Active Directory(8.0-8.8)

Policy

A set of rules and guidelines that establish the way that business is conducted within an organization.

Workgroup

Microsoft's implementation of peer-to-peer networking.

Domain

An administratively defined collection of network resources that share a common directory database and security policies.

Domain

A domain is an administratively defined collection of network resources that share a common directory database and common security policies. The domain is the basic administrative unit of an Active Directory structure.

• Database information is replicated (shared or copied) within a domain.

• Security settings are not shared between domains.

• Each domain maintains its own set of relationships with other domains.

• Domains are identified using Domain Name System (DNS) names.

  • The common name is the domain name itself (for example, CorpNet).

  • The distinguished name includes the common domain name along with the top-level DNS domain name (for example, CorpNet.xyz).

Depending on the network structure and requirements, the entire network might be represented by a single domain with millions of objects. It is also possible that the network might require multiple domains.

Organizational unit (OU)

An organizational unit is like a folder that subdivides and organizes network resources within a domain. An organizational unit:

• Is a container object.

• Can contain other OUs or any type of leaf object (such as users, computers, and printers).

• Can logically organize network resources.

• Simplifies security administration.

Built-in containers

Like OUs, generic built-in containers are used to organize Active Directory objects. Built-in container objects differ from other containers in that they:

• Are created by default.

• Cannot be created, moved, renamed, or deleted.

• Have very few editable properties.

Objects

Within Active Directory, each resource is identified as an object. Common objects include:

• Users

• Groups

• Computers

You should know the following about objects:

• Each object contains attributes that include information about the object itself such as a user's name, phone number, and email address. This information is used for locating and securing resources.

• Active Directory uses DNS for locating and naming objects.

• Container objects hold other objects. These can be either other containers or leaf objects.

Domain controller

A domain controller is a Windows server that holds a copy of the Active Directory database.

• A domain controller is a member of only one domain.

• A domain can contain multiple domain controllers. Each domain controller holds a copy of the Active Directory database.

• Any domain controller can make changes to the Active Directory database.

• Replication is the process of copying changes made to the Active Directory database between all domain controllers in the domain.

Domain

A collection of network resources that share a common directory database.

Organizational unit (OU)

A folder-like container that organizes network resources.

Built-in containers

Default containers used to organize Active Directory objects that cannot be deleted.

Object

A resource within Active Directory.

Domain controller

A Windows server that holds a copy of the Active Directory database.

Full

backs up all files (even those that have not changed)

Incremental

backs up every file that has changed since the last full or incremental backup.

Differential

Backs up every file that has changed since the last full backup

Synthetic

Compares the data found in the last full backup with the current content and uploads only the changes. 

Point-to-Point Tunneling Protocol (PPTP) 

PPTP was developed by Microsoft as one of the first VPN protocols.

PPTP:  

• Uses standard authentication protocols, such as CHAP and PAP. 

• Supports only TCP/IP. 

• Is supported by most operating systems and servers. 

• Uses TCP port 1723. 

Layer Two Tunneling Protocol (L2TP) 

L2TP is an open standard for secure multiprotocol routing.

L2TP:  

• Supports multiple protocols (not just IP). 

• Uses IPsec for encryption. 

• Is not supported by older operating systems. 

• Uses TCP port 1701 and UDP port 500. 

Internet Protocol Security (IPsec) 

IPsec provides authentication and encryption. You can use it in conjunction with L2TP or by itself as a VPN solution. IPsec includes the following three protocols for authentication, data encryption, and connection negotiation:  

• Authentication Header (AH) enables authentication with IPsec. 

• Encapsulating Security Payload (ESP) provides data encryption. 

• Internet Key Exchange (IKE) negotiates the connection. 

IPsec can secure the following types of communications:  

• Host-to-host communications within a LAN. 

• VPN communications through the internet, either by itself or in conjunction with the L2TP VPN protocol. 

Secure Sockets Layer (SSL) 

The SSL protocol has long been used to secure traffic generated by IP protocols such as HTTP, FTP, and email. You can also use SSL as a VPN solution, typically in a remote access scenario. SSL:  

• Authenticates the server to the client using public key cryptography and digital certificates. 

• Encrypts the entire communication session. 

• Uses port 443, which is already open on most firewalls. 

Generic Routing Encapsulation (GRE) 

GRE is a tunneling protocol developed by Cisco. You can use GRE to route any Layer 3 protocol across an IP network. GRE:  

• Creates a tunnel between two routers. 

• Encapsulates packets by adding a GRE header and a new IP header to the original packet. 

• Does not offer any type of encryption. 

• Can be paired with other protocols, such as IPsec or PPTP, to create a secure VPN connection. 

Operating system updates

Each operating system includes an update feature that keeps the operating system current. Updates may include fixes for known bugs, patches for known security risks, and the addition of new features. 

Driver updates

If the hardware manufacturer hasn't registered a driver with Microsoft, updates for the driver aren't made available through the Windows Update service.  
 
If this is the case for a device in your system, check the hardware manufacturer's website. It should provide updated versions of the driver that you can download and install. You should always use the latest versions of the drivers for the hardware in your system. 

Application updates 

For third-party applications, visit the manufacturer's website and check for updates or configure the application to update itself.  
 
Many applications include an automatic update feature that periodically goes to the manufacturer's website to see if an update is available. Usually, an automatic update feature will prompt you to download and install updates it finds. 

Firmware updates

Firmware is software embedded in the flash memory of a hardware device. Like all software, the firmware needs to be updated.  
 
For update instructions, visit the manufacturer's website. When updating firmware, back up the current system firmware first. Most firmware update utilities provide an option to back up the existing firmware before the update in case something goes wrong. 

Pause updates 

You can pause updates for one week

Update history

You can access the following logs under Update history.  

• Feature updates 

• Quality updates 

• Driver updates 

• Definition updates 

• Other updates 

You can also uninstall updates. 

Advanced options

The following update options are available:  

• Receive updates for other Microsoft products (toggle on/off). 

• Get me up to date (toggle on/off). 

• Download updates over metered connections (toggle on/off). 

• Notify me when a restart is required to finish updating (on/off). 

• Active hours. The device will not be restarted for updates between set hours. 

Windows Insider Program 

The Windows Insider Program is a software testing program. Users who are running valid instances of Windows can register to receive pre-release builds of the operating system.  
 
There are three insider settings to choose from:  

• Dev channel (recommended for highly technical users). 

• Beta channel (recommended for most users). 

• Release preview (recommended for commercial users).