The following terms are defined in [MS-GLOS]:
64-bit Network Data Representation (NDR64)
access control entry (ACE)
access control list (ACL)
account domain object (account domain)
account domain security identifier
control access right
discretionary access control list (DACL)
domain name (3)
fully qualified domain name (FQDN) (2)
globally unique identifier (GUID)
Network Data Representation (NDR)
OEM code page
read-only domain controller (RODC)
relative identifier (RID)
RPC transfer syntax
security identifier (SID)
system access control list (SACL)
universally unique identifier (UUID)
The following terms are defined in [MS-ADTS]:
domain functional level
primary domain controller (PDC)
relative distinguished name (RDN)
The following terms are specific to this document:
account: A user (including machine account), group, or alias object.
AccountOperatorsSid: A SID with the specific value of S-1-5-32-548.
AdministratorSid: A SID with the specific value of S-1-5-32-544.
alias object: See resource group.
domain controller (DC): A server on which the Active Directory operating system directory service is installed and operating. It hosts the data store for objects and interoperates with other DCs to ensure that an originating change to an object replicates correctly across all DCs. For more information, see [MS-AUTHSOD] section 184.108.40.206.2.
LM hash: A DES-based cryptographic hash of a cleartext password. See LMOWFv1, as specified in [MS-NLMP] section 3.3.1 (NTLM v1 Authentication), for a normative definition.
machine account: A user object that represents a computer (as opposed to an end user).
NT hash: An MD4-based cryptographic hash of a cleartext password. See NTOWFv1, as specified in [MS-NLMP] section 3.3.1 (NTLM v1 Authentication), for a normative definition.
resource group: A group object whose membership is added to the authorization context only if the server receiving the context is a member of the same domain as the resource group.
salt: A value consisting of random bits used to increase the complexity of dictionary attacks against secret data that is protected through cryptographic means. For details, see [MENEZES] section 10.2.1.
server object: The database object in the account domain with an object class of samServer.
UAS Compatibility: A configuration mode that affects protocol behavior constraints specified in this document. "UAS" is the acronym for "User Account Security (Database)" and refers to products no longer supported, such as Microsoft NT LAN Manager. The default setting in Windows is "off".
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.