Directory Services


See system access-control list.
The Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest. The schema also contains formal definitions of every attribute that can exist in an Active Directory object. See Active Directory Schema.

In ADSI, the schema management interfaces supply a means of reading and setting the data associated with class, attribute, and syntax definitions. Use these interfaces with the Active Directory schema as well as with the schemas of other directory services.

schema partition
A directory partition that contains the classSchema and attributeSchema objects that define the types of objects that can exist in the Active Directory forest. Every domain controller in an enterprise forest has a replica of the same schema partition.
security identifier (SID)
A variable length value that uniquely identifies a security principal, such as a user or group. SIDs are used in security descriptors and access-control entries.
service principal name (SPN)
The name by which a client uniquely identifies an instance of a service. See Service Principal Names.
A location in a network where Active Directory servers are held. A site is defined as one or more well connected TCP/IP subnets. "Well connected" means that network connectivity is highly reliable and fast. Defining a site as a set of subnets allows administrators to quickly and easily configure Active Directory access and replication topology to take advantage of the physical network. When users log in, Active Directory clients find Active Directory servers in the same site as the user. Due to the fact that computers in the same site are close to each other in network terms, communication among computers is reliable, fast, and efficient.
structure rules
Defines the possible tree structure of Active Directory, that is, which object classes can contain which object classes. In Active Directory, the possSuperiors and systemPossSuperiors attributes in the schema definition of each object class specifies the object classes that can contain instances of the class. See Characteristics of Object Classes.
system access-control list (SACL)
A system access-control list controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.