1. Active Directory (AD): Directory service for managing Windows-based networks and resources.
2. Domain Controller (DC): Server that hosts Active Directory services and authenticates users.
3. Forest: Highest level of logical grouping in Active Directory, containing one or more domains.
4. Domain: Logical group of network objects within an AD forest, sharing a common namespace.
5. Organizational Unit (OU): Container for organizing AD objects like users, groups, and computers.
6. Group Policy: Centralized management of settings and configurations for users and computers.
7. Group Policy Object (GPO): Collection of policy settings linked to OUs, domains, or sites.
8. Security Group: Group of users, computers, or other groups used for access control.
9. Distribution Group: Group used for email distribution in Microsoft Exchange environments.
10. Global Catalog (GC): Centralized index of AD objects, used for searches and logins.
11. LDAP: Lightweight Directory Access Protocol, used to access and manage AD information.
12. DNS: Domain Name System, resolves domain names to IP addresses, critical for AD functionality.
13. Sites: Represents physical locations in AD, helps optimize network traffic.
14. Subnet: IP address range associated with a specific site.
15. Site Link: Represents network connection between sites, used for replication traffic.
16. Replication: Process of synchronizing AD data across domain controllers.
17. FSMO: Flexible Single Master Operations, specialized roles held by DCs for specific tasks.
18. RID Master: Assigns unique relative IDs for new objects, one of the FSMO roles.
19. PDC Emulator: Emulates Primary Domain Controller, handles password changes and time sync.
20. Infrastructure Master: Maintains cross-domain references, one of the FSMO roles.
21. Domain Naming Master: Manages addition and removal of domains in a forest.
22. Schema Master: Controls updates to the AD schema, one of the FSMO roles.
23. Global Catalog Server: DC with a full copy of all objects in the forest.
24. Trust Relationship: Enables resource sharing and authentication between domains.
25. Kerberos: Authentication protocol used by AD to verify user and service identity.
26. Ticket Granting Ticket (TGT): Kerberos ticket for access to services within a domain.
27. Service Ticket: Kerberos ticket for a specific service.
28. SPN: Service Principal Name, uniquely identifies a service in a domain.
29. NTLM: NT LAN Manager, older authentication protocol used as a fallback for Kerberos.
30. SID: Security Identifier, unique identifier for security objects in AD.
31. RID: Relative Identifier, unique within a domain, combined with the domain SID to form a full SID.
32. USN: Update Sequence Number, used to track changes and replication in AD.
33. Tombstone: Deleted AD object that remains in the database for a specified period.
34. dcpromo: Deprecated utility for promoting and demoting domain controllers.
35. AD DS: Active Directory Domain Services, the main AD component for managing resources.
36. AD LDS: Active Directory Lightweight Directory Services, a lightweight AD variant.
37. AD FS: Active Directory Federation Services, enables single sign-on across applications.
38. AD RMS: Active Directory Rights Management Services, secures sensitive data.
39. GMSA: Group Managed Service Account, automates password management for service accounts.
40. Password policy: Configures password requirements and settings for users.
41. Fine-Grained Password Policy: Applies different password policies to specific users/groups.
42. CSVDE: Command-line tool for importing/exporting AD objects using CSV files.
43. LDIFDE: Command-line tool for importing/exporting AD objects using LDIF files.
44. REPADMIN: Command-line tool for diagnosing and managing replication in AD.
45. DCDIAG: Command-line tool for diagnosing and troubleshooting domain controller issues.
46. NLTEST: Command-line tool for testing domain trust relationships and locating DCs.
47. Ntdsutil: Command-line tool for managing AD databases, performing metadata cleanup, and more.
48. ADSI Edit: Graphical tool for managing AD objects and attributes at a low level.
49. Attribute Editor: Tab in the AD Users and Computers console for editing object attributes.
50. Group Policy Management Console (GPMC): Centralized interface for managing Group Policy.
51. Resultant Set of Policy (RSoP): Tool for analyzing the cumulative effect of applied GPOs.
52. Delegation of Control: Assigning limited administrative privileges to specific users or groups.
53. Read-Only Domain Controller (RODC): DC with read-only AD database, used in branch offices.
54. SYSVOL: Shared folder on DCs containing scripts, GPOs, and other AD-related files.
55. FRS: File Replication Service, deprecated replication technology for SYSVOL.
56. DFS-R: Distributed File System Replication, used for replicating SYSVOL in modern AD.
57. UPN: User Principal Name, user identifier format resembling an email address.
58. Netlogon: Service on DCs for authenticating users and handling domain-related tasks.
59. SAM: Security Accounts Manager, stores local user and group information on Windows systems.
60. Local Security Authority (LSA): Component responsible for enforcing security policies.
61. Security Token: Data structure containing user's security identifier and group memberships.
62. AD Recycle Bin: Feature for easily recovering accidentally deleted AD objects.
63. Active Directory Administrative Center (ADAC): Graphical management tool for AD.
64. PowerShell: Command-line scripting environment, with AD-specific cmdlets for management.
65. PSOs: Password Settings Objects, used to define fine-grained password policies.
66. Authentication Silos: Groups of users or computers with restricted authentication scope.
67. Shadow Groups: Dynamic groups that mirror the membership of another group or attribute.
68. Active Directory Users and Computers (ADUC): Management console for AD objects.
69. Domain functional level: Minimum domain controller OS version within a domain.
70. Forest functional level: Minimum domain controller OS version across all domains in a forest.
71. Active Directory Sites and Services: Management console for AD sites, subnets, and replication.
72. Schema: Set of rules defining AD object classes, attributes, and their relationships.
73. DirSync: Directory synchronization tool for syncing on-premises AD with Azure AD.
74. Azure AD Connect: Tool for integrating on-premises AD with Azure AD.
75. ADFS Proxy: Server that enables external access to AD FS for single sign-on.
76. Home Folder: Personal network storage location for users, typically mapped as a network drive.
77. Roaming Profiles: User profiles stored on a server, enabling consistent settings across devices.
78. Folder Redirection: Redirects user folders to network locations for centralized storage.
79. Universal Group: AD group type that can contain members from any domain in a forest.
80. Domain Local Group: AD group type that can have members from the same domain.
81. Global Group: AD group type that can contain members from its own domain only.
82. Security Principal: AD object that can be assigned permissions, such as users, groups, or computers.
83. Object Class: Defines a type of object in AD, such as user, group, or computer.
84. Object Attribute: Property of an AD object, such as name, description, or email address.
85. LDAP Query: Search filter used to locate specific objects or attributes in AD.
86. LDAPS: LDAP over SSL, a secure version of LDAP for encrypting communication with AD.
87. SACL: System Access Control List, defines auditing settings for AD objects.
88. DACL: Discretionary Access Control List, defines access permissions for AD objects.
89. ACE: Access Control Entry, individual permission entry in a DACL or SACL.
90. ACL: Access Control List, a collection of ACEs defining access permissions or audit settings.
91. Inheritance: Permission propagation from parent objects to child objects in AD hierarchy.
92. AGDLP: Account-Global-Domain Local-Permission, a best practice for granting permissions in AD.
93. AGUDLP: Account-Global-Universal-Domain Local-Permission, a best practice for multi-domain environments.
94. AAD: Azure Active Directory, Microsoft's cloud-based identity and access management service.
95. Hybrid Identity: Integration of on-premises AD and Azure AD for single sign-on and management.
96. Azure AD B2B: Business-to-business collaboration feature in Azure AD for external users.
97. Azure AD B2C: Business-to-customer identity management in Azure AD for customer-facing apps.
98. MFA: Multi-Factor Authentication, additional security layer requiring more than one verification method.
99. Conditional Access: Azure AD feature for enforcing access policies based on user context.
100. IdP: Identity Provider, a system responsible for authenticating and authorizing users.
Комментариев нет:
Отправить комментарий