Active Directory, now commonly implemented as Active Directory Domain Services (AD DS), is Microsoft's directory service for Windows domain networks. It stores and organizes information about network objects such as users, computers, groups, printers, and shared resources in a hierarchical structure.
Application programming interfaces
A set of routines, definitions, and protocols that applications use to request services from the operating system, a library, or a network service.
Child domains
A domain located directly beneath another domain in a namespace tree. Its DNS name includes the parent domain name. For example, sales.example.com is a child domain of example.com.
Classless InterDomain Routing
A flexible method of allocating IP addresses and routing Internet traffic without relying strictly on the original class-based address system.
Client Access License (CAL)
A Microsoft license that grants a user or device the legal right to access certain Microsoft server services. CAL requirements vary depending on the server product and licensing model in use.
Connection Manager
Microsoft Connection Manager is client connection software that can be customized with the Connection Manager Administration Kit (CMAK) to simplify remote access or VPN connectivity.
Connection object
An Active Directory object that represents a one-way replication path between domain controllers and identifies the replication source.
Consoles
Collections of administrative tools hosted within Microsoft Management Console (MMC).
Container object
An object that can logically hold other objects. Examples include folders and organizational units.
DHCP Options
Optional configuration values that a DHCP server can provide to DHCP clients, such as DNS server addresses, default gateway, domain name, and other TCP/IP settings.
DHCP Scope
A range of IP addresses and related configuration settings that a DHCP server can lease to clients on a specific subnet.
Discretionary access control list
The part of a security descriptor that identifies which users and groups are allowed or denied access to an object.
Disk duplication
The process of copying the contents of a system or partition to create a deployable image. In modern Windows environments, this is commonly associated with Sysprep and imaging or deployment tools.
Disk Management Console
The Windows administrative tool used to manage disks, partitions, volumes, drive letters, and storage configuration.
Distinguished name
A unique LDAP path that identifies the full location of an object within Active Directory.
Distribution groups
Groups used primarily for email distribution and other non-security purposes.
DNS Server service
The Windows server role or service that answers DNS queries and provides name resolution for clients and servers on a network.
Domain
A core administrative and security boundary within Active Directory that contains users, computers, groups, and policies.
Domain Name System (DNS)
A hierarchical naming system used to resolve host names to IP addresses and to locate services across TCP/IP networks.
Dynamic Host Configuration Protocol (DHCP)
A client/server protocol that automatically assigns IP addressing information and related network settings to clients.
Encrypting file system (EFS)
A Windows file system feature that encrypts files stored on NTFS volumes so that only authorized users can access them.
Enterprise Admins
A highly privileged built-in group in an Active Directory forest that has broad administrative rights across the enterprise.
Forests
Collections of one or more Active Directory domain trees that share a common schema, configuration, and global catalog, while maintaining trust relationships.
Forward lookup query
A DNS query that resolves a host name to an IP address.
Fully qualified domain name
The complete DNS name of a host, combining the computer name with its domain name, such as server1.example.com.
Global Catalog Server
A domain controller that stores a full replica of objects in its own domain and a partial replica of objects from other domains in the forest, enabling forest-wide searches and logon support.
Globally unique identifier
A 128-bit identifier, commonly called a GUID, that uniquely identifies an object or resource.
Glossary
A reference list of terms and definitions used throughout the site or course material.
Group Policy
A Windows management feature that allows administrators to centrally configure user and computer settings across a domain.
Internet Protocol Security (IPSec)
A suite of protocols that secures IP communications through authentication, integrity checking, and encryption.
Intersite replication
Active Directory replication that occurs between domain controllers in different sites, typically optimized for lower-bandwidth WAN links.
Intra-site replication
Active Directory replication that occurs between domain controllers within the same site, typically over high-speed network links.
Kerberos version 5 protocol
The default authentication protocol used in Active Directory environments to securely verify identities without transmitting passwords in plaintext.
Knowledge Consistency Checker (KCC)
A built-in Active Directory process that automatically creates and maintains replication topology between domain controllers.
Lightweight Directory Access Protocol (LDAP)
The primary directory access protocol used to query and manage Active Directory and other directory services.
Microsoft Management Console
A framework that hosts Windows administrative tools called snap-ins, allowing them to be grouped into reusable consoles.
Mixed-mode domain
A legacy domain mode in which older Windows NT domain controllers could coexist with newer domain controllers. This mode is obsolete in modern Windows Server environments.
Multi-master replication
An Active Directory replication model in which changes can be made on multiple domain controllers and then replicated throughout the environment.
Multicast address assignment
The assignment of multicast IP addresses to hosts or applications that participate in multicast communications.
Multicast group
A set of hosts that listen for traffic sent to the same multicast IP address.
Multimaster zones
DNS zones integrated with Active Directory that can be updated on multiple DNS servers rather than from a single writable primary server.
Multinet
A network design in which multiple logical IP subnets exist on the same physical network segment.
Name server
A server that resolves names to IP addresses, such as a DNS server, or in older environments, a WINS server for NetBIOS name resolution.
Namespace
The logical naming structure formed by forests, trees, domains, and objects within Active Directory and DNS.
Native-mode domain
A domain running only newer domain controllers, without legacy Windows NT domain controllers. In modern environments, this concept maps to current domain and forest functional levels.
NetBIOS
A legacy networking interface and naming system once widely used on Windows networks. It remains relevant mainly for backward compatibility.
Network installation share point
A shared network folder containing installation source files for an operating system or application deployment.
NNTP
Network News Transfer Protocol, an older protocol used for distributing and reading discussion group messages. It is largely historical in modern enterprise environments.
Organizational unit
A container in Active Directory used to organize users, computers, groups, and other objects, and to delegate administration or apply Group Policy.
OU permissions
Permissions assigned to an organizational unit and the objects within it to delegate specific administrative tasks.
Per property transfer
A replication optimization in which only the changed attributes of a DNS record or directory object are transferred rather than the entire record.
Primary zone database files
The writable data files or integrated storage locations that contain the authoritative records for a DNS zone.
Redundant Array of Independent Disks (RAID)
A storage technology that combines multiple disks for performance, redundancy, or both, depending on the RAID level used.
Referral records
DNS information returned to direct a client toward another DNS server that is more likely to have the requested answer.
Relative distinguished name
The portion of a distinguished name that identifies an object relative to its parent container.
Remote Authentication Dial-In User Service (RADIUS)
A widely used protocol for centralized authentication, authorization, and accounting for remote access and network access services.
Remote Installation Services (RIS)
A legacy Microsoft deployment service used to install operating systems remotely. It has been replaced by newer deployment technologies such as Windows Deployment Services and modern provisioning tools.
Replication Monitor
A legacy Windows tool used to monitor Active Directory replication. Modern administrators typically rely on newer tools such as repadmin, Event Viewer, and Windows Admin Center.
Rogue DHCP servers
Unauthorized DHCP servers that can lease incorrect or harmful IP configuration information to clients on a network.
Root domain
The first domain created in an Active Directory tree.
Router
A device or host that forwards IP packets between networks.
RPC over IP
Remote Procedure Call traffic transported over IP networks, commonly used by Windows services and administrative tools.
Secondary Logon Service
A Windows feature that allows a user to run tools or programs with alternate credentials instead of signing in interactively with a more privileged account.
Secondary zone database files
Read-only copies of DNS zone data used for redundancy, load distribution, and fault tolerance.
Security groups
Groups used to assign permissions to users, computers, and service accounts as a unit.
Security identifier
A unique value assigned to a security principal such as a user, group, or computer account in Windows.
Setup Manager
A legacy deployment utility used to create unattended installation answer files. In modern Windows deployment, newer imaging and provisioning tools are more common.
Site
An Active Directory representation of one or more well-connected IP subnets, used to optimize authentication and replication traffic.
Site link cost
A relative value used by Active Directory to prefer one replication path over another based on network efficiency and administrative design.
Site links
Logical links between Active Directory sites that define how replication occurs across networks.
Small Computer System Interface (SCSI)
A storage and peripheral interface standard historically used for disks and other devices. Its concepts continue in related technologies, although modern systems more often use SAS, SATA, or NVMe.
SMTP
Simple Mail Transfer Protocol, the standard protocol for sending email. Historically, it could also be used in some Active Directory replication scenarios.
SRV resource records
DNS records used to locate specific services, such as domain controllers, Kerberos servers, and LDAP servers.
Standard primary zone
A traditional DNS zone with a single writable primary copy of the zone data.
Standard secondary zone
A read-only copy of a standard DNS zone obtained from a primary DNS server through zone transfer.
Subnets
Logical subdivisions of an IP network that help organize addressing, routing, and site design. In Active Directory, subnets are associated with sites to direct clients to nearby domain controllers and services.
Superscope
A DHCP administrative grouping that allows multiple scopes to be managed together on the same physical network segment.
Sysprep.inf
A legacy answer file used by older versions of Sysprep. Modern Windows deployments more commonly use unattended XML-based configuration files.
System Preparation Tool
Sysprep, the Windows tool used to generalize an installation so it can be captured, duplicated, and deployed with unique system information on first boot.
Tombstoning
The process of marking a deleted record or object so that its deletion can replicate throughout the environment before the object is permanently removed.
Trees
Collections of one or more domains that share a contiguous DNS namespace within an Active Directory forest.
Trust relationship
A relationship between domains or forests that allows authenticated users in one domain to access resources in another, subject to permissions.
User principal name
A user logon name formatted like an email address, typically [email protected], used for sign-in in Active Directory environments.
Wide area network (WAN)
A network that spans a broad geographic area and connects multiple local networks over long-distance links.
Windows Management Instrumentation (WMI)
A Windows management framework used to query system information, monitor resources, and automate administrative tasks.
Windows Script Host
A Windows scripting environment that allows scripts to run directly on the operating system using engines such as VBScript or JScript. In modern automation, PowerShell is more commonly used.
Workgroup
A peer-to-peer Windows networking model in which computers share resources without centralized authentication through a domain controller.
Zone
In DNS, a zone is an administrative portion of the namespace that contains resource records managed together by a DNS server.
Zone database file
The file or directory-backed data store that contains the resource records for a DNS zone.
Zone transfer
The process by which DNS servers replicate authoritative zone data from one server to another.