HP 4x1Ex32 HP IP Console Viewer User Guide - Page 328

be explicitly controlled by group policies. This property makes objects of class OU the most significant structural components that active directory administrators create and use. Continuation Reference The LDAP searchResult might be returned by an active directory server when it holds the baseObject of a searchRequest, but is unable to search all of the entries in the scope under the baseObject (that is, when some of the entries in the scope might be held in other domains). Continuation References are non-specific in the sense that the Continuation References returned in a searchResult always list all of the immediate child domains below the domain that is generating the searchResult. Therefore, some of the domains listed in a response containing Continuation References might not hold any of the target objects. This is in contrast to referrals, which are completely specific. A referral always contains the desired baseObject of the search. descendant domains Refers collectively to all the domains below a specific root domain, without regard to whether they are immediate child domains of the root or are located lower in the contiguous name space. When it is important to emphasize that a domain is an immediate subordinate of the root, use the term "child domain." See also child domain. Directory Information Tree The DIT comprises the entire set of active directory objects deployed by an enterprise. This set forms a tree structure in the sense that each forest tree deployed by the enterprise forms a hierarchy of active directory servers whose Distinguished Names are embedded in the DNS name space, itself a tree structure. Inside each active directory server, the objects form a micro-structure of hierarchically related containers and leaf objects. Distinguished Name Each object in the active directory has a unique Distinguished Name. The DN identifies the domain that holds the objects as well as the complete path through the container hierarchy (in that domain) by which the object is reached. A typical DN might be: cn=JohnSmith, cn=users, dc=widget, dc=com. This DN identifies the "John Smith" user object in the widget.com domain. In this example, cn is an abbreviation for common name, which is an attribute. Dc is an abbreviation for domain component, which is another attribute used in active directory. domain A single security boundary of a Windows NT®-based computer network. Within a domain, objects and hierarchies of objects are created, according to the rules in the schema. A deployment of active directory is made up of one or more domains. On a stand-alone workstation, the domain is the computer itself. A domain can span more than one physical location by placing peer master domain controllers at more than one site. Every domain has its own security policies and security relationships with other domains. When multiple domains are arranged to form a hierarchy beneath a root domain, the domains form a contiguous name space and are collectively referred to as a domain tree. Within a domain tree, all domains are connected by mutual trust relationships and share a common schema, configuration, and global catalog. Multiple domain trees can be connected together, in terms of trust relationships, to create a forest. Each active directory host computer holds a single domain. A single computer cannot host more Glossary 328