Active Directory glossary

Shared folders: Folders and files available in a domain and accessible by domain users.

SYSVOL: A complete list of all the folders within the file system on a domain controller. These folders provide the default AD storage location for files that must be replicated throughout the domain, such as GPOs, logon or logoff scripts, and other custom program scripts.

Schema: Defines the structure, attributes, and classes of all objects stored within AD. A schema controls how data is organized and accessed, ensuring consistency and integrity for the data across the network.

Discretionary access control lists (DACLs): The part of the security descriptor of the AD object that grants or denies access to the object. Only the owner of the object can change the permissions in the DACL.

System access control lists (SACLs): The part of the security descriptor of the AD objects that specify the events, such as file access, system shutdowns, and so on, that have to be audited on a per-user or per-group basis.

Access control entries (ACEs): An entry in the object's ACL that determines security principles and the permissions associated with it.

Security identifiers (SIDs): A unique number associated with each user account, group, and computer account. Windows internal processes refer to these SIDs rather than the account or group names to uniquely identify objects.

Security descriptors: The data structure associated with the AD object that specifies the permissions granted or denied to users and groups (DACL) and the owner of an object. It also specifies the events that have to be audited (SACL).

Security principals: AD objects, such as users, groups, and computers, that have an SID associated with them.