Platform SDK: Active Directory, ADSI, and Directory Services

S

SACL
See system access-control list.
schema
The Active Directory™ schema contains formal definitions of every object class that can be created in an Active Directory forest. The schema also contains formal definitions of every attribute that can exist in an Active Directory object. See Active Directory Schema.

In ADSI, the schema management interfaces supply a means of reading and setting the information associated with class, attribute, and syntax definitions. You can use these interfaces with the Active Directory schema as well as with the schemas of other directory services.

schema partition
A directory partition that contains the classSchema and attributeSchema objects that define the types of objects that can exist in the Active Directory™ forest. Every DC in an enterprise forest has a replica of the same schema partition.
security identifier (SID)
A security identifier is a variable length value that uniquely identifies a security principal (such as a user or group). SIDs are used in security descriptors and access-control entries.
service principal name (SPN)
A service principal name (SPN) is the name by which a client uniquely identifies an instance of a service. See Service Principal Names.
site
A site is a location in a network where Active Directory™ servers are held. A site is defined as one or more well connected TCP/IP subnets. "Well connected" means that network connectivity is highly reliable and fast. Defining a site as a set of subnets allows administrators to quickly and easily configure Active Directory access and replication topology to take advantage of the physical network. When users log in, Active Directory clients find Active Directory servers in the same site as the user. Since machines in the same site are close to each other in network terms, communication among machines is reliable, fast, and efficient.
SMTP
See simple mail transfer protocol.
structure rules
Structure rules define the possible tree structure of Active Directory™, that is, which object classes can contain which object classes. In Active Directory, the possSuperiors and systemPossSuperiors attributes in the schema definition of each object class specifies the object classes that can contain instances of the class. See Characteristics of Object Classes.
system access-control list (SACL)
A system access-control list controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.