The following terms are defined in [MS-GLOS]:
Active Directory Domain Services (AD DS)
configuration naming context (config NC)
directory service (DS)
distinguished name (DN)
domain controller (DC)
domain local group
Domain Name System (DNS)
domain naming context (domain NC)
domain naming service name
flexible single master operation (FSMO)
forest functional level
fully qualified domain name (FQDN)(1)(2)
global catalog (GC)
globally unique identifier (GUID)
Group Policy Object (GPO)
Lightweight Directory Access Protocol (LDAP)
naming context (NC)
object class inheritance
read-only domain controller (RODC)
relative identifier (RID)
root directory system agent-specific entry (rootDSE)
schema naming context (schema NC)
Secure Sockets Layer (SSL)
security identifier (SID)
SOAP fault code
SOAP fault detail
SOAP header block
SOAP mustUnderstand attribute
Uniform Resource Locator (URL)
Web Services Description Language (WSDL)
WSDL port type
The following terms are defined in [MS-ADTS]:
The following terms are specific to this document:
Active Directory Lightweight Directory Services (AD LDS): A general-purpose network directory service that is an independent mode of Active Directory and that provides dedicated directory services for applications. See [MS-ADTS].
Active Directory Web Services (ADWS): Provides a Web Service interface to Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS) instances.
authenticable principal: In AD DS, a directory object of class user or of a class derived from user. In AD LDS, a directory object of a class that statically links to the msDS-BindableObject auxiliary class. See [MS-ADTS] section 188.8.131.52.4.
directory instance: The directory service referred to by the SOAP header in the Active Directory Web Services: Custom Action Protocol custom action XML operation, which is the target of the custom action request. This directory service is assumed to be running locally on the server. This may be an Active Directorydirectory service instance, or an Active Directory Lightweight Directory Service instance (one of possibly many). For more detail on the format of the SOAP header see [MS-ADDM] section 2.5.1.
non-authenticable principal: A reference identifying a directory object that is not an authenticable principal object.
nonexistent naming context (nonexistent NC): A reference that does not identify an NC in the specified directory instance.
nonexistent principal: A reference that does not identify a security principal in the specified directory instance.
primary group: The group object identified by the primaryGroupID attribute ([MS-ADA3] section 2.120) of a user object ([MS-ADSC] section 2.263). The primary group's objectSid equals the user's objectSid, with its relative identifier (RID) portion replaced by the primaryGroupID value. The user is considered a member of its primary group.
snapshot store instance: A read-only copy of an Active Directory Domain Services instance or an Active Directory Lightweight Directory Services instance at some point in time.
Uniform Resource Identifier (URI): A string of characters in a standardized format that identifies a resource on a network [RFC2396].
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as described in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.