Difference between revisions of "Terms and Abbreviations"
(DNS rewritten: AD specific info instead of general text from Wikipedia)
(FSMO description added)
|Line 108:||Line 108:|
== Flexible Single Master
== Flexible Single Master (FSMO) ==
== Functional Level ==
== Functional Level ==
Revision as of 21:08, 1 July 2014
- 1 A
- 2 B
- 3 C
- 4 D
- 5 E
- 6 F
- 7 G
- 8 H
- 9 I
- 10 J
- 11 K
- 12 L
- 13 M
- 14 N
- 15 O
- 16 P
- 17 Q
- 18 R
- 19 S
- 20 T
- 21 U
- 22 V
- 23 W
- 24 X
- 25 Y
- 26 Z
Access Control Entry (ACE)
Element in an Access Control List (ACL).
Access Control List (ACL)
Collection of all ACE's that define the permissions of a share, file, directory, etc.
Active Directory (AD)
Directory service developed by Microsoft. Samba version 3 could only be member of an AD as file server, Samba since version 4 can also be Domain Controller of an AD. For a detailed description, see https://en.wikipedia.org/wiki/Active_Directory.
Active Directory Users and Computers (ADUC)
It is an MMC snap-in for managing e. g. user and computer accounts.
Backup Domain Controller (BDC)
In an NT4 domain, the BDC is a computer having a copy of the user and groups database. Changes are always done on the PDC. The Backup Domain Controller is only read-only. Changes are pushed from the PDC via Master-Slave-Replication to the BDC(s). In case of an outage of an PDC, a BDC can be promoted to an PDC.
Active Directory does not have PDCs/BDCs any more.
Distributed File System (DFS)
The main use of DFS, is to create an alternative name space (directory tree view), that hides details of the underlying infrastructure from the users. Technically DFS provides access to a shared directory that contains no files, only junctions, and optionally subdirectories with more junctions.
Junctions are similar to softlinks as known from Unix file systems, but ones that point to shared directories and they can also point to shared directories on other servers.
Domain Name System (DNS)
Distributed database that stores the FQDNs, IP addresses, and additional informations about computers and services on the Internet or in Intranets.
AD uses DNS to also store informations about the AD-Domain, for example the list of DCs.
DNS servers allow to retrieve information from DNS, for example to convert domain names to IP addresses and vice versa, or to query which are the DCs of an AD-Domain. AD clients need this to find out where they can log on to the AD domain.
Domain Controller (DC)
Server with Samba/Microsoft Active Directory services installed. A Domain Controller (DC) is authorative for the domain it is part of. AD DCs are doing multi-master replication.
In an AD, all Domain Controllers are equal, byside the [[#Flexible_Single_Master_Operator_.28FSMO.29|FSMO] roles.
File Replication Service (FRS)
File Replication Service is used to replicate the SysVol content in Windows Server 2000 and 2003. It was being replaced by Microsoft with DFS-R (Distributed File System Replication) in newer versions of Windows Server. Samba does not support SysVol replication with FRS.
A forest is a group of domains with trust between the domains, that are not a within tree. This is typically created when one company purchases another company, both companies already had domain trees and now a trust is established between them. Forests are often only an intermediate step, later replaced by a tree.
Fully qualified Domain Name (FQDN)
Flexible Single Master Operation (FSMO)
These are the few tasks that are always delegated exclusively to only one single DC of an AD-domain.
Usually in an AD-domain with several DCs, there is the rule that all DC-tasks can be done by any of the DCs. If there is more than one DC, then any DC that does nothing else but DC can simply be replaced by another DC, and if such a DC fails, this even happens completely automatically, without anything getting lost.
The FSMO roles are the exceptions to this rule. They are the remainder of the older scheme from NT4, where the DCS were not all equal: there had to be one Primary Domain Controller, and all others were Backup Domain Controllers.
In AD there are still a few special tasks that cannot be arbitrarily shared, and that are thus delegated to one single DC. One example is the allocation of SIDs, because they must be unique. If several DCs would create them, they would have to take special care to never create identical ones.
Usually all FSMO roles are delegated to the same DC. In a new AD-domain the first DC takes all FSMO roles. If that DC is ever replaced, the FSMO roles must be manually transfered to other DCs. For this reason it is important that the admin knows which of his DCs has which of the FSMO roles.
Global Catalog (GC)
Group Policy Object (GPO)
Globally Unique Identifier (GUID)
Key Distribution Center (KDC)
Lightweight Directory Access Protocol (LDAP)
Lightweight Directory Access Protocol over SSL (LDAPS)
Acronym for LDAP over SSL.
LDAP Data Interchange Format (LDIF)
Microsoft Management Console (MMC)
Graphical interface for managing services and resources under Microsoft Windows. Snap-ins can be used for administering different Windows services, users, etc. An often used snap-in in an Active Directory environment is e. g. ADUC (Active Directory Users and Computers).
Naming Context (NC)
Network Time Protocol (NTP)
Organizational Unit (OU)
Primary Domain Controller (PDC)
Relative Identifier (RID)
Read Only Domain Controller (RODC)
Remote Server Administration Tools (RSAT)
Security Account Manager (SAM)
A collection of information denoting the ownership, permission and auditing information for a file, folder, or other system entity. A security descriptor is generally made up of:
- User and group owner identifiers.
- Discretionary Access Control List.
- System Access Control List, which can be used for auditing access attempts.
Security Identifier (SID)
Service Principal Name (SPN)
A tree is a group of domains with trusts between the domains, that share the same base domain name. This typically is created for separate divisions or for different regional branches of the same company.
Example: manufacturing.samdom.example.com is a subdomain of samdom.example.com
User Principal Name (UPN)
Windows Internet Naming Service (WINS)