The following terms are defined in [MS-GLOS]:
backup domain controller (BDC)
binary large object (BLOB)
database serial number
directory service (DS)
domain controller (DC)
domain local group
domain member (member machine)
domain name (3)
Domain Name System (DNS)
forest trust information
full database synchronization
fully qualified domain name (FQDN)
global catalog (GC)
globally unique identifier (GUID)
Hash-based Message Authentication Code (HMAC)
Interface Definition Language (IDL)
Local Security Authority (LSA) database
naming context (NC)
one-way function (OWF)
original equipment manufacturer (OEM) character set
partial database synchronization
primary domain controller (PDC)
remote procedure call (RPC)
RPC protocol sequence
security account manager (SAM) built-in database
security support provider (SSP)
Security Support Provider Interface (SSPI)
service principal name (SPN)
ticket-granting ticket (TGT)
trusted domain object (TDO)
universally unique identifier (UUID)
user principal name (UPN)
The following terms are defined in [MS-ADTS]:
relative identifier (RID)
The following terms are defined in [MS-DTYP]:
security identifier (SID)
The following terms are specific to this document:
authoritative response: An authoritative response is one in which the server has all necessary resources to service the caller's request. If some of the resources are temporarily unavailable, then the server will indicate that its response is not authoritative. When a server does not return an authoritative response, it is reasonable for the caller to retry the request at another server. The reasons why a request is non-authoritative are always implementation-specific and could include any failure of the server to allocate necessary resources.
checked build: A special build of a Windows NT–based operating system that contains fewer compiler optimizations and more debugging checks than a production environment build. The purpose of the checked build is to make identifying and diagnosing operating system–level problems easier. For more information, see [MSDN-CHKBLD].
delta: One of a set of possible changes that can be made to a database.
direct trust: A type of authentication functionality in which one domain accepts another domain as an authoritative source to provide object authentication and other Active Directory services for that other domain. For example, if a direct trust is established from domain, DOMAIN-A, to domain, DOMAIN-B, DOMAIN-A trusts DOMAIN-B. If a domain, DOMAIN-A, must authenticate an object, such as a user account, from a domain, DOMAIN-B, DOMAIN-A requests that DOMAIN-B authenticate the user account, and DOMAIN-A will treat the response from DOMAIN-B as reliable.
enterprise network: The network of computer systems in an organization, such as a corporation. An enterprise can span geographical locations and often includes a variety of computer types, operating systems, protocols, and network architectures.
RC4: A variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.
read-only domain controller (RODC): A domain controller that does not accept originating updates. Additionally, an RODC does not perform outbound replication.
security account manager (SAM) account database: Microsoft-specific terminology for the part of the user account database that contains account information (such as account name and passwords) for account and groups that are created after database installation.
writable domain controller: A domain controller that performs originating updates and outbound replication.
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.