1.1 Glossary

  • Article

This document uses the following terms:

Active Directory: The Windows implementation of a general-purpose directory service, which uses LDAP as its primary access protocol. Active Directory stores information about a variety of objects in the network such as user accounts, computer accounts, groups, and all related credential information used by Kerberos [MS-KILE]. Active Directory is either deployed as Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS), which are both described in [MS-ADOD]: Active Directory Protocols Overview.

Active Directory object: A set of directory objects that are used within Active Directory as defined in [MS-ADTS] section 3.1.1. An Active Directory object can be identified by a dsname. See also directory object.

Active Directory replication: The process by which the changes that are made to Active Directory objects on one domain controller (DC) are automatically synchronized with other DCs.

Change Order: A message that contains information about a file or folder that has changed on a replica. The change order is sent to the member's downstream partners. If the downstream partners accept the change, the partners request the associated staging file. After installing the changed file in their individual replica trees, the partners propagate the change order to their downstream partners.

Connection Join (Join): The process by which a connection session is established.

Connection Session: After FRS discovers a connection from Active Directory, FRS establishes a connection session with the remote connection partner based on the information provided by the connection object. The connection is called "joined" when a connection session is successfully established. This connection session is disconnected once the connection schedule is off (forbidding file replication on the connection).

Dampening: On receiving a remote change order, FRS must determine if the change order is already known to the local machine by using the version vector of the local machine. If the remote change order is known, FRS drops the change order and informs the upstream partner. This process is called "dampening" a change order.

DFS-R: A service that keeps DFS and SYSVOL folders in sync automatically. DFS-R is a state-based, multimaster replication system that supports replication scheduling and bandwidth throttling. This is a rewrite and new version of FRS. For more information, see [MS-FRS2].

Directed Change Order: A change order directed to a single downstream partner and produced when the partner is a Version Vector Join (VVJoin), such as during initial sync.

Distributed File System (DFS): A file system that logically groups physical shared folders located on different servers by transparently connecting them to one or more hierarchical namespaces. DFS also provides fault-tolerance and load-sharing capabilities.

Distributed File System Replication (DFS-R): A service that keeps DFS folders in sync automatically. DFS-R is a state-based, multi-master replication system that supports replication scheduling and bandwidth throttling. This is a rewrite and new version of the File Replication Service (FRS). For more information, see [MS-FRS2].

domain: A set of users and computers sharing a common namespace and management infrastructure. At least one computer member of the set has to act as a domain controller (DC) and host a member list that identifies all members of the domain, as well as optionally hosting the Active Directory service. The domain controller provides authentication of members, creating a unit of trust for its members. Each domain has an identifier that is shared among its members. For more information, see [MS-AUTHSOD] section 1.1.1.5 and [MS-ADTS].

domain controller (DC): The service, running on a server, that implements Active Directory, or the server hosting this service. The service hosts the data store for objects and interoperates with other DCs to ensure that a local change to an object replicates correctly across all DCs. When Active Directory is operating as Active Directory Domain Services (AD DS), the DC contains full NC replicas of the configuration naming context (config NC), schema naming context (schema NC), and one of the domain NCs in its forest. If the AD DS DC is a global catalog server (GC server), it contains partial NC replicas of the remaining domain NCs in its forest. For more information, see [MS-AUTHSOD] section 1.1.1.5.2 and [MS-ADTS]. When Active Directory is operating as Active Directory Lightweight Directory Services (AD LDS), several AD LDS DCs can run on one server. When Active Directory is operating as AD DS, only one AD DS DC can run on one server. However, several AD LDS DCs can coexist with one AD DS DC on one server. The AD LDS DC contains full NC replicas of the config NC and the schema NC in its forest. The domain controller is the server side of Authentication Protocol Domain Support [MS-APDS].

domain functional level: A specification of functionality available in a domain. Must be less than or equal to the DC functional level of every domain controller (DC) that hosts a replica of the domain's naming context (NC). For information on defined levels, corresponding features, information on how the domain functional level is determined, and supported domain controllers, see [MS-ADTS] sections 6.1.4.2 and 6.1.4.3. When Active Directory is operating as Active Directory Lightweight Directory Services (AD LDS), domain functional level does not exist.

Downstream Partner: The partner that receives change orders, files, and folders.

endpoint: A network-specific address of a remote procedure call (RPC) server process for remote procedure calls. The actual name and type of the endpoint depends on the RPC protocol sequence that is being used. For example, for RPC over TCP (RPC Protocol Sequence ncacn_ip_tcp), an endpoint might be TCP port 1025. For RPC over Server Message Block (RPC Protocol Sequence ncacn_np), an endpoint might be the name of a named pipe. For more information, see [C706].

endpoint mapper: A service on a remote procedure call (RPC) server that maintains a database of dynamic endpoints and allows clients to map an interface/object UUID pair to a local dynamic endpoint. For more information, see [C706].

Event Time: See File Event Time.

file: An entity of data in the file system that a user can access and manage. A file must have a unique name in its directory. It consists of one or more streams of bytes that hold a set of related data, plus a set of attributes (also called properties) that describe the file or the data within the file. The creation time of a file is an example of a file attribute.

file attribute: A 32-bit bitmask containing information on a file's properties. For instance, 0x00000001 is used for the read-only attribute.

File GUID: An identifying property of a file or folder in a replica tree. FRS creates and manages file GUIDs, which, along with the file version number and file event time, are stored in the IDTable. Each file and folder stores its file GUID as part of its attributes; therefore, corresponding files and folders across all replica set members have the same file GUID.

File Replication Service (FRS): One of the services offered by a domain controller (DC), which is advertised through the Domain Controller Location protocol. The service being offered to clients is a replicated data storage volume that is associated with the default naming context (NC). The running or paused state of the FRS on a DC is available through protocols documented in [MS-ADTS] section 6.3.

File Version Number: A property of a file and folder in a replica tree that is incremented each time the file or folder is updated. The file version number is used to resolve concurrent updates originating from more than one member of the replica set. The version number is only incremented by the member that originated the file update. Other members that propagate the update do not change the version number.

filter: A setting that excludes subfolders (and their contents) or files from replication. There are two types of filters: file filters and folder filters.

fully qualified domain name (FQDN): An unambiguous domain name that gives an absolute location in the Domain Name System's (DNS) hierarchy tree, as defined in [RFC1035] section 3.1 and [RFC2181] section 11.

globally unique identifier (GUID): A term used interchangeably with universally unique identifier (UUID) in Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the value. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] must be used for generating the GUID. See also universally unique identifier (UUID).

IDTable: A table of FRS state information that contains an entry with version and identity information for each file and folder in the replica tree. It is used to keep track of all files in the replica set and their histories.

inbound: The network traffic flowing from the client to the server.

Inbound Connection: For a given replica member, a component of the NT File Replication Service (NTFRS) member object in Active Directory that identifies upstream partners. An inbound connection exists for each upstream partner.

inbound log: A queue that stores pending change orders to be processed. As entries in the queue are processed, acknowledgments are sent to the inbound partners.

Inbound Log (InLog): A queue that stores pending change orders to be processed. As entries in the queue are processed, acknowledgments are sent to the upstream partners.

Initial Sync: The process a new member to the replica set before it is allowed to synchronize with its downstream partners. It is also called VVJoin.

Install (File or Folder): A process by which FRS applies a change order to the local file system to restore the file or folder as it is in the upstream partner. If the change order is for a deletion, the file or folder in the local file system is deleted (staging file is not needed). If the change order is for a renaming, the file or folder in the local file system is renamed (staging file is needed). If the change order is for a copying or creation, the file or folder is copied or created (staging file is needed). Installing a file or folder may fail if the file or folder is already opened by another process. If the installation failed, FRS retries installing the file or folder at a later time.

Interface Definition Language (IDL): The International Standards Organization (ISO) standard language for specifying the interface for remote procedure calls. For more information, see [C706] section 4.

join: A combination of data from multiple sources that is based upon a common attribute or join condition.

Local Change Order: A change order that is created because of a change to a file or folder on the local server. The local server becomes the originator of the change order and constructs a staging file.

MD5 hash: A hashing algorithm, as described in [RFC1321], that was developed by RSA Data Security, Inc. An MD5 hash is used by the File Replication Service (FRS) to verify that a file on each replica member is identical.

NetBIOS: A particular network transport that is part of the LAN Manager protocol suite. NetBIOS uses a broadcast communication style that was applicable to early segmented local area networks. A protocol family including name resolution, datagram, and connection services. For more information, see [RFC1001] and [RFC1002].

Normal Sync: The synchronization among replicas after initial sync is done.

NT file system (NTFS): A proprietary Microsoft file system. For more information, see [MSFT-NTFS].

NTFRS Member: An object of class type nTFRSMember. Each NTFRS member object (class nTFRSMember) corresponds to a computer that is part of a replica set (see section NTFRS Member Object as specified in section 2.3.1.3).

objectGUID: The attribute on an Active Directory object whose value is a GUID that uniquely identifies the object. The GUID value of an object's objectGUID is assigned when the object was created and is immutable thereafter. The integrity of object references between NCs and of replication depends on the integrity of the objectGUID attribute. For a descrption of the general concept of an "object", see [MS-ADTS] section 1. For more detailed information see [MS-ADTS] section 3.1.1.1.3.

opnum: An operation number or numeric identifier that is used to identify a specific remote procedure call (RPC) method or a method in an interface. For more information, see [C706] section 12.5.2.12 or [MS-RPCE].

Originator GUID: A GUID that is associated with each replica member. All change orders produced by a given replica member carry the replica member's originator GUID, which is saved in the IDTable. The originator GUID is not the same as the member GUID, which is the objectGuid of the NTFRS member object in Active Directory. For more information, see [MS-ADTS] section 3.1.1.1.3.

outbound: Network traffic flowing from the server to the client.

Outbound Connection: For a given replica member, a component of the NTFRS member object in Active Directory that identifies downstream partners. An outbound connection exists for each downstream partner.

Outbound Log (OutLog): A table in the FRS database that stores pending change orders to be sent to downstream partners. The changes can originate locally or come from an upstream partner. These change orders are eventually sent to all outbound replica partners.

Parent GUID: The GUID of the parent folder that contains a particular file or folder in the replica tree.

partner: A computer connected to a local computer through either inbound or outbound connections.

primary domain controller (PDC): A domain controller (DC) designated to track changes made to the accounts of all computers on a domain. It is the only computer to receive these changes directly, and is specialized so as to ensure consistency and to eliminate the potential for conflicting entries in the Active Directory database. A domain has only one PDC.

read-only domain controller (RODC): A domain controller (DC) that does not accept originating updates. Additionally, an RODC does not perform outbound replication. An RODC cannot be the primary domain controller (PDC) for its domain.

Remote Change Order: A change order received from an inbound (or upstream) partner that originated elsewhere in the replica set.

remote procedure call (RPC): A communication protocol used primarily between client and server. The term has three definitions that are often used interchangeably: a runtime environment providing for communication facilities between computers (the RPC runtime); a set of request-and-response message exchanges between computers (the RPC exchange); and the single message from an RPC exchange (the RPC message).  For more information, see [C706].

Replica Member (FRS Replica): A member of a replica set. Replica contains machine-specific information.

replica set: In File Replication Service (FRS), the replication of files and directories according to a predefined topology and schedule on a specific folder. The topology and schedule are collectively called a replica set. A replica set contains a set of replicas, one for each machine that participates in replication.

replica tree: The local replica root folder together with all files and directories underneath it, which usually is saved as a tree structure in the file system.

Replica Tree Root: The folder whose "children" (that is, files and folders) are replicated.

Retry Change Order: A change order that is in some state of completion but has been blocked for some reason and must be retried later.

Schedule: The frequency at which FRS replicates data under replica tree root.

scheduled: A status that is applied to a list item or document that specifies a time when the item or document will be published or unpublished.

security principal name (SPN): The name that identifies a security principal (for example, machinename$@domainname for a machine joined to a domain or username@domainname for a user). Domainname is resolved using the Domain Name System (DNS).

security provider: A pluggable security module that is specified by the protocol layer above the remote procedure call (RPC) layer, and will cause the RPC layer to use this module to secure messages in a communication session with the server. The security provider is sometimes referred to as an authentication service. For more information, see [C706] and [MS-RPCE].

staging file: The backup of the changed file or folder. It encapsulates the data and attributes associated with a replicated file or folder. By creating the staging file, File Replication Service (FRS) ensures that file data can be supplied to partners regardless of any activity that might prevent access to the original file. The staging files can be compressed to save disk space and network bandwidth during replication.

system volume (SYSVOL): A shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain.

unique identifier (UID): A pair consisting of a GUID and a version sequence number to identify each resource uniquely. The UID is used to track the object for its entire lifetime through any number of times that the object is modified or renamed.

universally unique identifier (UUID): A 128-bit value. UUIDs can be used for multiple purposes, from tagging objects with an extremely short lifetime, to reliably identifying very persistent objects in cross-process communication such as client and server interfaces, manager entry-point vectors, and RPC objects. UUIDs are highly likely to be unique. UUIDs are also known as globally unique identifiers (GUIDs) and these terms are used interchangeably in the Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the UUID. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] must be used for generating the UUID.

Upstream Partner: The partner that sends out change orders, files, and folders.

version sequence number (VSN): A 64-bit unsigned number. Version sequence numbers are assigned to global version sequence numbers as part of file metadata in monotonic increasing order.

Version Vector Join (VVJoin): The process in which a downstream partner joins with an upstream partner for the first time. Also called initial sync. This process is defined in section [MS-FRS1] section 3.3.4.6.

Volatile Connection: An inbound connection created for the initial sync for a system volume (SYSVOL) replica set. After the initial sync is done, the volatile connection is destroyed. Volatile connections are not represented in Active Directory.

volume sequence number (VSN) (for file replication service): A unique sequence number assigned to a change order to order the event sequence in a replica. It is a monotonically increasing sequence number assigned to each change that originates on a given replica member. If one change order has a smaller volume sequence number (VSN) than another change order, the change that the first change order represents occurs before the change that the second change order represents.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.