1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.

12. 13. 14. 15. 16. 17. 18. 19. 20. 21.

22. 23. 24. 25.

Active Directory is a directory service that houses information about all network resources such as servers, printers, user accounts, groups of user accounts, security policies, and other information. A domain usually is a higher-level representation of how a business, government, or school is organized, for example reflecting a geographical location or major division of that organization. Every resource is called an object and is associated with a domain. If information on one DC changes, such as the creation of an account, it is replicated to all other DCs in a process called multimaster replication. The global catalog stores information about every object within a forest. DNS is a TCP/IP-based name service that converts computer and domain host names to dotted decimal addresses and vice versa, through a process called name resolution. A contiguous namespace is one in which every child object contains the name of the parent object, The forest functional level refers to the Active Directory functions supported forest-wide. A tree contains one or more domains that are in a common relationship, A transitive trust means that if A and B have a trust and B and C have a trust, A and C automatically have a trust as well. An OU is a grouping of related objects within a domain, similar to the idea of having subfolders within a folder, and can be used to reflect the structure of the organization without having to completely restructure the domain(s) when that structure changes. A site is a TCP/IP-based concept (container) within Active Directory that is linked to IP subnets, A realm trust is typically used to enable one- or two-way access between a Windows Server domain within a forest and a realm of UNIX/Linux computers. A global security group is intended to contain user accounts from a single domain and can also be set up as a member of a domain local group in the same or another domain. In an Active Directory context in which there are multiple hierarchies of domains, trees, and forests, universal security groups provide a means to span domains and trees. Security groups and user accounts enable an organization to delegate authority over objects, such as Active Directory containers, user accounts, groups, and applications. Profiles are used in Microsoft operating systems to provide a consistent working environment for one or more users. In a mandatory user profile in which the user does not have permission to update the folder containing his profile. A Read-Only Domain Controller (RODC) is different in that you cannot use it to update information in Active Directory and it does not replicate to regular DCs. Fine-grained password policies mean that you can now create more than one set of account policies within a domain. In Active Directory, a domain is a fundamental component or container that holds information about all network resources that are grouped within itservers, printers, and other physical resources, users, and user groups. The global catalog server enables forest-wide searches of data. A forest consists of one or more Active Directory trees that are in a common relationship A local user profile is automatically created at the local computer when you log on with an account for the first time, A PSO can be created by using the ldifde command from the Command Prompt window in Windows Password Settings Objects Server 2008.