Terms and Definitions

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The following terms are important to understanding the Windows Server 2003 Active Directory deployment process.

Active Directory domain

An administrative unit in a computer network that, for management convenience, groups several capabilities, including:

  • Network-wide user identity. Domains allow user identities to be created once and referenced on any computer that is joined to the forest in which the domain is located. Domain controllers that make up a domain are used to store user accounts and user credentials, such as passwords or certificates, securely.

  • Authentication. Domain controllers provide authentication services for users and supply additional authorization data, such as user group memberships. These services can be used to control access to resources on the network.

  • Trust relationships. Domains extend authentication services to users in other domains in their own forest by means of automatic bidirectional trusts, and to users in domains in other forests by means of either manually created external trusts or forest trusts.

  • Policy administration. The domain is a scope of administrative policies, such as password complexity and password reuse rules.

  • Replication. The domain defines a partition of the directory tree that provides data that is adequate to provide the required services and that is replicated between the domain controllers. In this way, all domain controllers are peers in a domain and are managed as a unit.

Active Directory forest

A collection of one or more Active Directory domains that share a common logical structure, directory schema, and network configuration, as well as automatic two-way transitive trust relationships. Each forest is a single instance of the directory and defines a security boundary.

Active Directory functional level

A setting in Windows Server 2003 Active Directory that enables advanced domain-wide or forest-wide Active Directory features.

Migration

The process of moving an object from a source domain to a target domain, while preserving or modifying characteristics of the object to make it accessible in the new domain.

Domain restructure

A migration process that involves changing the domain structure of a forest. A domain restructure can involve either consolidating or adding domains, and can take place between forests or within a forest.

Domain consolidation

A restructuring process that involves eliminating Microsoft® Windows NT® 4.0 domains or Active Directory domains by merging their contents with the contents of other domains.

Domain upgrade

The process of upgrading the directory service of a domain to a later version of the directory service. This includes upgrading the operating system on all domain controllers and raising the Active Directory functional level where applicable.

In-place domain upgrade

The process of upgrading the operating system on all domain controllers that are based on Windows NT 4.0 or on the Microsoft® Windows® 2000 operating system and raising the functional level of the domain if applicable, while leaving domain objects, such as users and groups, in place.

Regional domain

A child domain that is created based on a geographic region in order to optimize replication traffic.