Difference between revisions of "Terms and Abbreviations"

(DNS rewritten: AD specific info instead of general text from Wikipedia)
(FSMO description added)
Line 108: Line 108:
  
  
== Flexible Single Master Operator (FSMO) ==
+
== Flexible Single Master Operation (FSMO) ==
  
Please describe.
+
These are the few tasks that are always delegated exclusively to only one single DC of an AD-domain.  
  
 +
Usually in an AD-domain with several DCs, there is the rule that all DC-tasks can be done by any of the DCs. If there is more than one DC, then any DC that does nothing else but DC can simply be replaced by another DC, and if such a DC fails, this even happens completely automatically, without anything getting lost.
  
 +
The FSMO roles are the exceptions to this rule. They are the remainder of the older scheme from NT4, where the DCS were not all equal: there had to be one Primary Domain Controller, and all others were Backup Domain Controllers.
 +
 +
In AD there are still a few special tasks that cannot be arbitrarily shared, and that are thus delegated to one single DC. One example is the allocation of SIDs, because they must be unique. If several DCs would create them, they would have to take special care to never create identical ones.
 +
 +
Usually all FSMO roles are delegated to the same DC. In a new AD-domain the first DC takes all FSMO roles. If that DC is ever replaced, the FSMO roles must be manually transfered to other DCs. For this reason it is important that the admin knows which of his DCs has which of the FSMO roles.
  
 
== Functional Level ==
 
== Functional Level ==

Revision as of 21:08, 1 July 2014

Contents

A

Access Control Entry (ACE)

Element in an Access Control List (ACL).


Access Control List (ACL)

Collection of all ACE's that define the permissions of a share, file, directory, etc.

Acl overview diagram.png


Active Directory (AD)

Directory service developed by Microsoft. Samba version 3 could only be member of an AD as file server, Samba since version 4 can also be Domain Controller of an AD. For a detailed description, see https://en.wikipedia.org/wiki/Active_Directory.


Active Directory Users and Computers (ADUC)

It is an MMC snap-in for managing e. g. user and computer accounts.



B

Backup Domain Controller (BDC)

In an NT4 domain, the BDC is a computer having a copy of the user and groups database. Changes are always done on the PDC. The Backup Domain Controller is only read-only. Changes are pushed from the PDC via Master-Slave-Replication to the BDC(s). In case of an outage of an PDC, a BDC can be promoted to an PDC.

Active Directory does not have PDCs/BDCs any more.



C

D

Distributed File System (DFS)

The main use of DFS, is to create an alternative name space (directory tree view), that hides details of the underlying infrastructure from the users. Technically DFS provides access to a shared directory that contains no files, only junctions, and optionally subdirectories with more junctions.

Junctions are similar to softlinks as known from Unix file systems, but ones that point to shared directories and they can also point to shared directories on other servers.


Domain Name System (DNS)

Distributed database that stores the FQDNs, IP addresses, and additional informations about computers and services on the Internet or in Intranets.

AD uses DNS to also store informations about the AD-Domain, for example the list of DCs.

DNS servers allow to retrieve information from DNS, for example to convert domain names to IP addresses and vice versa, or to query which are the DCs of an AD-Domain. AD clients need this to find out where they can log on to the AD domain.

Domain

User accounts, computers and other security principals, that are registred and maintained within a central database. In an Active Directory domains can be connected via Trusts in a Tree or Forest.


Domain Controller (DC)

Server with Samba/Microsoft Active Directory services installed. A Domain Controller (DC) is authorative for the domain it is part of. AD DCs are doing multi-master replication.

In an AD, all Domain Controllers are equal, byside the [[#Flexible_Single_Master_Operator_.28FSMO.29|FSMO] roles.

An AD Domain Controller should not to be confused with PDC/BDC!



E

F

File Replication Service (FRS)

File Replication Service is used to replicate the SysVol content in Windows Server 2000 and 2003. It was being replaced by Microsoft with DFS-R (Distributed File System Replication) in newer versions of Windows Server. Samba does not support SysVol replication with FRS.


Forest

A forest is a group of domains with trust between the domains, that are not a within tree. This is typically created when one company purchases another company, both companies already had domain trees and now a trust is established between them. Forests are often only an intermediate step, later replaced by a tree.


Fully qualified Domain Name (FQDN)

See https://en.wikipedia.org/wiki/Fully_qualified_domain_name.


Flexible Single Master Operation (FSMO)

These are the few tasks that are always delegated exclusively to only one single DC of an AD-domain.

Usually in an AD-domain with several DCs, there is the rule that all DC-tasks can be done by any of the DCs. If there is more than one DC, then any DC that does nothing else but DC can simply be replaced by another DC, and if such a DC fails, this even happens completely automatically, without anything getting lost.

The FSMO roles are the exceptions to this rule. They are the remainder of the older scheme from NT4, where the DCS were not all equal: there had to be one Primary Domain Controller, and all others were Backup Domain Controllers.

In AD there are still a few special tasks that cannot be arbitrarily shared, and that are thus delegated to one single DC. One example is the allocation of SIDs, because they must be unique. If several DCs would create them, they would have to take special care to never create identical ones.

Usually all FSMO roles are delegated to the same DC. In a new AD-domain the first DC takes all FSMO roles. If that DC is ever replaced, the FSMO roles must be manually transfered to other DCs. For this reason it is important that the admin knows which of his DCs has which of the FSMO roles.

Functional Level

Please describe.



G

Global Catalog (GC)

Please describe.


Group Policy Object (GPO)

Please describe.


Group

Please describe.


Globally Unique Identifier (GUID)

Please describe.



H

Host

Please describe.



I

J

K

Key Distribution Center (KDC)

Please describe.


Kerberos

Please describe.



L

Lightweight Directory Access Protocol (LDAP)

Please describe.


Lightweight Directory Access Protocol over SSL (LDAPS)

Acronym for LDAP over SSL.


LDAP Data Interchange Format (LDIF)

Please describe.



M

Microsoft Management Console (MMC)

Graphical interface for managing services and resources under Microsoft Windows. Snap-ins can be used for administering different Windows services, users, etc. An often used snap-in in an Active Directory environment is e. g. ADUC (Active Directory Users and Computers).



N

Namespace

Please describe.


Naming Context (NC)

Please describe.


NetBios

Please describe.


NetLogon Share

Please describe.


Network Time Protocol (NTP)

Please describe.



O

Object Identifier

Please describe.


Organizational Unit (OU)

Please describe.



P

Partition

Please describe.


Primary Domain Controller (PDC)

Please describe.


PDC Emulator

Please describe.



Q

R

Replication

Please describe.


Relative Identifier (RID)

Please describe.


Read Only Domain Controller (RODC)

Please describe.


RootDSE

Please describe.


Remote Server Administration Tools (RSAT)

Please describe.



S

Security Account Manager (SAM)

Please describe.


Schema

Please describe.


Security Descriptor

A collection of information denoting the ownership, permission and auditing information for a file, folder, or other system entity. A security descriptor is generally made up of:

  • User and group owner identifiers.
  • Discretionary Access Control List.
  • System Access Control List, which can be used for auditing access attempts.


Security Principal

Please describe.


Security Identifier (SID)

Please describe.


Site

Please describe.


Service Principal Name (SPN)

Please describe.


Snap-In

Please describe.


SysVol share

Please describe.



T

Tree

A tree is a group of domains with trusts between the domains, that share the same base domain name. This typically is created for separate divisions or for different regional branches of the same company.

Example: manufacturing.samdom.example.com is a subdomain of samdom.example.com


Trust

U

User Principal Name (UPN)

Please describe.



V

W

Windows Internet Naming Service (WINS)

Please describe.



X

Y

Z