A Glossary of Windows 2000 Terms

FRAMINGHAM (02/14/2000) - Can't see the forest for the noncontiguous subtrees?

Understanding Win 2k terminology might keep your staff out of the woods.

Advanced Configuration and Power Interface (ACPI): A new power-management standard that covers desktop, mobile and server computers as well as their peripherals. It includes "instant-on" features and can activate PCs remotely across the network. Use of ACPI depends on functionality in the system hardware.

Active Directory: Windows 2000's new directory structure, which replaces the older trusted-domain system of Windows NT. Active Directory manages users and network resources, authenticating them to the network and assigning permission and service levels. It forms the backbone of many new features in Windows 2000, such as IntelliMirror and the new authentication procedures.

Attributes: Characteristics of objects. All objects of a given type have the same set of attributes, though the values of a given attribute may differ from one object to another.

Delegated administration: Unlike previous versions of NT, Windows 2000 permits administrators to assign administrative tasks to another user or group without giving it complete access.

Distinguished name: Active Directory's naming scheme follows Lightweight Directory Address Protocol (LDAP) conventions, incorporating the location of the resource in the network from the distinguished name. For example, Computerworld user John Smith's distinguished name might be "/O=Internet/DC=COM/DC=Computerworld/CN=CWuser/CN=John Smith." That's too cumbersome for users, so Windows 2000 recognizes the user principal name for most operations.

Domain: The core unit of Active Directory, a container of objects that share security requirements, replication processes and administration. An Active Directory domain can contain millions of objects.

Domain controller: A Windows 2000 server that stores a complete copy of all directory information for a given domain. It also manages changes to directory information and replicates those changes to other domain controllers in the same domain.

Forest: A collection of one or more trees. Multiple trees in a forest don't share common root names, but because all trees in a forest trust one another automatically, they share information.

Global catalog: A partial replica of the Active Directory used to determine the location of any object in the directory. The global catalog includes all objects and their most frequently used (but not necessarily all) attributes. It can be a much more powerful locator than the "Find Computer" command in older Windows versions.

Group: A collection of resources designed to simplify administration so permissions can be granted once to an entire group rather than multiple times to individual users. Groups come in two types - security and distribution groups - and can have a scope defined as domain-local, global or universal. The normal way to organize groups is to put user accounts into global groups, global groups into domain-local groups and then grant resource permissions to domain-local groups. Universal groups can be addressed anywhere in the network.

IntelliMirror: Microsoft's term for Windows 2000 synchronization services.

IntelliMirror can synchronize data between local and remote systems or "heal" a corrupted PC by restoring it to earlier configurations.

Microsoft Management Console (MMC): A network management framework that lets administrators plug "snap-ins," utilities that perform specific tasks such as setting group policies or administering a Web site, into a workspace known as a "console." The result is a customized network-management workspace.

Namespace: A document or index that identifies objects in a particular part of the network. A phone book, for example, is a namespace that matches people with their phone numbers. In Windows 2000, a namespace can also be referred to as a console tree.

Native mode domain: A domain where all domain controllers are running Windows 2000.

Object class: The definition of a type of object that can reside in the Active Directory.

Organizational unit (OU): A container object used to organize a domain into logical administrative groups. OUs can contain other objects, such as user accounts, groups and computer accounts. They can also contain other OUs.

Root domain: The domain containing the first domain controller created in a forest.

Site: One or more Internet protocol subnets linked by high-bandwidth connections (at least 10M-bps.). Areas of a network separated by wide-area network technologies, multiple routers or other slower links should be defined as separate sites.

Tree: A hierarchical arrangement of one or more domains with a single root name. Domains within a tree share information through automatic trust relationships. Trees can have branches, called subtrees.

Trust: A relationship between two domains that lets one domain automatically accept authentications made by the first. In Windows NT, it was either a one-way or two-way street.

User principal name: The way a user generally identifies himself to the network, as in "jsmith@computerworld.com," as opposed to his LDAP-based distinguished name.

Join the newsletter!

Error: Please check your email address.

More about INSLogicalMicrosoft

Show Comments

Market Place

[]