Applies To: Windows Server 2003 R2

Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z



The object identifier that is assigned to Active Directory Application Mode (ADAM). You can use this object identifier programmatically to differentiate ADAM from other directory services.

See also: directory service; object identifier


Active Directory

The Windows-based directory service. Active Directory stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration for all network objects.

See also: directory service

Active Directory Application Mode (ADAM)

A stand-alone directory service that is designed specifically for use with directory-enabled applications. Active Directory Application Mode (ADAM) does not require or depend on Active Directory forests or domains. ADAM stores and replicates only application-related information. ADAM does not store or replicate network operating system (NOS)-related information.

See also: directory service; directory-enabled application

Active Directory Application Mode (ADAM) instance

For Active Directory Application Mode (ADAM), a single copy of the ADAM directory service, along with its associated directory store, assigned Lightweight Directory Access Protocol (LDAP) and Secure Sockets Layer (SSL) ports, and application event log. You can run multiple ADAM instances simultaneously on a single computer.

See also: Active Directory Application Mode (ADAM); directory service; Lightweight Directory Access Protocol (LDAP); Secure Sockets Layer (SSL)


See definition for: Active Directory Application Mode (ADAM)

ADAM instance

See definition for: Active Directory Application Mode (ADAM) instance


The process for verifying that an entity or object is who or what it claims to be. Examples include confirming the source and integrity of information, such as verifying a digital signature or verifying the identity of a user or computer.

authentication protocol

The protocol by which an entity on a network proves its identity to a remote entity. Typically, identity is proved with the use of a secret key, such as a password, or with a stronger key, such as the key on a smart card. Some authentication protocols also implement mechanisms to share keys between client and server to provide message integrity or privacy.

See also: authentication



A process by which software components and layers are linked together. When a network component is installed, the binding relationships and dependencies for the components are established. Binding allows components to communicate with each other.


configuration set

For Active Directory Application Mode (ADAM), a set of ADAM instances that share and replicate a common schema partition and a common configuration partition.

See also: Active Directory Application Mode (ADAM); Active Directory Application Mode (ADAM) instance


Digest Access protocol

A lightweight authentication protocol for parties involved in communications that are based on Hypertext Transfer Protocol (HTTP) or Simple Authentication and Security Layer (SASL).

See also: Microsoft Digest; Simple Authentication and Security Layer (SASL)

directory service

Both the directory information source and the service that makes the information available and usable. A directory service enables the user to find an object when given any one of its attributes.

See also: Active Directory

Directory Services Markup Language (DSML)

An open, extensible, standards-based format for publishing directory service schemas and exchanging directory contents.

See also: directory service

directory-enabled application

An application that reads, writes, or modifies data that is stored in a directory service.

See also: directory service


See definition for: dynamic-link library (DLL)


See definition for: Directory Services Markup Language (DSML)

dynamic-link library (DLL)

An operating system feature that allows executable routines (generally serving a specific function or set of functions) to be stored separately as files with .dll extensions. These routines are loaded only when needed by the program that calls them.


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.



A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. Distribution groups are used only for e-mail. Security groups are used both to grant access to resources and as e-mail distribution lists.

group account

A collection of user accounts. By making a user account a member of a group, you give the related user all the rights and permissions granted to the group.

See also: group

group memberships

The groups to which a user account belongs. Permissions and rights granted to a group are also provided to its members. In most cases, the actions a user can perform in Windows are determined by the group memberships of the user account to which the user is logged on.

See also: group


Hypertext Transfer Protocol (HTTP)

The protocol used to transfer information on the World Wide Web. An HTTP address (one kind of Uniform Resource Locator (URL)) takes the following form:


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.



See definition for: Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP)

The primary access protocol for Active Directory. LDAP is an industry-standard protocol, established by the Internet Engineering Task Force (IETF), that allows users to query and update information in a directory service. Active Directory supports both LDAP version 2 and LDAP version 3.

See also: Active Directory Application Mode (ADAM); directory service


Microsoft Digest

A security support provider (SSP) that implements the Digest Access protocol. Microsoft Digest provides a simple challenge response mechanism for authenticating clients, and it is intended for use by client/server applications that use communications that are based on Hypertext Transfer Protocol (HTTP) or Simple Authentication and Security Layer (SASL).

See also: authentication; Digest Access protocol; Hypertext Transfer Protocol (HTTP); security support provider (SSP); Simple Authentication and Security Layer (SASL)


Network Service account

A predefined local account that is used to start a service and provide the security context for that service. The name of the account is NT AUTHORITY\NetworkService. The Network Service account has limited access to the local computer and authenticated access (as the computer account) to network resources.


object identifier

A number that identifies an object class or attribute. Object identifiers (OIDs) are organized into an industry-wide global hierarchy. An object identifier is represented as a dotted decimal string, such as, with each dot representing a new branch in the hierarchy. National registration authorities issue root object identifiers to individuals or organizations, who manage the hierarchy below their root object identifier.


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.



In Active Directory replication, one instance of a logical Active Directory partition that is synchronized by means of replication between domain controllers that hold copies of the same directory partition. Replica can also refer to an instance of an object or attribute in a distributed directory. In the File Replication service (FRS), a computer that has been included in the configuration of a specific replica set.

See also: Active Directory



See definition for: Simple Authentication and Security Layer (SASL)

Secure Sockets Layer (SSL)

A proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.

security context

The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user's access token and in the object's security descriptor. Together, the access token and the security descriptor form a security context for the user's actions on the object.

security ID (SID)

A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account's SID rather than the account's user or group name.

See also: group account

security package

The software implementation of a security protocol. Security packages are contained in security support provider dynamic-link libraries (DLLs) or in security support provider/authentication package DLLs.

See also: security support provider (SSP)

security principal

An account holder that is automatically assigned a security identifier (SID) to control access to resources. A security principal can be a user, group, service, or computer.

See also: group; security ID (SID)

security protocol

A specification that defines security-related data objects and rules about how the objects are used to maintain security on a computer system.

security support provider (SSP)

A dynamic-link library (DLL) that implements the Security Support Provider Interface (SSPI) by making one or more security packages available to applications. Each security package provides mappings between an application's SSPI function calls and an actual security model's functions. Security packages support security protocols such as Kerberos and NTLM.

See also: dynamic-link library; security package; security protocol; Security Support Provider Interface (SSPI)

Security Support Provider Interface (SSPI)

A common interface between transport-level applications, such as Microsoft Remote Procedure Call (RPC), and security support providers (SSPs), such as Windows Distributed Security. SSPI allows a transport application to call one of the SSPs to obtain an authenticated connection. These calls do not require extensive knowledge of the security protocol's details.

See also: security protocol; security support provider

Service Principal Name (SPN)

A way of referring to a service principal. SPN structures generally follow Internet Engineering Task Force (IETF) naming conventions, and they often include the name of the computer on which the service is running. SPNs may be used to request Kerberos tickets, and they are required for mutual authentication.

See also: authentication


See definition for: security ID (SID)

Simple Authentication and Security Layer (SASL)

An open framework, described in Request for Comments (RFC) 2222, for adding authentication support to connection-based protocols.

See also: authentication


See definition for: Secure Sockets Layer (SSL)


See definition for: security support provider (SSP)


See definition for: Security Support Provider Interface (SSPI)


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.



A set of standards defining a distributed directory service, developed by the International Standards Organization (ISO).

See also: directory service


There are no glossary terms that begin with this letter.


There are no glossary terms that begin with this letter.