Active Directory Features Facts

As you work with Active Directory, you should understand the following concepts:
Feature

Description

Global
Catalog

The Global Catalog (GC) is a database that contains a partial replica of every
object from every domain within a forest. A server that holds a copy of the Global
Catalog is a global catalog server. The Global Catalog facilitates faster searches
because different domain controllers do not have to be referenced.

Operations master roles, also referred to as Flexible Single-Master Operation

(FSMO) roles, are specialized domain controller tasks assigned to a domain
controller in the domain or forest. Operations master roles are useful because
certain domain and enterprise-wide operations are not well suited for the multimaster replication performed by Active Directory to replicate objects and
attributes. A domain controller that performs an operations master role is known
as an operations master or operations master role owner.
The following roles are forest roles, meaning that one domain controller within
the entire forest holds the role:
The schema master maintains the Active Directory schema for the forest.
The domain naming master adds new domains to and removes existing
domains from the forest.
Operations
Master Roles The following roles are domain roles, meaning that one domain controller in each
domain holds the role:
The RID master allocates pools or blocks of numbers (called relative IDs
or RIDs) that are used by the domain controller when creating new
security principles (such as user, group, or computer accounts).
The PDC emulator acts like a Windows NT 4.0 Primary Domain
Controller (PDC) and performs other tasks normally associated with NT
domain controllers.
The infrastructure master is responsible for updating changes made to
objects.
As you install or remove domain controllers, you will need to be aware of which
domain controllers hold these roles.
Functional
Level

A functional level is a set of operation constraints that determine the functions

that can be performed by an Active Directory domain or forest. A functional level
defines:
Which Active Directory Domain Services (AD DS) features are available
to the domain or forest.
Which Windows Server operating systems can be run on domain
controllers in the domain or forest. Functional levels do not affect which
operating systems you can run on workstations and servers that are joined
to the domain or forest.
Windows Server 2008 supports the following domain functional levels:
Windows 2000 Native

Windows Server 2003

Windows Server 2008
Windows Server 2008 supports the following forest functional levels:
Windows 2000
Windows Server 2003
Windows Server 2008
Note: You cannot have Windows NT domain controllers and Windows Server
2008 domain controllers in the same forest.

A policy is a set of configuration settings that must be applied to users or

computers. Collections of policy settings are stored in a Group Policy object
(GPO). The GPO is a collection of files that includes registry settings, scripts,
templates, and software-specific configuration values.
Group Policy is an important component of Active Directory because through
Group Policy you can centrally manage and enforce desktop and other settings for
users and computers within your organization. For example, with Group Policy
you can:
Group Policy
Enforce a common desktop for users
Remove desktop components, such as preventing access to the Control
Panel
Restricting what actions users can perform, such as preventing users from
shutting down the system
Automatically installing software
Dynamically set registry settings required by applications