Active Directry - Networking Questions and Answers

Forest trust

A trust that must be explicitly created by a systems administrator between two forest root domains. This trust allows all domains in one forest to transitively trust all domains in another forest. A forest trust is not transitive across three or more forests. The trust is transitive between two forests only and can be one-way or two-way. See also shortcut trust; external trust; realm trust.

Forward lookup

In Domain Name System (DNS), a query process in which the friendly DNS domain name of a host computer is searched to find its Internet Protocol (IP) address.

Global catalog

A domain controller that contains a partial replica of every domain in Active Directory. A global catalog holds a replica of every object in Active Directory, but with a limited number of each object’s attributes. The global catalog stores those attributes most frequently used in search operations (such as a user’s first and last names) and those attributes required to locate a full replica of the object. The Active Directory replication system builds the global catalog automatically. The attributes replicated into the global catalog include a base set defined by Microsoft. Administrators

can specify additional properties to meet the needs of their installation.

Global catalog server

A domain controller that holds a copy of the global catalog for the forest.

Global group

A security or distribution group that can contain users, groups, and computers from its own domain as members. Global security groups can be granted rights and permissions for resources in any domain in the forest. See also local group; group.

Globally unique identifier (GUID)

A 128-bit number that is guaranteed to be unique. GUIDs are assigned to objects when the objects are created. The GUID never changes, even if you move or rename the object. Applications can store the GUID of an object and use the GUID to retrieve that object regardless of its currentdistinguished name.

GPO See Group Policy Object (GPO).


A command-line tool that enables you to create and display a Resultant Set of Policy (RSoP) query on the command line. In addition, Gpresult provides general information about the operating system, user, and computer.


In Microsoft Windows Server 2003 and Microsoft Windows XP Professional, a command-line tool that enables you to refresh policy immediately. Gpupdate replaces the secedit.exe/refreshpolicy command used for refreshing Group

Policy Objects (GPOs) in Microsoft Windows 2000.