Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

69 Cards in this Set

  • Front
  • Back
Account Lockout
A series of policy settings that locks a user out of an account after a predetermined member of incorrect attempts at entering a password has occurred. This increases security by foiling random dictionary-based or brute-force password hack attempts.
Account partner
In AD FS an organization that has been granted access to a resource partner's web based application. Users in the account partner can access the application without the need for a separate user account in the resource partner's domain.
Account Policies
A series of settings in Group Policy that determine the characteristics of an acceptable password as well as account lockout settings and Kerberos settings
Active Directory Administrative Center
A new Active Directory snap-in in Windows Server 2008 R2 that enables the administration of most Active Directory functions from a single console.
Active Directory Application Mode

A standalone mode of Active Directory-enabled application in their own directory, with its own schema, independently of the main corporate Active Directory Database.
Active Directory Federation Services

A set of technologies in Windows Server 2008 that enables partner companies to access Active Directory resources across the Internet in a trusted manner, without having to have user accounts in the resource domain.
Active Directory Lightweight Directory Services

An update to ADAM that provides directory services for directory-enables applications on Windows networks without the need for deploying additional domain or domain controllers
Active Directory Migration Tool

A utility that enables you to move objects such as users, groups, and computers between Active Directory Domains in the same or different Forests.
Active Directory Recycle Bin
A new feature of AD DS in Windows Server 2008 R2 that enables you to recover deleted objects without the need to perform a restore operation.
Active Directory Rights Management Services

A directory service that uses a certification base to confirm the identity of users of information on the network, thereby enabling you to create and work with rights protected information, and ensure that only authorized users have access to these items.
Active Directory Service Interfaces

A directory Service model implemented as a set of COM interfaces. ADSI allows Windows applications to access Active Directory, often through ActiveX interfaces such as VBScript.
Active Directory - Integrated Zone
A DNS zone that is hosted on a domain controller and stored in one or more AD DS application directory partitions
AD LDS Instances
A single running copy of the AD LDS directory service which includes a separate directory data store, a unique service name, and a unique service description
Administrative Templates
The section of Group Policy from which administrators can configure settings that are applied to uses' desktops, specify programs that users can run, and so on. Then apply changes to a client computer Registry settings.
ADMX Central Store
The new storage location in Windows Server 2008 that considerably reduces the quantity of storage space required for GPO maintenance, especially in large domain with many OUs and many linked GPOs
A utility that prepares a Windows 2000 or Windows Server 2003 forest or domain for receiving domain controllers running windows server 2008. It has several parameters, the most important of which are forestprep, which prepares the forest and domanprep, which prepairs the domain.
A utility that enables you to view and edit information about any AD DS or AD LDS object, including schema and configuration data.
An acronym that strands for Microsoft's recommendation of placing Accounts into Global Groups, then placing these groups into Universal Groups, then placing these groups into Domain Local Groups, and finally granting Permissions to the domain local groups.
An acronym that stands for Microsoft's recommendation of placing Accounts into Global Groups, then placing these groups into Domain Local groups and finally granting Permissions t the domain local groups.
application directory partition
A partitioned section of active directory that is replicated only to specified domain controllers. Application data partitions are used by applications (in particular, DNS) to store their application- specific data.
assigned applications
through the software Installation Utility in Group Policy, Administrators can assign applications to users and computers. Assigned applications are always available to the user, even if the user attempts to uninstall them. Applications assigned to a computer will automatically be installed in the next restart.
The basic unit of a object, an attribute is a single property contained in the schema that through its values define the object. For example, an attribute of a standard user can account is the account name
A command-line tool that enables you to configure audit policy settings and directory service auditing subcategories
Authentication Scope
The range within the AD DS will authenticate a user from another domain. When defining a trust relationship, you can use this option to restrict the level of access external users will have when accessing resources in a trusted domain.
Authoritative Restore
A type of AD DS restore operation in which restored objects will replace updated objects in the directory. This process increases the restored object's update sequence number (USN) by 100,000, making it higher than the current object's USN.
Authority Information Access

A certificate extension that points to a URLs at which you can retrieve issuing CAs certificate.
The ability to automatically enroll users and commuters for certificates, and renew expired certificates without intervention.
A feature of Windows Server 2008 and Windows 7 that enables you to encrypt the entire contents of any hard drive partition on your computer. It is useful for protecting sensitive data on computers such as laptops or branch office domain controllers that are susceptible to theft.
Block Inheritance
A Group Policy setting that prevents a child container from applying GPS setting linked to higher containers. For example, you can use Block Inheritance at the organizational unit (OU) level so that only OU-level policies are applied.
Bridgehead server
The contact point for the exchange of directory information between Active Directory sites
Built-In account
A user account that is created by default when windows is installed on a computer . An example is the local Administrator account.
A method of granting access to a user based o unique identification. Certificate represents a distinctive way to establish a user's identity and credentials. They originate from a certification authority (CA).
Certification Authority (CA)
A Trusted Authority either within a network or a third-party company that manages security credentials, retrieve existing certificates, and renew expired certificates. Each CA that is installed on a server has web pages that uses can access to submit basic and advanced certificates
Certificate Enrollment
The process by which users and computers can be given permissions to make requests for certificates, retrieve existing certificates, and renew expired certificates. Each CA that is installed on a server has web pages that users can access to submit basic and advanced certificate requests
Certificate Revocation List

A document published by a CA that list certificates that have been usued but are no longer valid. By default the CA publishes the CRL on a weekly basis.
Certificate Stores
Places where certificates are stored, which are located in a protected area of the registry. A series of certificate stores can exist for each user, computer, and service
Certificate Template
Provided by AD CS to simplify the process of requesting and issuing certificates for various purposes. Each template contains the rules and settings that must be in place to create a certificate if a certain type. Certificate templates are available only on enterprise root and subordinate CAs
In AD FS, a statement made by a server about a client, such as its name, identity key group, privilege or capability. You can enable specific claim types that are accepted by the account partner, and claims fail to match these types will be rejected. Claim types can include identity claims, group claims, or custom claims, and identity claims can include UPN claims, email claims, and common name claims.
Claim Mapping
In AD FS, the act of processing incoming claims to the resource application hosted by the resource federation service
A series of attributes associated with each schema object. The attributes associated with each class are defined by a classSchema Object in the schema
Conditional Forwarding
The relaying of DNS request for a zone information for specific domains from one server to another one, when the first server is unable to process the request.
Connection Object
An Active Directory object stored on domain controllers that is used to represent inbound replication links. Domain Controllers create their own connection objects for intrasite replication links. Domain controllers create their own connection objects for intrasite replication through the Knowledge Consistency Checker (KCC), whereas only a single domain controller in a site creates connection objects for intersite replication through the Intersite Topology Generator
An object in Active Directory that is capable of holding other objects. An example of a container would be the Users folder in Active Directory Users and Computers.
Credetial Caching
The storing of limited set of passwords on an RODC. You can configure credential caching to store only those passwords of users authorized to log on at a given RODC.
CRL Distribution Point

A certificate extension that indicates URL Locations where a CRL can be retrieved Multiple HTTP, FTP, FILE or LDAP locations
A utility that imports comma-separated tect files into the AD DS database. You can use this utility to automate the bulk creation of user of group accounts.
Data Collector Set
Binary Files that save performance statistics for later viewing and analysis in the Performance Monitor snap-in; you can also export them to spreadsheet or database programs for later analysis
Also called the Domain Controller Diagnostic tool, this tool analyzes the condition of domain controllers. The output of this tool informs you of any problems, thereby assisting you in troubleshooting domain controllers.
The command-line utility ised to promote a Windows Server 2008 system to a domain controller. dcpromo could also be used to demote a domain controller to a member server
delta CRL
A CRL that includes the list of certificates revoked since the issuance of the most recent complete (base) CRL. It use optimizes bandwidth usage in situations where certificates are frequently revoked.
Directory Services Restore Mode

A special version of Safe Mode in which a domain controller is restarted as a standalone server. The directory database is rendered offline so that you can perform operations such as restoring the AD DS database
Distributed File System
A Windows Server 2008 service that allows resources from multiple server location to be presented through Active Directory as a continuous set of files and folders, resulting in greater ease of use of network resources for users.
DNS Notify
A process in which the master DNS server for a zone notifies secondary servers of changes so the the secondary servers can check to determine whether they need to initiate a zone transfer
A command-line tool that can perform most of the DNS server administrative tasks in Windows Server 2008
Domain Name System Security Extensions

A suit of DNS extensions that add security to the DNS protocol by providing origin authority, data integrity, and authenticated denial of existence. It enables DNS servers to use digital signatures to validate response from other servers and resolvers.
Domain Controller

A server that is capable of performing authentication. In Windows Server 2008, a domain controller holds a copy of the Active Directory database.
Domain Function Level
Windows Server 2008 R2 Domain can operate at one of four functional levels: Windows 2000 native, Windows Server 2003 native, Windows Server 2008, or the Windows Server 2008 R2 functional level. Each functional level has different tradeoffs between features and limitations
Domain Local Group
A domain Local Group can contain other domain local groups from its own domain as well as global groups from any domain in the forest. A domain local group can be used to assign permissions for resources located in the same domain as the group.
Domain Name System

A hierarchical name-resolution system that resolves host names into IP address, and vice versa. DNS also makes it possible for the distributed Active Directory Database to function by allowing clients to query the location of services in the forest and domain.
Domain Naming Master
One of the two forestwide flexible single master operations (FSMO) roles, the domain naming mast's job to ensure domain name uniqueness within a forest.
Domain User Account
A user account that is stored in the ADDS database. It permits a user to log on to any computer in the domain in which it is located or a trusted domain
A command line tool that enables you to add objects such as users, groups, contracts, or computers to the ADDS database
Dynamic DNS

An extension of DNS that allows Windows 2000 and later computers to automatically register their A records with DNS at the time they obtain an IP address from a DHCP Server.
Dynamic Host Configuration Protocol

A service that enables an administrator to specify a range of valid IP addresses to be used on a network, as well as exclusion IP addresses that should not be assigned (for example, if they already statically assigned elsewhere). These addresses are automatically given out to computers configured to use DHCP as they boot up on the network, this saving the administrator from having to configure static IP address on each individual network device
A group Policy setting available to GPMC that enforces the application of a GPO to all lower-level policy is applied to all OU in the domain regardless o settings in OU-based GPOs
Enrollment Agent
A user who has been issued a special certificate that grants the owner of the certificate authority to enroll users into advanced security and issue certificates on behalf of the users.
Enterprise CA
A CA is integrated with AD DS. En replication and require that users be authenticted
Event Viewer
A Microsoft Management Console (MMC) snap-in that enables an administrator to vire an/or archieve event logs on a Windows 2000/XP/2003/Vista/Windows7/Server 2008 computer. You can monitor information about application, security, system, DNS, and Active Directory
External Trust
In AD FS, a relationship between two organizations that allows for access to web-based applications without establishing an external or forest trust between the organizations' domains