Export (0) Print
Expand All

1.1 Glossary

The following terms are defined in [MS-GLOS]:

authentication level
authenticator (3)
backup domain controller (BDC)
binary large object (BLOB)
client challenge
computer name
computer object
database (1)
database serial number
directory service (DS)
domain account
domain controller (DC)
domain local group
domain member (member machine)
domain name (3)
Domain Name System (DNS)
domain tree
dynamic endpoint
encryption key
forest trust information
full database synchronization
fully qualified domain name (FQDN)
global catalog (GC)
globally unique identifier (GUID)
Hash-based Message Authentication Code (HMAC)
Interface Definition Language (IDL)
Local Security Authority (LSA) database
mixed mode
naming context (NC)
NetBIOS name
one-way function (OWF)
original equipment manufacturer (OEM) character set
partial database synchronization
primary domain
primary domain controller (PDC)
remote procedure call (RPC)
RPC protocol sequence
RPC transport
secret key
secure channel
security account manager (SAM) built-in database
security context
security identifier (SID)
security principal
security provider
security support provider (SSP)
Security Support Provider Interface (SSPI)
server challenge
service principal name (SPN)
session key
sub-authentication package
transitive trust
trusted domain object (TDO)
universally unique identifier (UUID)
user principal name (UPN)

The following terms are defined in [MS-ADTS]:

relative identifier (RID)

The following terms are specific to this document:

alias: A group that is local to a particular machine (as opposed to a group that has security permissions and settings for the entire domain).

authoritative response: An authoritative response is one in which the server has all necessary resources to service the caller's request. If some of the resources are temporarily unavailable, then the server will indicate that its response is not authoritative. When a server does not return an authoritative response, it is reasonable for the caller to retry the request at another server. The reasons why a request is non-authoritative are always implementation-specific and could include any failure of the server to allocate necessary resources.

checked build: A special build of a Windows NT–based operating system that contains fewer compiler optimizations and more debugging checks than a production environment build. The purpose of the checked build is to make identifying and diagnosing operating system–level problems easier. For more information, see [MSDN-CHKBLD].

delta: One of a set of possible changes that can be made to a database.

direct trust: A type of authentication functionality in which one domain accepts another domain as an authoritative source to provide object authentication and other Active Directory services for that other domain. For example, if a direct trust is established from domain, DOMAIN-A, to domain, DOMAIN-B, DOMAIN-A trusts DOMAIN-B. If a domain, DOMAIN-A, must authenticate an object, such as a user account, from a domain, DOMAIN-B, DOMAIN-A requests that DOMAIN-B authenticate the user account, and DOMAIN-A will treat the response from DOMAIN-B as reliable.

enterprise network: The network of computer systems in an organization, such as a corporation. An enterprise can span geographical locations and often includes a variety of computer types, operating systems, protocols, and network architectures.

RC4: A variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.

read-only domain controller (RODC): A domain controller that does not accept originating updates. Additionally, an RODC does not perform outbound replication.

security account manager (SAM) account database: Microsoft-specific terminology for the part of the user account database that contains account information (such as account name and passwords) for account and groups that are created after database installation.

shared secret: A piece of data known only to the security principal and authenticating authority. It is used to prove the principal's identity.

writable domain controller: A domain controller that performs originating updates and outbound replication.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.

© 2014 Microsoft