Related Activity Directory
Access Control - Log in to computer or network privilege management. ACE - see "Access Control Entries". Access Control Entry (ACE) - Each ACE includes a security identifier (SID), this identifier identifies the application object (user or group) of this ACE (user or group) and the type of ACE information allowed or denied access. Access Control List, ACL - A set of data used to define access to access rights related to files, directories, or other resources. In the Active Directory service, an ACL is a list of storage access to each other with each other. In the Windows NT® operating system, an ACL is saved as a binary value called a security descriptor. ACL - see "Access Control List". Active Directory - A structure supported by Windows® 2000, which can track and locate an object on the network. The Active Directory is a directory service used in the Windows 2000 server that provides the foundation for Windows 2000 distributed networks. Active Directory Service Interface (ADSI ADSI) - Client Software Based on Component Object Model (COM). ADSI defines a directory service model and a set of COM interfaces, which allow Windows NT and Windows 95 client applications to access some network directory services, including Active Directory Services. The ADSI allows applications to communicate with the Active Directory. The ADSI provides a directory service client to communicate with any of the namespace that provides ADSI implementation by using a set of interfaces. The ADSI client obtains a simpler method for accessing the namespace service by using the ADSI replacement with the network-related application programming interface (API). ADSI complies with and supports standard COM features. ADSI also defines interfaces and objects that can be accessed from automatic compatible software, such as Java, Visual Basic, Visual Basic Scripting Edition (Visual Basic Scripting Edition, which can also be applied to non-automatic compatible languages, such as C and C , can pass this feature Enhanced performance. In addition, ADSI provides its own OLE database provider, and fully supports any client's OLE database, including those using ActiveX® technology. ADSI - See Active Directory Service Interface ". Properties - Single properties of the object. Objects are described by their attribute values. For example, you can define a car with attributes: manufacturer, model, color, etc. Property This term can be used in use, which is exactly the same. Attributes are also used to describe data items, these objects are expressed in the class defined in the mode. In mode, attributes, attributes, and classes This allows a property to be used in multiple classes. See "Object". Authentication - Determine the user's identity, that is, who determines who logs in to the computer system, or determines the integrity of things. Backup Domain Controller (BDC) - In Windows NT Server 4.0 or early domain, running Windows NT Server's computer accepted a copy of the directory of all accounts and security policy information in the domain. This copy information cycle Sex and automatically synchronize with the master backup in the main domain controller. The backup domain controller can also confirm the user and configure a function like a PDC. A number of alternate domain controllers can be available on one domain. B
In the Windows 2000 domain, the backup domain controller is not needed; all domain controllers are peer, and they can maintain the directory. When Windows NT 4.0 and Windows NT 3.51 Backup Domain Controller run in mixed mode, you can communicate with the Windows 2000 domain. See "Domain Controller and Main Dome Controller". Container - A special active directory object type. The container has the same properties as other active directory objects, and it is part of the active directory namespace. However, it is different from other objects that it has no specific expression. A set of objects and other containers can be included in the container. See "Object". CD Database Layer - An Architecture Hierarchy of an Active Directory, which prevents the extended storage engine (Extensible Storage Engine, referred to as the DIRECTORY SYSTEM AGENT, Agent " Direct access, it can isolate the upper layer of the active directory service from the low-level database system. Delegation - Allows higher-level regulatory agencies to grant the specific management rights of containers and subtrands to individuals and organizations. This makes it more conducive to domain name administrators. Access Control Entry (ACE) can grant the management of objects in the container to the user or group. A specific operation can be administered to a specific object class through the Access Control List, ACL) of the Access Control List (ACL). For example, in order to allow users "James Smith" to become an administrator of the "Company Account", you will add the following ACE in ACL:
"James Smith"; Grant; Create, Modify, Delete; Object-Class User
"James Smith"; Grant; Create, Modify, Delete; Object-Class Group
"James Smith"; Grant; Write; Object-Class User; Attribute Password
Now James Smith can create new users and groups in corporate accounts, and you can set the password, but he cannot create any object classes, or other containers (unless he is awarded the right to manage other container) User. Directory - a hierarchy of storage network information. Directory Service - For example, an active directory, a method of storing directory data and allows it to be accessed by a network user and administrator. For example, an active directory stores information about a user account, such as a name, password, a phone number, and the like, and other authorized users in the same network can also access this information. See "Active Directory, Directory Partition". Directory-Enabled Networking, refer to DEN - From Store the center management network elements of users, applications, and network resources, such as routers, applications, and users. Directoy Partition - The adjacent subtyves of the directory, which form a copy unit of the directory. A specified copy often makes some directory partition copies. The active directory consists of one or more directory partitions. In the active directory, a server often has at least three directory partitions.
Mode configuration (copy of topology and related metadata) One or more domain directorial partitions (subtoses include the actual objects in the directory) related patterns and configurations are copied to each domain controller in the specified forest. Only the domain directory partition is only copied to the corresponding domain controller. DISTINGOSHED NAME - Determines the field containing the object and the full path that can be reached through this object. Each object has a unique distinguished name (DN) in the active directory, a typical distinguished name (DN) can be: cn = jamessmith, cn = users, DC = Microsoft, DC = COM. This name is determined. "James Smith" user object in the Microsoft.com domain. DNS - See the Domain Name System. Domain - The security boundaries of Windows NT-based computer networks. The active directory consists of one or more domains. On a separate workstation, the domain is the computer itself. The domain can span multiple physical areas. Every domain has its own security strategy and security relationship with other domains. When multiple domains are connected through trust, they make a domain tree when sharing a pattern, configuration, and global directory. Multiple domain trees can form a forest. See "Domain Controller, Local Team". Domain Controller - A Windows NT-based server has an active directory partition. See "Domain". Domain Local Group - You can include users and global groups in other local groups in the forest, general group, and the domain. A local domain team can only be used in the ACL of the domain. See "Domain, Forest". Domain Name System (DNS) - A hierarchical distributed database for domain name / address conversion. The domain name system is the namespace used on the Internet to convert computer and service names into TCP / IP addresses. The Active Directory uses DNS in its positioning service so that the client can find the domain controller via the DNS query. Extensible Storage Engine (ESE) - Active Directory database engine. ESE (esent.dll) is an improved version of the Jet database, which is used in the Microsoft Exchange Server 4.x and 5.5. It implements a transaction processing database system, which means that it uses log files to ensure that the transaction submitted is secure. E Forest - Group of One or more Active Directory Tree trusted to each other. All trees in the forest share a mode, configuration, and global directory. When a forest includes multiple trees, all trees are not forming a continuous namespace. All trees in the given forest are trust each other through two-way passes of trust relationships. Unlike the tree, the forest does not need a distinguished name (DN). Forests exists as a trust relationship between a set of cross-references and membership trees. Tree in the forest form a level of trust. See "Tree, Global Directory". Fly
Global Catalog (GC) - Global Directory includes replication of each Windows 2000 domain in the directory. The global directory allows users and applications to find target objects for one or more properties in the active directory domain tree. It also includes the mode and configuration of the directory partition. This means that the global directory has a copy of each object in an active directory, but only part of each object is included. Properties in the Active Directory are some frequently used in the query (such as the user's last name, name, login name, etc.) and those need to be used in full replication of the positioning object. GC allows users to find them when they don't know which domain belongs to and does not require continuous extension of the namespace. The global directory is automatically created automatically through the Active Directory replication system. GGC - see "Global Directory". Global Directory Server - is a Windows 2000 domain controller that includes a copy of the forest global directory. See "Global Directory". Global Group - ACL in any forest can be present and may include users from the present domain and other global groups. Group - See "Global Panel, Local Area Group, General Panel and Group Policy". Group Policy - Refers to the computer group and / or user applied to the active directory container. The strategy type included is not only a registered policy that appears in Windows NT Server 4.0, but also a variety of types that are used to store policy data, such as file configuration, application configuration, login, and logout. Script, startup, and shutdown script, domain security, Internet protocol security, referred to as IPSec), and more. The set of strategies is called Group Policy Object, referred to as GPO. Group Policy Object (GPO) - The virtual collection of policies. It has a unique name, such as a global unique identifier (GUID, referred to as GUID). GPO In two position storage group policy settings: Group Policy Poly Container (GPC) (preferred), and Group Policy Template (GPT). GPC is an active directory object, stores version information, status information, and other policy information (such as application objects). GPT is used for file-based data and stores software policies, scripts, and configuration information. GPT is located on the system volume folder of the domain controller. A GPO can be related to one or more active directory containers, such as sites, domains or organizational units. Multiple containers can be associated with the same GPO and one container can be associated with one or more GPOs. In addition, default, each computer accepts a local group policy object that contains only the specified security policy (LGPO). Administrators can also set up and apply different local group policies on a single computer. This is powerful for those who are not domains or those who want to delete the inheritance group strategy from the domain. See "Group Policy". GPO - see "Group Policy Object". Hierarchical Namespace - A namespace, such as DNS namespace, and active directory name space, all of which are graded, and provide rules for dividing the namespace. See "Name Space". Hide
It authorizes the user identity when logging in, which is used throughout the session. The Kerberos protocol is the main authorization mechanism in the Windows 2000 operating system. K
Knowledge Consistency Checker, referred to as KCC) - Running a built-in service on all domain controllers in the domain, and automated interconnection between the machines in the site. These are called the Windows 2000 directory service connection object. Administrators can establish additional connection objects or delete connection objects. However, when copying problems or errors in the site, KCC will work and create new connections to recover the active directory copy. Lightweight Directory Access Protocol, Abbreviation LDAP - A protocol used to access directory services. LDAP is implemented in the current web browser and email programs so you can query one LDAP directory. LDAP is a simplified version of Directory Access Procotol (DAP), which can be used to access the X.500 directory. Writing an LDAP query code is simpler than DAP, but the function of LDAP is not very perfect. For example, if the address is not found, the DAP can initialize on other servers, but LDAP does not have this feature. LDAP is the main access protocol of the active directory. L Mixed Mode - Allows the domain controllers running Windows 2000 and Windows NT to simultaneously exist in a domain. In mixed mode, the domain characteristics in previous versions of Windows NT are still valid, but there are some features of Windows 2000 to be invalid. The default installation of the Windows 2000 server domain is a mixed mode. In mixed mode, there may be a Windows NT 4.0 domain controller in the domain. Nested groups are not supported in mixing mode. Compared to the original mode. M
Multi-master replication - is a feature of the active directory that supports and maintains multiple copies of the directory on multiple servers in the domain. Since all copies of the given directory partition are written, any copy of the copy can be updated. The Active Directory Copy System propagates the changes in a copy to all copies. Copy is automatic and transparent. Active directory multi-primary replication can propagate any objects (such as users, groups, computers, domains, organization, organization units, security policies, etc.) of any domain controller to other related domain controllers. If a domain controller in the domain is slower or an error occurs, other domain controllers in this domain can provide the necessary directory access because they contain the same directory data. See "Copy". Original mode - As all domain controllers in the domain run the Windows 2000 server. This mode allows institutions to make full use of new activity directory features, such as universal teams, nested group members, and inter-domain group members. Compare with the "mixed mode". N
Namespace - A name or group name defined according to a certain naming rule, which can be parsed within a certain range. The active directory is mainly a name space, and it is also a directory service. A phone directory is also a name space. INTERNENT uses a layered namespace, which is divided into some directories - top level, such as .com, .edu, and .gov, they are all on top. Name Resolution - Converts the name into the process of object or information it represents. A phonebook forms a name space, and can resolve the telephone user to the corresponding phone number in this space. The Windows NTFS file system forms a namespace that can resolve the file name to the file itself. Similarly, the active directory also forms a namespace that resolves the name of the object in the directory to the object itself. Object - A collection of a set of properties, which represents specific things, such as users, printers, or an application. The attribute is the data used to describe the directory objects that can be identified. A user's attribute may be a user name, a teaching name and an email address. O Object Identifier - A number of object classes or properties is used in the directory service. The object identifier is published by the publishing agency to form a hierarchical relationship. The object identifier is a part of a string (for example, "1.2.3.4"). Enterprises (and individuals) can get an root object identifier from the publisher and use it to assign other object identifiers. For example, the root identifier obtained by Microsoft is "1.2.840.113556". Microsoft further manages branches from this root development. One of these branches is used to assign an object identifier to the active directory class, and the other is used to assign identifiers to the active directory property, and so on. Many countries in the world have a certain national registration authority (NRA), which is responsible for publishing an object identifier to the company. In the United States, NRA is an American National Standards Institute (ANSI). Enterprises can also register names for object identifiers. The root object identifier and the registration name are billing. For more information, you can contact our country NRA. International Standards Organization recognizes NRA and maintains the corresponding contact list in the ISO site. See "Object, Properties". Organization Unit, Abbreviation OUs - a container object, which is a manageable partition for the active directory. OU can include users, groups, resources, and other OUs. Organizational units can manage privileges to delegate subtles in the catalog. OU - see "Organizational Unit". Parent-Child Trust Relationship - A two-way, deliverable trust relationship, is established when adding a domain to an active directory tree. Active Directory installation process automatically creates trust relationships between domains that are being created (new subdomain) and its parent domain. P
Partition - a complete unit replication in the store. See "Directory Partition". PDC - see "Main Dome Controller". PKI - see "Public Key Foundation". Policy - Management Topics and Object Interactions Rule Collection. For example, when the Internet Protocol (IP) Security Agent (topic) starts a computer (object), the policy needs to determine how the computer should participate in the secure IP connection. Policy Engine - Software executed in decision points, it performs policy selection, estimation conditions, and what behavior should be performed. The concept of the strategy engine is very ridiculous; its functionality is often propagated through multiple parts of the distributed system. For example, Windows 2000 provides a policy infrastructure, including policy storage (Group Policy Object), a policy engine running as part of the WinLogon, an API (GETGPOLIST) of the policy selection process. Some applications and services use Winlogon integration to apply their policies to users, others using getGpolist to implement their policy decisions and execution points. PRIMARY DOMAIN Controller, referred to as PDC) - In Windows NT Server 4.0 or early domain, PDC is a computer running Windows NT Server, which logs in and maintains domain directory databases. The change made by all computer accounts in the PDC tracking domain. It is the only computer that can directly accept changes. There is only one domain controller in a domain. In Windows 2000, one domain controller in each domain is marked as PDC, which can be compatible with the client and server. See "Domain Controller, Alternate Domain Controller". Profile-Information collection, which is used to interact between the subject and objects through the estimation result of the policy condition. The content of the configuration file is related to the subject and object being discussed. Profiles can further simplify management by reducing the total number of strategies. For example, a given server application may have many configuration parameters. This application's policy can reference its brief watch; this is simpler than using multiple policies to complete the same task. See "Policy, Object". Public Key System (PKI) - Strategy for the security method for establishing exchange information within a mechanism, industrial field or country. PKI is also a collection of services and management tools, which can be created, configured, and manage public key-based applications using these tools. It includes encryption methods, use of digital certificates, certification (CA), and systems for management processes. Relatively unique name (RDN) - part of the object name is an attribute of its own. Provide the object to the object refers to naming properties. See "Divided Name (DN)". R
Replication - In the database management system, the function of synchronizing the distributed database through the subset of the entire database or database to other servers in the network. There are several copies, including primary sites copy, sharing, or transfer ownership, symmetric replication (also known as updates or peer replication) and failure recovery replication. See "Encyclopedia" in different replication methods. Active directory provides multiple replication, which is a form of symmetrical replication. (See "Multi-master Copy") S Mode (Schema) - The definition of the entire database; the global object that can be stored in the database is defined in the mode. For each object class, the mode defines the attributes necessary to have the class instance, and some additional properties and the father of the current object are based on what class. See "Object, Properties". Schema Master - Controls all updated domain controllers in the forest in the forest. At any time, there can only be one mode master in the forest. See "Domain Controller, Forest, Mode". SID - security identifier. See "Access Control Entries". Single-Master Operation - Active Directory operation is a single-primary operation, which is not allowed to happen in different places at the same time. Examples of these operations include: allocating relative identifiers (RID) modified mode selection the primary domain controller to change the specific infrastructure
Site (Site) - The location of the Active Directory server in the network. The site is one or more TCP / IP subnets that are intact. A intact connection means that the network connection is reliable, the speed is fast. (LAN speed, 10Mbps or higher). The site plays a very important role in the active directory replication service, which can distinguish between replication using a LAN connection (in site) and a slow wide area network (WAN) connection (site). Administrators use Active Directory Site and Services Manager plugins to manage replication topology diagrams of replication and inter-site replication in sites. Store - Physical Storage for Each Active Directory. When an object is stored in an active directory, a system will select a stored copy and write the object there. The replication system will copy objects in all other copies. Store is implemented using an extended storage engine. See "Extended Storage Engine". Transitive Trust - Windows 2000 domain or forest in the forest, the trees in the forest, and there are inherent trust relationships in the forest. Automatically establish a passable relationship when a domain is added to an existing forest or domain tree. The relationship between the trusted trust is generally two-way. In the field of domains in the domain tree, the root domain of the forest tree tree This series of trust relationships allow all domains in the forest to trust each other, such a purpose is to authorize. For example, if domain A trust domain B, domain B trust domain C, then domain A can trust domain C. See "Tree, Forest". T
Tree (Tree) mode, forest ". A.com is a tree root, Bacom is a.com's child, and CBacom is a child's child. See the Universal Group - the simplest form of the group. A general group can appear anywhere in the forest ACL. Small installations can be proprietary and universal groups instead of care for global and local groups. U
Well-Connected - makes the network and active directories to serve the user's full connection. The precise meaning of this term is determined by the specific needs. WX
