答附錄審查金鑰 AD DS 條款Appendix A: Reviewing Key AD DS Terms

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

下列條款的相關部署程序適用於 Windows Server 2008 Active Directory Domain Services (AD DS)。The following terms are relevant to the deployment process for Windows Server 2008 Active Directory Domain Services (AD DS).

Active Directory domainActive Directory domain

電腦網路中管理方便群組部分功能,包括下列管理單元:An administrative unit in a computer network that, for management convenience, groups several capabilities, including the following:

  • 全網路使用者的身分Network-wide user identity. 網域中的使用者身分建立一次,然後參考已經加入網域所在的樹系的任何電腦上。In domains, user identities can be created once and then referenced on any computer that is joined to the forest in which the domain is located. 網域構成網域控制站安全地儲存帳號及使用者的認證,例如密碼或憑證。Domain controllers that make up a domain store user accounts and user credentials, such as passwords or certificates, securely.

  • 驗證Authentication. 網域控制站提供使用者驗證服務。Domain controllers provide authentication services for users. 它們也會提供額外的授權資料,例如使用者群組成員資格。They also supply additional authorization data, such as user group memberships. 系統管理員可以使用這些服務來控制資源網路上的存取權。Administrators can use these services to control access to resources on the network.

  • 信任關係Trust relationships. 網域中自己的樹系其他網域中的使用者延伸驗證服務,透過自動雙向信任。Domains extend authentication services to users in other domains in their own forest by means of automatic bidirectional trusts. 網域也會延伸到其他的樹系網域中的使用者驗證服務透過信任的樹系或手動建立的外部信任。Domains also extend authentication services to users in domains in other forests by means of either forest trusts or manually created external trusts.

  • 原則管理Policy administration. 網域是範圍管理原則,例如複雜密碼及密碼重複使用規則。A domain is a scope of administrative policies, such as password complexity and password reuse rules.

  • 複寫Replication. 網域定義提供的資料,這是適合用來提供所需的服務和的網域控制站之間複製樹狀的磁碟分割。A domain defines a partition of the directory tree that provides data that is adequate to provide required services and that is replicated between domain controllers. 如此一來,所有的網域控制站同儕在網域中,而且為單位管理它們。In this way, all domain controllers are peers in a domain, and they are managed as a unit.

Active Directory 森林Active Directory forest

一或多個 Active Directory 網域分享常見的邏輯結構、 directory 架構,和網路設定,以及自動、 雙向轉移信任關係的集合。A collection of one or more Active Directory domains that share a common logical structure, directory schema, and network configuration, as well as automatic, two-way, transitive trust relationships. 每個樹系單一 directory 的而且它定義安全性邊界。Each forest is a single instance of the directory, and it defines a security boundary.

Active Directory 功能層級Active Directory functional level

AD DS,設定,可讓進階的網域全或樹系 AD DS 功能。An AD DS setting that enables advanced domain-wide or forest-wide AD DS features.

移轉Migration

從來源網域移動物件目標網域,同時保留或修改特性,讓您在新的網域存取物件的程序。The process of moving an object from a source domain to a target domain, while preserving or modifying characteristics of the object to make it accessible in the new domain.

網域重建Domain restructure

變更網域結構的樹系的移轉程序。A migration process that involves changing the domain structure of a forest. 網域重建可能彙總或加入網域,而且它可以進行或之間樹森林中。A domain restructure can involve either the consolidation or the addition of domains, and it can take place between forests or within a forest.

網域彙總Domain consolidation

這牽涉到 AD DS 網域排除合併他們內容與其他網域到重整程序。A restructuring process that involves eliminating AD DS domains by merging their contents with the contents of other domains.

網域升級Domain upgrade

升級 directory 服務網域中的較新版 directory 服務的程序。The process of upgrading the directory service of a domain to a later version of the directory service. 這包括升級作業系統上所有的網域控制站和適用提高 AD DS 功能層級。This includes upgrading the operating system on all domain controllers and raising the AD DS functional level where applicable.

就地網域升級In-place domain upgrade

升級作業系統的所有網域控制站在特定網域中,例如、 升級 Windows Server 2008、 Windows Server 2003 及提高時就地離開網域物件,使用者和群組],例如功能層級的網域,如果有的話程序。The process of upgrading the operating systems of all domain controllers in a given domain, for example, upgrading Windows Server 2003 to Windows Server 2008 , and raising the functional level of the domain, if applicable, while leaving domain objects, such as users and groups, in place.

森林根網域Forest root domain

Active Directory 森林中建立第一個的網域。The first domain that is created in the Active Directory forest. 這個網域自動指定為森林根網域。This domain is automatically designated as the forest root domain. Active Directory 森林基礎結構提供基本知識。It provides the foundation for the Active Directory forest infrastructure.

地區的網域Regional domain

建立最佳化複寫流量的地理區域中的子女網域。A child domain that is created in a geographic region to optimize replication traffic.