accounts

A group account that is stored within an Active Directory database.

service records

A record stored on a DNS server that identifies the location of an Active Directory service.

tickets

A token that is used by the Kerberos authentication protocol.

computer account

An object within an Active Directory database that represents a computer that is joined to an Active Directory domain.

member server

A Windows Server system that is joined to an Active Directory domain but does not function as a domain controller or hold a copy of the AD database.

objects

A basic element of Active Directory that represents an individual item within the Active Directory database, such as a user or computer.

X.500

A widely-adopted standard for directory services defined by the International Telecommunication Union (ITU).

Lightweight Access Directory Protocol (LDAP)

A protocol that is used to obtain information from a directory service, such as Active Directory.

schema

A list of all classes and attributes that can be defined within Active Directory.

classes

An object type within Active Directory.

attributes

A property within an Active Directory object.

leaf objects

An Active Directory object that represents a unique entity and does not contain other objects.

container objects

An Active Directory object that functions to group other Active Directory objects.

organizational unit (OU)

A container object within Active Directory that serves to organize leaf objects.

child OUs

An OU that has been created within another OU in the Active Directory database.

distinguished name (DN)

An LDAP identifier that includes the name and location of an object within an Active Directory database.

common name (CN)

An LDAP identifier that represents the name of an object within an Active Directory database.

security identifier (SID)

An attribute that identifies an Active Directory object within an ACL.

globally-unique identifier (GUID)

An attribute that uniquely identifies an Active Directory object within a forest.

forests

The largest container object within Active Directory.

forest root domain

The first domain installed within an Active Directory forest.

tree

A collection of domains within an Active Directory forest that share a DNS domain name.

parent domain

An Active Directory domain that has one or more child domains.

child domains

An Active Directory domain that has a parent domain. For example, child. domain.com is a child domain of domain.com.

disjointed namespace

A term that refers to two or more DNS names that have dissimilar domain names.

contigious namespace

A term that refers to two or more DNS names that share the same domain name.

Trust relationships

An association between Active Directory domains that provides for resource access.

trusts

An association between Active Directory domains that provides for resource access.

transitive

A property that allows a trust relationship to apply to other trust relationships.

internal trusts

A default trust relationship created between domains within an Active Directory forest.

shortcut trust

A trust relationship between two domains within the same Active Directory forest.

external trust

A trust relationship between an Active Directory domain and another domain outside of the Active Directory forest.

forest trust

A trust relationship between two Active Directory forests.

realm trust

A trust relationship between an Active Directory domain and a UNIX Kerberos realm.

Distribution groups

An Active Directory group object that is used by an email system.

Security groups

An Active Directory group object that is used to assign rights and permissions to group members.

group scopes

The property of an Active Directory group that determines where a group can be used and the objects it can contain.

Global

A group scope that allows a group to be used within any domain in the forest, but restricts membership to local domain objects.

Domain local

A group scope that allows a group to be used within the domain to which it belongs, but allows members from any domain in the forest.

Universal

A group scope that allows a group to be used within any domain in the forest and contain any forest objects.

group nesting

The process of adding a group object as a member of another group object.

primary domain controller (PDC)

A domain controller within a Windows NT domain that holds a read-write copy of the domain SAM database.

backup domain controllers (BDCs)

A domain controller within a Windows NT domain that holds a read-only copy of the domain SAM database.

domain functional levels

A mode that dictates the minimum allowed domain controller version within a domain.

Distributed File System (DFS)

A replication service used on modern Windows Server systems.

Advanced Encryption Standard (AES)

A symmetric encryption algorithm used by many different technologies.

Service Principle Name (SPN)

A name that can be used to uniquely identify a network service within Active Directory.

Compound authentication

An Active Directory feature that provides for additional information within Kerberos tickets for use by network services.

Kerberos armoring

An Active Directory feature that protects the initial stages of Kerberos authentication against common network attacks.

forest functional level

A mode that dictates the minimum allowed domain controller version within a forest.

Active Directory Recycle Bin

An Active Directory feature that allows deleted objects to be recovered easily.

Microsoft Identity Manager (MIM)

A software product that manages the digital identities of users.

Privilege Access Management (PAM)

A set of software features that restrict the capabilities of privileged users within an Active Directory environment.

directory partitions

A section of the Active Directory database.

scheme partition

The section of the Active Directory database that stores the schema.

configuration partition

The section of the Active Directory database that stores the list of domains and trust relationships.

domain partition

The section of the Active Directory database that stores the objects within a single domain.

site object

An Active Directory object that represents a physical location within a LAN.

site

An Active Directory object that represents a physical location within a LAN.

subnet objects

An Active Directory object that represents an IP network.

site link objects

An Active Directory object that represents an Internet connection between two sites.

bridgehead server

The domain controller within each Active Directory site that replicates Active Directory information to other sites.

global catalog

A list of all objects within an Active Directory forest.

User Principle Name (UPN)

An Active Directory user name format (username@domainname) that is stored in the global catalog.

cached credentials

An encrypted password for a domain user that is stored on a computer. It is used to provide local system access for a user if Active Directory is unavailable.

Universal Group Membership Caching (UGMC)

An Active Directory site property that allows domain controllers to cache universal group membership information for authenticated users.

Flexible Single Master Operations (FSMO)

A domain controller function that cannot be shared by all domain controllers within a domain or forest.

Schema Master

An FSMO used to coordinate the modification of the Active Directory schema within a forest.

Domain Naming Master

An FSMO used to coordinate the modification of Active Directory domains and trust relationships within a forest.

PDC Emulator

An FSMO used to coordinate password changes and provide time synchronization within an Active Directory domain.

RID Master

An FSMO used to provide unique RIDs to domain controllers within an Active Directory domain.

Relative Identifiers (RIDs)

The unique portion of a SID for an Active Directory object.

Infrastructure Master

An FSMO used to coordinate group membership, GUID, and DN information within an Active Directory domain and forest.

role seizure

The process whereby an FSMO is forcefully transferred to another domain controller.

dynamic update

A feature that allows computers to automatically create records on a DNS server.

Read-only Domain Controllers (RODCs)

A domain controller that has a read-only copy of the Active Directory database which contains a reduced number of password attributes.

Directory Services Restore Mode (DSRM)

A mode to which you can boot a domain controller in order to restore or repair the Active Directory database.

domain registrar

An organization that publicly registers domain names on the Internet.

Active Directory Domains and Trusts

A graphical tool that can configure Active Directory functional levels and trust relationships.

conditional forwarder

A DNS server feature that forwards requests for a particular domain to a target DNS server.

forest wide authentication

A setting within a forest trust that authenticates users prior to resource access.

selective authentication

A setting within a forest trust that authenticates users after determining that a desired resource is available to the user.

Active Directory Sites and Services

A graphical tool that can configure Active Directory sites and global catalog services.

Simple Mail Transfer Protocol (SMTP)

The protocol used to transmit email across the Internet.

Active Directory Users and Computers

A graphical tool that can configure objects within an Active Directory domain.

logon script

A script that is executed immediately after a user logs into a system.

virtual private networks (VPNs)

A software-defined network that is used to provide secure access to computers across an existing network.

template user account

A user account that is only used to create other user accounts with common settings.

prestaging

The process whereby a computer account is created within Active Directory before the associated computer is joined to an Active Directory domain.

Active Directory Administrative Center

A graphical tool that can configure objects within an Active Directory domain.