Active Directory Terminologies

Some of the commonly used Active Directory terminologies and their definitions are given below:

Discretionary Access Control Lists (DACLs) - The part of the security descriptor of the Active Directory object that grants or denies access to the object. Only the owner of the object can change the permissions in the DACL.

System Access Control Lists (SACLs) - The part of the security descriptor of the Active Directory objects that specify the events, such as file access, system shutdowns, and so on, that have to be audited on a per-user or per-group basis.

Access Control Entries (ACEs) - An entry in the object's access control lists that determine security principles and the permissions associated with it.

Security Identifiers (SIDs) - A unique number associated with each User account, Group, and Computer account. The Windows internal processes refer to these SIDs rather than the account or group names to uniquely identify these objects.

Security Descriptors - The data structure associated with the Active Directory object that specifies the permissions granted or denied to the users and groups (DACL) and the owner of the object. It also specifies the events that have to be audited (SACL).

Security Principals - Active Directory objects, such as Users, Groups, and Computers, that have a Security ID associated with it is referred to as Security Principals.