A combination of a user’s assigned permissions through group membership, an explicit user permission assignment, and inherited permissions.
What is effective permissions
100
A partition that contains all objects in a domain, including users, groups, computers, OUs, and so forth.
What is domain directory partition
100
A trust relationship in which one domain trusts another, but the reverse is not true.
What is one-way trust
100
A process that runs on every domain controller to determine the replication topology.
What is Knowledge Consistency Checker (KCC)
100
A domain controller with sole responsibility for certain domain or forestwide functions.
What is operations master
200
The process of transmitting permissions from a parent object to a child object.
What is permission inheritance
200
The first domain created in a new forest.
What is forest root domain
200
A manually configured trust between domains in the same forest for the purpose of bypassing the normal referral process.
What is shortcut trust
200
Active Directory replication between domain controllers in the same site. Kerberos An open-standard security protocol used to secure authentication and identification between parties in a network.
What is intrasite replication
200
An Active Directory object that can be assigned permissions or rights to Active Directory objects and network resources.
What is security principals
300
An arrangement that defines whether and how security principals from one domain can access network resources in another domain.
What is trust relationship
300
A directory partition that stores this, which is a partial replica of all objects in the forest. It contains the most commonly accessed object attributes to facilitate object searches and user logons across domains.
What is global catalog partition
300
A trust in which both domains in the relationship trust each other, so users from both domains can access resources in the other domain.
What is two-way trust
300
Active Directory replication that occurs between two or more sites.
What is intersite replication
300
A logical connection between two sites that determines the replication schedule and frequency between the sites.
What is site link
400
A user logon name that follows the format username@domain. Users can use this to log on to their own domain from a computer that’s a member of a different domain.
What is user principal name (UPN)
400
A directory partition that applications and services use to store information that benefits from automatic Active Directory replication and security.
What is application directory partition
400
A trust relationship based on this rule of mathematics; if Domain A trusts Domain B and Domain B trusts Domain C, then Domain A trusts Domain C.
What is transitive trust
400
The process for replicating Active Directory objects in which changes to the database can occur on any domain controller and are propagated, or replicated, to all other domain controllers.
What is multimaster replication
400
A numeric value assigned to each object in a domain that uniquely identifies the object; composed of a domain identifier, which is the same for all objects in a domain, and the RID
What is Security identifier (SID)
500
The process of a user with higher security privileges assigning authority to perform certain tasks to a user with lesser security privileges; usually used to give a user administrative permission for an OU.
What is delegation of control
500
A directory partition containing the information needed to define Active Directory objects and object attributes for all domains in the forest.
What is schema directory partition
500
A trust used to integrate users of other OSs into a Windows Server 2008 domain or forest; requires the OS to be running Kerberos V5 authentication.
What is realm trust
500
A protocol that runs over TCP/IP and is designed to facilitate access to directory services and directory objects. this is based on a suite of protocols called X.500, developed by the International Telecommunications Union.
What is Lightweight Directory Access Protocol (LDAP)
500
Specialized domain controller tasks that handle operations that can affect the entire domain or forest. Only one domain controller can be assigned this particular role
What is Flexible Single Master Operation (FSMO) roles