directory services glossary
- DNS Domain -- The administrative scope of a set of DNS records. incomplete.io and devops.incomplete.io are examples of distinct (forward) DNS domains, each containing a set of DNS records.
- Domain Controller -- In Active Directory (and NT domains before it), a host that contains a copy of the Active Directory domain database. A domain controller also presents other services discussed through out, such as acting as a Kerberos KDC (see below). Domain controllers may come with different roles.
- Global Catalogue -- A forest-wide copy of a subset of each Active Directory domain's objects and attributes. See the active directory ldap extras section for more specific information.
- Key Distribution Centre (KDC) -- a host in a Kerberos realm that contains a copy of the user and service principals and keys. KDC is one service provided by Active Directory domain controllers.
- Realm -- A Kerberos namespace or administrative domain. Often mirrors a DNS domain, but is contextually quite unique. An Active Directory domain equates to a Kerberos realm.
- Service Principal -- An identity providing a service over Kerberos for use by clients. Often a server, such as a file server, domain controller or web server.
- User Principal -- An identity consuming Kerberised services. Often an interactive user, but may often be domain member computers.