Active Directory Information (Active Directory Replication) @ Demoz.org

Active Directory Information

Active Directory stores all information and settings for a deployment in a central database. Using the same database, Active Directory allows administrators to assign policies, deploy and update software. Active Directory networks can vary from a small installation with a few computers, users and printers to tens of thousands of users, many different network domains and large server farms spanning many geographical locations.

Active Directory was previewed in 1999, released first with Windows 2000 Server edition, and revised to extend functionality and improve administration in Windows Server 2003. Additional improvements were made in Windows Server 2003 R2, Windows Server 2008 and Windows Server 2008 R2 and was renamed Active Directory Domain Services.

Active Directory was called NTDS (NT Directory Service) in older Microsoft documents. This name can still be seen in some Active Directory binaries.

1 Structure
- 1.1 Objects
  - 1.1.1 Sites
- 1.2 Forests, trees, and domains
  - 1.2.1 Organizational units
    - 1.2.1.1 Shadow Groups
2 Physical matters
3 Replication
- 3.1 Database
4 Programmatic interface
5 Single server operations
6 Trust
- 6.1 Terminology
7 Lightweight Directory Services
8 Unix integration
9 See also
10 Notes
11 External links

Structure

Objects

An Active Directory structure is a hierarchical arrangement of information about objects. The objects fall into two broad categories: resources (e.g., printers) and security principals (user or computer accounts and groups). Security principals are assigned unique security identifiers (SIDs).

Each object represents a single entity—whether a user, a computer, a printer, or a group—and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes—the characteristics and information that the object represents— defined by a schema, which also determines the kinds of objects that can be stored in Active Directory.

Each attribute object can be used to define multiple schema objects. The schema object allows the schema to be extended or modified when necessary. However, because each schema object is integral to the definition of Active Directory objects, deactivating or changing these objects can fundamentally change and/or disrupt a deployment. Schema changes automatically propagate throughout the system. Once created, an object can only be deactivated—not deleted. Changing the schema usually requires planning.^[2]

Sites

A Site object in Active Directory represents a geographic location that hosts networks. Sites contain objects called subnets.^[3] Sites can be used to assign Group Policy, facilitate the discovery of resources, manage directory replication, and manage network link traffic. Sites can be linked to other Sites. Site-linked objects may be assigned a value that represents the speed, reliability, availability, or other real property of a physical resource. Site Links may also be assigned a schedule.

Forests, trees, and domains

The Active Directory framework that holds the objects can be viewed at a number of levels. The forest, tree, and domain are the logical divisions in an Active Directory network.

Within a deployment, objects are grouped into domains. The objects for a single domain are stored in a single database (which can be replicated). Domains are identified by their DNS name structure, the namespace.

A tree is a collection of one or more domains and domain trees in a contiguous namespace, linked in a transitive trust hierarchy.

At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, computers, groups, and other objects are accessible.

Forest-WidgetsCorp
	Tree-Eastern
		Domain-Boston
		Domain-NewYork
		Domain-Philly
	Tree-Southern
		Domain-Atlanta
		Domain-Dallas

Domain-Dallas
	OU-Marketing
		Donn
		Mark
		Steve
	OU-Sales
		Bill
		Ralph

Example of the geographical organizing of zones of interest within trees and domains.

Organizational units

The objects held within a domain can be grouped into Organizational Units (OUs).^[4] OUs can provide hierarchy to a domain, ease its administration, and can resemble the organization's structure in managerial or geographical terms. OUs can contain other OUs—domains are containers in this sense. Microsoft recommends using OUs rather than domains for structure and to simplify the implementation of policies and administration. The OU is the recommended level at which to apply group policies, which are Active Directory objects formally named Group Policy Objects (GPOs), although policies can also be applied to domains or sites (see below). The OU is the level at which administrative powers are commonly delegated, but delegation can be performed on individual objects or attributes as well.

Organizational Units are an abstraction for the administrator and do not function as containers; the underlying domain is the true container. It is not possible, for example, to create user accounts with an identical username (sAMAccountName) in separate OUs, such as "fred.staff-ou.domain" and "fred.student-ou.domain", where "staff-ou" and "student-ou" are the OUs. This is so because sAMAccountName, a user object attribute, must be unique within the domain.

As the number of users in a domain increases, conventions such as "first initial, middle initial, last name" will fail for common names like Smith, "Garcia" or Lee. Workarounds include adding a digit to the end of the username or using the unique employee/student id number.

Because duplicate usernames cannot exist within a domain, account name generation poses a significant challenge for large organizations that can not be easily subdivided into separate domains, such as students in a public school system or university who must be able to use any computer across the network.

Shadow Groups

In Active Directory, organizational units cannot be assigned as owners or trustees. Only groups are selectable, and members of OUs can not be collectively assigned rights to directory objects.

OUs do not carry access rights. A common practice is to employ scripts to create and maintain a user group for each OU. The scripts are run periodically to update the group to match the OU's membership. Such groups are known as Shadow Groups. Microsoft refers to shadow groups in the Server 2008 Reference documentation.^[5] Once created, these shadow groups are selectable in place of the OU in the administrative tools.

The naming of shadow groups is complicated by the fact that OUs can be nested but groups cannot. Groups can only exist in the root of the domain, and group names are limited in length so matching the naming of a deeply nested string of OUs for a very large domain is problematic.

The division of an organization's information infrastructure into a hierarchy of one or more domains and top-level OUs is a key decision. Common models are by business unit, by geographical location, by IT Service, or by object type and hybrids of these. OUs should be structured primarily to facilitate administrative delegation, and secondarily, to facilitate group policy application. Although OUs form an administrative boundary, the only true security boundary is the forest itself and an administrator of any domain in the forest must be trusted across all domains in the forest.^[6]

Physical matters

Sites are physical, rather than logical, groupings defined by one or more IP subnets.^[7] AD also holds the definitions of connections, distinguishing low-speed (e.g., WAN, VPN) from high-speed (e.g., LAN) links. Site definitions are independent of the domain and OU structure and are common across the forest. Sites are used to control network traffic generated by replication and also to refer clients to the nearest domain controllers. Microsoft Exchange Server 2007 uses the site topology for mail routing. Policies can also be defined at the site level.

Physically the Active Directory information is held on one or more peer domain controllers (DCs), replacing the NT PDC/BDC model. Each DC has a copy of the Active Directory. Servers joined to Active Directory that are not domain controllers are called Member Servers.^[8]

The Active Directory database is organized in partitions, each holding specific object types and following a specific replication pattern. AD synchronizes changes using multi-master replication.^[9] Microsoft often refers to these partitions as 'naming contexts'.^[10] The 'Schema' partition contains the definition of object classes and attributes within the Forest. The 'Configuration' partition contains information on the physical structure and configuration of the forest (such as the site topology). Both replicate to all domain controllers in the Forest. The 'Domain' partition holds all objects created in that domain and replicates only to Domain Controllers within its domain. So, for example, a user created in Domain A would be listed only in Domain A's domain controllers. A subset of objects in the domain partition replicate to domain controllers that are configured as global catalogs. Global catalog (GC) servers provide a global listing of all objects in the Forest.^[11] Global Catalog servers replicate to themselves all objects from all domains and hence, provide a global listing of objects in the forest. However, in order to minimize replication traffic and to keep the GC's database small, only selected attributes of each object are replicated. This is called the partial attribute set (PAS). The PAS can be modified by modifying the schema and marking attributes for replication to the GC.^[12] Earlier versions of Windows used NetBIOS to communicate. Active Directory is fully integrated with DNS and requires TCP/IP—DNS. To be fully functional, the DNS server must support SRV resource records or service records.

Replication

Active Directory replication is 'pull' rather than 'push', meaning that replicas pull changes from the server where the change was effected.^[13] The Knowledge Consistency Checker (KCC) creates a replication topology of site links using the defined sites to manage traffic. Intrasite replication is frequent and automatic as a result of change notification, which triggers peers to begin a pull replication cycle. Intersite replication intervals are typically less frequent and do not use change notification by default, although this is configurable and can be made identical to intrasite replication.

Each link can have a 'cost' (e.g., DS3, T1, ISDN etc.) and the site link topology will be altered accordingly by the KCC. Replication may occur transitively through several site links on same-protocol site link bridges, if the cost is low, although KCC automatically costs a direct site-to-site link lower than transitive connections. Site-to-site replication can be configured to occur between a bridgehead server in each site, which then replicates the changes to other DCs within the site.

Replication of Active Directory uses Remote Procedure Calls (RPC) over IP (RPC/IP). Between Sites you can use SMTP for replication, but only for changes in the Schema, Configuration, or Partial Attribute Set (Global Catalog) NCs. SMTP cannot be used for replicating the default Domain partition.^[14]

Database

The Active Directory database, the directory store, in Windows 2000 Server uses the JET Blue-based Extensible Storage Engine (ESE98) and is limited to 16 terabytes and 1 billion objects in each domain controller's database. Microsoft has created NTDS databases with more than 2 billion objects.^{[citation needed]} (NT4's Security Account Manager could support no more than 40,000 objects). Called NTDS.DIT, it has two main tables: the data table and the link table. In Windows Server 2003 a third main table was added for security descriptor single instancing.^[15]

Programmatic interface

The features of Active Directory may be accessed programmatically via the COM interfaces provided by Active Directory Service Interfaces.^[16]

Single server operations

Flexible Single Master Operations (FSMO, sometimes pronounced "fizz-mo") operations are also known as operations master roles. Although domain controllers operate allow simultaneous updates in multiple places, certain operations are supported only on a single server. These operations are performed using the roles listed below:

Role Name	Scope	Description
Schema Master	1 per forest	Schema modifications
Domain Naming Master	1 per forest	Addition and removal of domains if present in root domain
PDC Emulator	1 per domain	Provides backwards compatibility for NT4 clients for PDC operations (like password changes). The PDC runs domain specific processes such as the Security Descriptor Propagator (SDPROP), and is the master time server within the domain. It also handles external trusts, the DFS consistency check, holds current passwords and manages all GPOs as default server.
RID Master	1 per domain	Allocates pools of unique identifiers to domain controllers for use when creating objects
Infrastructure Master	1 per domain/partition	Synchronizes cross-domain group membership changes. The infrastructure master cannot run on a global catalog server (GCS)(unless all DCs are also GCs, or environment consists of a single domain.

Trust

To allow users in one domain to access resources in another, Active Directory uses trusts.^[17]

Trusts inside a forest are automatically created when domains are created. The forest sets the default boundaries of trust, and implicit, transitive trust is automatic for all domains within a forest.

Terminology

One-way trust: One domain allows access to users on another domain, but the other domain does not allow access to users on the first domain.
Two-way trust: Two domains allow access to users on both domains.
Trusting domain: The domain that allows access to users from a trusted domain.
Trusted domain: The domain that is trusted; whose users have access to the trusting domain.
Transitive trust: A trust that can extend beyond two domains to other trusted domains in the forest.
Intransitive trust: A one way trust that does not extend beyond two domains.
Explicit trust: A trust that an admin creates. It is not transitive and is one way only.
Cross-link trust: An explicit trust between domains in different trees or in the same tree when a descendant/ancestor (child/parent) relationship does not exist between the two domains.
Shortcut: Joins two domains in different trees, transitive, one- or two-way
Forest: Applies to the entire forest. Transitive, one- or two-way
Realm: Can be transitive or nontransitive, one- or two-way
External: Connect to other forests or non-AD domains. Nontransitive, one- or two-way.^[18]

Windows 2000 Server supports two-way transitive and one-way intransitive trusts. Administrators can create shortcuts.

Windows Server 2003 the forest root trust. This trust can be used to connect Windows Server 2003 forests if they are operating at the 2003 forest functional level. Authentication across this type of trust is Kerberos based (as opposed to NTLM). Forest trusts are transitive for all the domains in the trusted forests. Forest trusts, however, are not transitive.

Lightweight Directory Services

AD LDS is a light-weight implementation of Active Directory. LDS is capable of running as a service, on computers running Microsoft Windows Server 2003 or Windows XP Professional. LDS shares the code base with Active Directory and provides the same functionality as Active Directory, including an identical API, but does not require the creation of domains or domain controllers.

Like Active Directory, LDS provides a Data Store for storage of directory data and a Directory Service with an LDAP Directory Service Interface. Unlike Active Directory, however, multiple LDS instances can be run on the same server.

Before Windows Server 2008, LDS was named Active Directory Application Mode (ADAM).^[19]

Unix integration

Varying levels of interoperability with Active Directory can be achieved on most Unix-like operating systems through standards-compliant LDAP clients, but these systems usually do not interpret many attributes associated with Windows components, such as Group Policy and support for one-way trusts.

Third-parties offer Active Directory integration for Unix platforms (including UNIX, Linux, Mac OS X, and a number of Java- and UNIX-based applications), including Centrify (DirectControl), Computer Associates (UNAB), CyberSafe Limited (TrustBroker), Likewise Software (Open or Enterprise), Quest Software (Authentication Services) Thursby Software Systems (ADmitMac) and open source software Samba can act as a peer Active Directory domain controller.^[20]^[21] Microsoft offers Microsoft Windows Services for UNIX at no charge.

The schema additions shipped with Windows Server 2003 R2 include attributes that map closely enough to RFC| 2307 to be generally usable. The reference implementation of RFC 2307, nss_ldap and pam_ldap provided by PADL.com, support these attributes directly. The default schema for group membership complies with RFC 2307bis (proposed).^[22] Windows Server 2003 R2 includes a Microsoft Management Console snap-in that creates and edits the attributes.

An alternate option is to use another directory service such as 389 Directory Server (formerly Fedora Directory Server) or Sun Microsystems Sun Java System Directory Server, which can perform two-way synchronization with AD and thus provide a "deflected" integration, as Unix and Linux clients authenticate to FDS and Windows Clients authenticate to AD. Another option is to use OpenLDAP with its translucent overlay, which can extend entries in any remote LDAP server with additional attributes stored in a local database. Clients pointed at the local database see entries containing both the remote and local attributes, while the remote database remains completely untouched.

Notes

^ ^a ^b ^c ^d ^e "Active Directory on a Windows Server 2003 Network". Active Directory Collection. March 13, 2003. http://technet.microsoft.com/en-us/library/cc780036(WS.10).aspx#w2k3tr_ad_over_qbjd. Retrieved December 25, 2010.
^ Windows Server 2003: Active Directory Infrastructure. Microsoft Press. 2003. pp. 1–8 – 1–9. ISBN 0-7356-1438-5.
^ "Managing Sites". Microsoft Corporation. http://technet.microsoft.com/en-us/library/bb727051.aspx. "An Active Directory site object represents a collection of Internet Protocol (IP) subnets, usually constituting a physical Local Area Network (LAN)."
^ "Organizational Units". Microsoft Corporation. 2010. http://technet.microsoft.com/en-us/library/cc978003.aspx. "An organizational unit in Active Directory is analogous to a directory in the file system"
^ Microsoft Server 2008 Reference refers to "shadow groups" but does not explain how to create them. http://technet.microsoft.com/en-us/library/cc770394%28WS.10%29.aspx
^ "Specifying Security and Administrative Boundaries". Microsoft Corporation. 2005-01-23. http://technet.microsoft.com/en-us/library/cc755979(WS.10).aspx. "However, service administrators have abilities that cross domain boundaries. For this reason, the forest is the ultimate security boundary, not the domain."
^ "Sites overview". Microsoft Corporation. 2005-01-21. http://technet.microsoft.com/en-us/library/cc782048(WS.10).aspx. "A site is a set of well-connected subnets."
^ "Planning for domain controllers and member servers". Microsoft Corporation. 2005-01-21. http://technet.microsoft.com/en-us/library/cc737059(WS.10).aspx. "[...] member servers, [...] belong to a domain but do not contain a copy of the Active Directory data."
^ "Directory data store". Microsoft Corporation. 2005-01-21. http://technet.microsoft.com/en-us/library/cc736627(WS.10).aspx. "Active Directory uses four distinct directory partition types to store [...] data. Directory partitions contain domain, configuration, schema, and application data."
^ Andreas Luther. "Active Directory Replication Traffic". Microsoft Corporation. http://technet.microsoft.com/en-us/library/bb742457.aspx. Retrieved 2010-05-26. "The Active Directory is made up of one or more naming contexts or partitions."
^ "What Is the Global Catalog?". Microsoft Corporation. 2009-12-10. http://technet.microsoft.com/en-us/library/cc728188(WS.10).aspx. "[...] a domain controller can locate only the objects in its domain. [...] The global catalog provides the ability to locate objects from any domain [...]"
^ "Attributes Included in the Global Catalog". Microsoft Corporation. 2010-08-26. http://msdn.microsoft.com/en-us/library/ms675160%28VS.85%29.aspx. "The isMemberOfPartialAttributeSet attribute of an attributeSchema object is set to TRUE if the attribute is replicated to the global catalog. [...] When deciding whether or not to place an attribute in the global catalog remember that you are trading increased replication and increased disk storage on global catalog servers for, potentially, faster query performance."
^ "What Is the Active Directory Replication Model?". Microsoft Corporation. 2003-03-28. http://technet.microsoft.com/en-us/library/cc737314(WS.10).aspx. "Domain controllers request (pull) changes rather than send (push) changes that might not be needed."
^ "What Is Active Directory Replication Topology?". Microsoft Corporation. 2003-03-28. http://technet.microsoft.com/en-us/library/cc775549(WS.10).aspx. "SMTP can be used to transport nondomain replication [...]"
^ Large AD database? Probably not this large...
^ Active Directory Service Interfaces, Microsoft
^ "Domain and Forest Trusts Technical Reference". Microsoft Corporation. 2003-03-28. http://technet.microsoft.com/en-us/library/cc738955(WS.10).aspx. "Trusts enable [...] authentication and [...] sharing resources across domains or forests"
^ "How Domain and Forest Trusts Work". Microsoft Corporation. 2006-06-03. http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx. Retrieved 2010-06-01. "Defines several kinds of trusts. (automatic, shortcut, forest, realm, external)"
^ "AD LDS". Microsoft. http://msdn.microsoft.com/en-us/library/aa705886(VS.85).aspx. Retrieved 2009-04-28.
^ "Samba4/Releases/4.0.0alpha13". SambaPeople. SAMBA Project. http://wiki.samba.org/index.php/Samba4/Releases/4.0.0alpha13. Retrieved 2010-11-29.
^ "The great DRS success!". SambaPeople. SAMBA Project. 2009-10-05. http://people.samba.org/people/2009/10/05#drs-success. Retrieved 2009-11-02.
^ RFC 2307bis

External links

Microsoft's Active Directory Page
Microsoft Technet: White paper: Active Directory Architecture (Single technical document that gives an overview about Active Directory.)
Microsoft Technet: Detailed description of Active Directory on Windows Server 2003
Microsoft MSDN Library: [MS-ADTS]: Active Directory Technical Specification (part of the Microsoft Open Specification Promise)
Active Directory Application Mode (ADAM)

Microsoft

Board of directors

Steve Ballmer · James Cash, Jr. · Dina Dublon · Bill Gates · Raymond Gilmartin · Reed Hastings · Maria Klawe · David Marquardt · Charles Noski · Helmut Panke · Jon Shirley

Desktop software

Windows (components) · Internet Explorer · Office · Visual Studio · Security Essentials · Expression · Dynamics · Money · Encarta · Student · Math · Works · MapPoint · Virtual PC · Forefront · Home · Flight Simulator · Bob

Mobile software

Windows Phone 7 · Internet Explorer Mobile · Office Mobile · Windows Phone Live · Windows Mobile · Windows Embedded CE · Microsoft Tellme · Bing Mobile · Visual Studio Express for Windows Phone · Expression Blend

Server software

Windows Server · SQL Server · IIS · PWS · Exchange · BizTalk · Commerce · ISA Server · System Center · Home Server · SharePoint (SharePoint Foundation · SharePoint Server · Search Server) · OCS · Terminal Services · Microsoft Host Integration Server

Technologies

Active Directory · DirectX · .NET · Windows Media · PlaysForSure · App-V · Hyper-V · Silverlight · Windows Embedded · Mediaroom · Microsoft Auto · HDi

Web properties

Websites and services	adCenter · Bing · BrowserChoice.eu · Channel 9 · CodePlex · HealthVault · Ignition · Microsoft Store · Windows Phone Marketplace · MSDN · MSN (Games · MSNBC · msnbc.com · ninemsn) · TechNet · Windows Live (Groups · Hotmail · ID · Messenger · Spaces) · Microsoft Popfly

Live	Games for Windows – Live · Xbox Live (Arcade · Marketplace) · Zune Social

Gaming

Microsoft Game Studios · Zone · XNA · Xbox · Xbox 360 · Games for Windows

Hardware

Released	Surface · Zune (4 / 8 / 16 · 30 · 80 / 120 · HD) · Kin · MSN TV · Natural Keyboard · Jazz · Keyboard · Mouse · LifeCam · LifeChat · SideWinder · Ultra-Mobile PC · Fingerprint · Audio System · Cordless Phone · Pocket PC · RoundTable · Response Point

Prototypes	Courier · Venus

Education and recognition

MCPs · MSDNAA · MSCA · Microsoft Press · Microsoft MVP · Student Partners · Research

Licensing

Client Access License · Shared source · Licensing Services

Conferences

MIX · Professional Developers Conference · Windows Hardware Engineering Conference

Criticism

Windows · Windows 9x (section) · Windows 2000 (section) · Windows Me (section) · Windows XP · Windows Vista · Office (section) · Xbox 360 · Internet Explorer (section) · Refund · Studies related to Microsoft

Litigation

Alcatel-Lucent v. Microsoft · European Union Microsoft competition case · United States v. Microsoft · Microsoft v. Lindows · Apple v. Microsoft · Microsoft vs. MikeRoweSoft

Acquisitions

Altamira Software · aQuantive · Azyxxi · Blue Ribbon Soundworks · Bungie · Calista Technologies · Colloquis · Connectix · Consumers Software · Danger · Farecast · FASA Studio · Fast Search & Transfer · Firefly · Forethought · GIANT Company Software · Groove Networks · Hotmail · Jellyfish.com · LinkExchange · Lionhead Studios · Massive Incorporated · Onfolio · PlaceWare · Powerset · ProClarity · Rare · ScreenTonic · Teleo · Tellme Networks · Vermeer Technologies · Visio Corporation · VXtreme · WebTV Networks · Winternals · Yupi

Annual Revenue: $62.484 billion USD (2010) · Employees: 89,000 (2010) · Stock Symbol: MSFT · Website: microsoft.com Further information: List of Microsoft topics

Microsoft Windows components

Core	Active Scripting (WSH · VBScript · JScript) · Aero · AutoPlay · AutoRun · ClearType · COM (ActiveX · ActiveX Document · COM Structured storage · DCOM · OLE · OLE Automation · Transaction Server) · Desktop Window Manager · DirectX · Explorer · Graphics Device Interface · Imaging Format · .NET Framework · Search (IFilter · Saved search) · Server Message Block · Shell (Extensions · File associations · Namespace · Special Folders) · Start menu · Previous Versions · Taskbar · Windows USER · Win32 console · XML Paper Specification

Management tools	Backup and Restore Center · cmd.exe · Control Panel (Applets) · Device Manager · Disk Cleanup · Disk Defragmenter · Driver Verifier · Event Viewer · IEAK · IExpress · Management Console · Netsh · Problem Reports and Solutions · Resource Monitor · ‎Sysprep · System Policy Editor · System Configuration · Task Manager · System File Checker · System Restore · WMI · Windows Installer · Windows PowerShell · Windows Update · WAIK · WinSAT · Windows Easy Transfer

Applications	Calculator · Calendar · Character Map · Contacts · DVD Maker · Fax and Scan · File Manager · Internet Explorer · Journal · Mail · Magnifier · Media Center · Media Player · Meeting Space · Mobile Device Center · Mobility Center · Movie Maker · Narrator · Notepad · Paint · Photo Gallery · Private Character Editor · Remote Assistance · Windows Desktop Gadgets · Snipping Tool · Sound Recorder · Speech Recognition · Tablet PC Input Panel · WordPad

Games	Chess Titans · FreeCell · Hearts · Hold 'Em · Hover! · InkBall · Mahjong Titans · Minesweeper · Pinball · Purble Place · Reversi · Solitaire · Spider Solitaire · Tinker

Kernel	Ntoskrnl.exe · hal.dll · System Idle Process · svchost.exe · Registry · Windows service · DLL · EXE · NTLDR / Boot Manager · Winlogon · Recovery Console · I/O · WinRE · WinPE · Kernel Patch Protection

Services	BITS · Task Scheduler · Wireless Zero Configuration · Shadow Copy · Error Reporting · Multimedia Class Scheduler · CLFS

File systems	NTFS (Hard link · Junction point · Mount Point · Reparse point · Symbolic link · TxF · EFS) · WinFS · FAT (FAT12 · FAT16 · FAT32) · exFAT · CDFS · UDF · DFS · IFS

Server	Domains · Active Directory · DNS · Group Policy · Roaming user profiles · Folder redirection · Distributed Transaction Coordinator · MSMQ · Windows Media Services · Rights Management Services · IIS · Terminal Services · WSUS · Windows SharePoint Services · Network Access Protection · PWS · DFS Replication · Remote Differential Compression · Print Services for UNIX · Remote Installation Services · Windows Deployment Services · System Resource Manager · Hyper-V

Architecture	NT series architecture · Object Manager · Startup process (Vista/7) · I/O request packet · Kernel Transaction Manager · Logical Disk Manager · Security Accounts Manager · Windows File Protection / Windows Resource Protection · Windows library files · LSASS · CSRSS · SMSS · MinWin

Security	User Account Control · BitLocker · Defender · Data Execution Prevention · Security Essentials · Protected Media Path · Mandatory Integrity Control · User Interface Privilege Isolation · Windows Firewall · Security Center

Compatibility	Unix subsystem (Microsoft POSIX · Interix) · Virtual DOS machine · command.com · Windows on Windows · WoW64 · Windows XP Mode

Categories: Active Directory | Identity management systems | Microsoft server technology | Windows components | Windows 2000

The above information uses material from Wikipedia and is licensed under the GNU Free Documentation License.
Some facts may not have been fully verified for accuracy. [Disclaimers]
This page was last archived by our server on Sun Dec 4 11:47:46 2011.
Displaying this page or its contents does not use any Wikimedia Foundation's resources.
The owners of this site proudly support the Wikimedia Foundation.

More Information Results for "Active Directory"

[Hide]▼

'Active Directory' Images

[Hide]▲

or search for "active directory" in:	Web:	The Entire Web	Web Directory
	This Site:	Page Titles	This Site	Related Terms	Proximate Terms
	News:	Headlines	Events	Blogs
	Reference:	Encyclopedia	Dictionary	eTexts	Quotes
		Answers
	Multimedia:	Images	Videos	Audio
	People:	Discussion Groups	Social Networking
	Shopping:	General Merch.	Consumer Info		Classifieds