For Microsoft Provisioning System, a container object that holds other container objects that are used to implement delegated administration.

An entry in an object's discretionary access control list (DACL) that grants permissions to a user or group. An ACE is also an entry in an object's system access control list (SACL) that specifies the security events to be audited for a user or group.

A list of security protections that apply to an entire object, a set of the object's properties, or an individual property of an object. There are two types of access control lists: discretionary and system.

For Microsoft Provisioning Framework (MPF), public or private access to provisioning procedures. A public procedure can be invoked directly by a provisioning request or by another provisioning procedure. A private procedure can only be invoked by another provisioning procedure. For testing purposes, specific users can be granted special permissions allowing execution of private procedures directly from a provisioning request.

The directory service that stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators with an intuitive, hierarchical view of the network and a single point of administration for all network objects.

For Delegated Administration Console, a user account that is a member of the admins group for a domain. This group has administrative privileges over users, services, and organizational units within the domain. Each time a new organization is created, a corresponding admins group is created, to which user accounts can be added in order to give them administrative privileges.

For Resource Manager in Microsoft Provisioning Framework (MPF), a claim that a consumer instance has on the capacity of a resource instance.

The SQL database in which Microsoft Provisioning Framework (MPF) stores data about successful and failed transactions for which auditing is enabled. The audit level property of provisioning engines determines which provisioning transactions are included in the audit and what transaction data to include.

The process that tracks the activities of users by recording selected types of events in the security log of a server or a workstation.

A Microsoft Provisioning Framework (MPF) provisioning server that maintains transaction history and status. If a transaction fails, the auditing and recovery manager also issues rollback requests to the provisioning engine.

The process for verifying that an entity or object is who or what it claims to be. Examples include confirming the source and integrity of information, such as verifying a digital signature or verifying the identity of a user or computer.

The process that determines what a user is permitted to do on a computer system or network.

A resource-allocation model in which each resource instance has a maximum capacity, and each consumer instance is allocated a given percentage of that capacity.

For Resource Manager in Microsoft Provisioning Framework (MPF), the set of eligible candidates that must be defined for an operation. You must define a candidate set whenever you operate on instances or groups of resources or consumers. Many operations have both a source and a destination candidate set.

A measurement of the usefulness of a resource instance. For Resource Manager in Microsoft Provisioning Framework (MPF), capacity attributes are defined by resource type and are propagated to resource instances. Capacity can be expressed in terms of megabytes, bandwidth, or any other unit of measure.

For Delegated Administration Console, an organization that is contained within another organization. For example, a reseller organization might contain a number of customer organizations, which would be considered child organizations.

For Microsoft Provisioning Framework (MPF), a server-based component that submits provisioning requests. A client makes interfaces available to the queue manager or provisioning engine components. Queue manager clients submit queued requests to queue managers. Provisioning engine clients submit real-time requests to provisioning engines.

A server's ability to mask its own identity when making calls on a client's behalf. When cloaking is enabled, calls from the server impersonating the client can be made under the client's identity. When cloaking is disabled, calls from the server will be made under the server's identity.

Microsoft Provisioning Framework (MPF) supports either static cloaking or dynamic cloaking while executing a procedure with impersonation turned on.

In data storage, the smallest amount of disk space that can be allocated to hold a file. All file systems used by Windows organize hard disks based on clusters, which consist of one or more contiguous sectors. The smaller the cluster size, the more efficiently a disk stores information. If no cluster size is specified during formatting, Windows picks defaults based on the size of the volume. These defaults are selected to reduce the amount of space that is lost and the amount of fragmentation on the volume. Also called an allocation unit.

In computer networking, a group of independent computers that work together to provide a common set of services and present a single-system image to clients. The use of a cluster enhances the availability of the services and the scalability and manageability of the operating system that provides the services.

The essential software component that controls all aspects of server cluster operation and manages the cluster database. Each node in a server cluster runs one instance of the Cluster service.

An extension of the COM (Component Object Model) programming architecture that includes a runtime or execution environment and extensible services, including transaction services, security, load balancing, and automatic memory management.

In Microsoft Provisioning Framework (MPF), an operation that saves changes made after the start of a transaction. The changes are saved to a persistent store. A commit guarantees that all of the modifications made as a result of the transaction are made a permanent part of the database, cube, or dimension. A commit also frees resources that are used by the transaction.

An object-based programming model designed to promote software interoperability; it allows two or more applications or components to easily cooperate with one another, even if they were written by different vendors, at different times, in different programming languages, or if they are running on different computers running different operating systems. Object linking and embedding (OLE) technology and ActiveX are both built on top of COM.

The SQL database containing all configuration information for Microsoft Provisioning Framework (MPF) components, including configuration information for the provisioning servers, namespaces, and credentials implemented in MPF.

For Resource Manager in Microsoft Provisioning Framework (MPF), a user that consumes resources. A user can be a person or an entity, such as an organization.

For Resource Manager in Microsoft Provisioning Framework (MPF), a set of consumer instances that share similarities which are important for management purposes.

For Resource Manager in Microsoft Provisioning Framework (MPF), a single representation of a consumer. For example, a particular service user is considered a consumer instance. Consumer instances inherit their default properties from their respective consumer types.

For Resource Manager in Microsoft Provisioning Framework (MPF), a set of attributes common to a particular kind of consumer. A consumer in one situation can be a resource in another, but each usage must be defined separately in Resource Manager.

An object that can logically contain other objects. For example, in Delegated Administration Console, a reseller organization is a container object because it can contain customer organizations, users, groups, and other organizational units.

In general, a set of information that includes identification and proof of identification that is used to gain access to local and network resources. Examples of credentials are user names and passwords, smart cards, and certificates.

For Microsoft Provisioning Framework (MPF), a domain, name, and password for an account. A procedure can be configured to use specific credentials to temporarily elevate a user's privileges so that a user can execute the procedure.

For Delegated Administration Console, an organization to which a reseller provisions services. A customer organization must be contained within a reseller organization.

A Delegated Administration Console user account that is a member of a domain "csradmins" group. This group has administrative privileges over user accounts, groups, and organizational units within the domain.

A browser-based tool for managing Microsoft Provisioning System. It enables the delegation of administration by selectively presenting administrative options to users based on their logon credentials.

In Microsoft Provisioning Framework (MPF), a mechanism that allows a server process to run using the credentials of the client; therefore, delegation is similar to impersonation. However, delegation is more powerful and allows the server process to make calls to other computers while acting on behalf of the client.

The process of deploying and managing Web service infrastructures, such as printers and routers, firewalls, switches, and Domain Name System (DNS).

The part of an object's security descriptor that grants or denies specific users and groups permission to access the object. Only the owner of an object can change permissions granted or denied in a DACL; thus, access to the object is at the owner's discretion.

A transaction that involves multiple transaction resource managers, whether on the same or different machines.

In Active Directory, a collection of computer, user, and group objects defined by the administrator. These objects share a common directory database, security policies, and security relationships with other domains.

In DNS, any tree or subtree within the DNS namespace. Although the names for DNS domains often correspond to Active Directory domains, DNS domains should not be confused with Active Directory domains.

In an Active Directory forest, a server that contains a writable copy of the Active Directory database, participates in Active Directory replication, and controls access to network resources. Administrators can manage user accounts, network access, shared resources, site topology, and other directory objects from any domain controller in the forest.

The name given by an administrator to a collection of networked computers that share a common directory. Part of the Domain Name System (DNS) naming structure, domain names consist of a sequence of name labels separated by periods.

A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names, and it also enables the discovery of other information stored in the database.

A specific node name in the DNS namespace tree. DNS domain names use singular node names, known as labels, joined together by periods (.) that indicate each node level in the namespace. Although an Active Directory domain name is usually the full DNS domain name, Active Directory domain names should not be confused with DNS domain names. An Active Directory domain name might or might not be registered with an Internet naming authority.

A form of cloaking where the original client identity is discovered using the server thread access token on each method call to the downstream server. Although the identity that is presented can be determined dynamically, the overhead required to do this can be considerably more expensive.

In Delegated Administration Console, the role automatically assigned to all user accounts. End-user accounts belong to the allusers group for a domain and can access only their own contact information and passwords.

The administrator account with privileges to administer Exchange services.

The hosted messaging solution provided by Microsoft Provisioning System.

The amount of time that an unresponsive or malfunctioning component remains marked as unavailable. During this time, no requests are sent from the client to the excluded component.

The namespace XML that can be imported into another Microsoft Provisioning Framework (MPF) installation. The use of export XML enables remote invocation of procedures within a namespace from the MPF installation where the namespace is imported.

A meta-markup language that provides a format for describing structured data. This facilitates more precise declarations of content and more meaningful search results across multiple platforms. In addition, XML enables a new generation of Web-based data viewing and manipulation applications.

The process of taking resource groups offline on one node and bringing them back online on another node. When a resource group goes offline, all resources belonging to that group go offline. The offline and online transitions occur in a predefined order, with resources that are dependent on other resources taken offline before and brought online after the resources upon which they depend.

One or more Active Directory domains that share the same class and attribute definitions (schema), site and replication information (configuration), and forest-wide search capabilities (global catalog). Domains in the same forest are linked with two-way, transitive trust relationships.

A DNS domain name that has been stated unambiguously so as to indicate with absolute certainty its location in the domain namespace tree. Fully qualified domain names differ from relative names in that they are typically stated with a trailing period (.)—for example, host.example.microsoft.com.—to qualify their position to the root of the namespace.

In an Active Directory network, a normal user account in a user's domain. Most user accounts are global accounts. If there are multiple domains in the network, it is best if each user in the network has only one user account in only one domain, and each user's access to other domains is accomplished through the establishment of domain trust relationships.

In Microsoft Provisioning System, the Exchange server maintains a list of global catalogs, and it maintains a load balance across global catalogs.

A directory database that applications and clients can query to locate any object in a forest. The global catalog is hosted on one or more domain controllers in the forest. It contains a partial replica of every domain directory partition in the forest. These partial replicas include replicas of every object in the forest, as follows: the attributes most frequently used in search operations and the attributes required to locate a full replica of the object.

In Microsoft Provisioning System, the Exchange server maintains a list of global catalogs, and it maintains a load balance across global catalogs.

A 16-byte value generated from the unique identifier on a device, the current date and time, and a sequence number. A GUID is used to identify a particular device or component.

A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. Distribution groups are used only for e-mail. Security groups are used both to grant access to resources and as e-mail distribution lists.

A unique name identifying a local group or a global group to Windows. A group's name cannot be identical to any other group name or user name in its own domain or computer.

A group name that appears to the left of the @ symbol followed by the Windows 2000 domain name. In Delegated Administration Console, this string uniquely identifies a group and its domain. For example, in the group name allusers@fabrikam.com, "allusers" is the group prefix, and fabrikam.com is the domain in which the group resides.

For Delegated Administration Console, the Active Directory organizational unit representing the service provider organization. This organizational unit contains all reseller and customer organizational units. The "hosting" organizational unit is automatically created during Delegated Administration Console installation.

A common connection point for devices in a network. Typically used to connect segments of a local area network (LAN), a hub contains multiple ports. When data arrives at one port, it is copied to the other ports so that all segments of the LAN can see the data.

The protocol used to transfer information on the World Wide Web. An HTTP address (one kind of Uniform Resource Locator [URL]) takes the form: http://www.microsoft.com.

A mechanism that allows a server process to run using the security credentials of the client or some other user using the credentials. When the server is impersonating the client, any operations performed by the server are performed using the client's (impersonating user’s) credentials. Impersonation does not allow the server to access remote resources on behalf of the client. This requires delegation.

Storage technology used by Exchange to store users' mailboxes and folders.

Software services that support Web site creation, configuration, and management, along with other Internet functions. Internet Information Services include Network News Transfer Protocol (NNTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

An application programming interface (API) that resides on a server computer for initiating software services tuned for Windows operating systems.

In Microsoft Provisioning System, ISAPI resides on the Web server.

There are no glossary terms that begin with this letter.

There are no glossary terms that begin with this letter.

The distinguished name notation for an LDAP (Lightweight Directory Access Protocol) server used in LDAP-compliant directory services such as Active Directory. It consists of the server name followed by zero or more component names separated with forward slash marks (/) in the ADsPath format. After the second component that identifies an LDAP server, the remaining components can be listed in either a top-down or bottom-up hierarchy. The way you first specify the path is carried through by ADSI ADsPath names.

The primary access protocol for Active Directory. LDAP is an industry-standard protocol, established by the Internet Engineering Task Force (IETF), that allows users to query and update information in a directory service. Active Directory supports both LDAP version 2 and LDAP version 3.

An Active Directory setting that restricts the listing of directory contents, for increased security.

A technique that is used to scale the performance of a server-based program (such as a Web server) by distributing its client requests across multiple servers within a cluster.

The location where e-mail is delivered. The administrator sets up a mailbox for each user.

The part of an Exchange Information Store that maintains information in user mailboxes.

For Resource Manager in Microsoft Provisioning Framework (MPF), optional associations between:

• One or more source groups and one or more designated instances
• One or more source instances and one or more designated groups
• One or more source instances and one or more designated instances
• One or more source groups and one or more designated groups

Mappings are used to determine which candidates are added to, found, kept, or removed from candidate sets.

In Delegated Administration Console, a group that contains other groups. The default master groups are "allreselleradmins" and "allresellercsrs."

A framework for hosting administrative tools called snap-ins. A console might contain tools, folders or other containers, World Wide Web pages, and other administrative items. These items are displayed in the left pane of the console, called a console tree. A console has one or more windows that can provide views of the console tree. The main MMC window provides commands and tools for authoring consoles. The authoring features of MMC and the console tree itself might be hidden when a console is in User Mode.

A provisioning platform and engine for building, maintaining, and extending a set of hosted commercial services. MPF includes several components that work together to automate the implementation and administration of specific resources, including directory services, mail services, and storage.

A set of provisioning components that automates the deployment and support of online services in a hosted environment. Microsoft Provisioning System includes Microsoft Provisioning Framework (MPF), which provides the underlying engine to implement provisioning, and Delegated Administration Console, which provides a user interface that permits delegated administration of provisioning tasks and enables users to submit provisioning requests to MPF.

A collection of namespaces installed using the NamedProcedures.msi. These namespaces contain procedures that perform high-level provisioning tasks for Microsoft Provisioning System. Named procedures facilitate common provisioning tasks by combining the individual actions performed by Microsoft Provisioning Framework (MPF) providers into composite procedures.

In general, a naming convention that defines a set of unique names for resources in a network. For DNS, a hierarchical naming structure that identifies each network resource and its place in the hierarchy of the namespace. For Windows Internet Name Service (WINS), a flat naming structure that identifies each network resource using a single, unique name.

For Microsoft Provisioning Framework (MPF), a single, unique XML file in MPF that contains a group of related procedures. These procedures are used to invoke the provisioning functionality that is required to deploy and support a set of online services in a hosted environment. Each namespace is registered in the MPF configuration database as an XML namespace file and specifies the input schema and, optionally, the output schema used by each of its procedures.

In Windows 2000 domains, the domain mode in which all domain controllers in a domain are running Windows 2000 and a domain administrator has switched the domain operation mode from mixed mode to native mode. Native mode supports universal groups and nesting of groups. In native mode, domain controllers running Windows NT 4.0 or earlier are not supported.

Exchange servers configured for native mode support all types of groups, including universal security groups.

A set of hierarchically structured organizational units. When one organizational unit contains another organizational unit, the two organizational units are considered to be nested.

A component of Windows 2000 Server that provides high availability and scalability of servers by using a cluster of two or more host computers working together. Clients access the cluster using a single IP address.

Up to 32 Web servers from which Network Load Balancing presents a single IP address to Web clients and among which Network Load Balancing distributes incoming Web requests.

For tree structures, a location on the tree that can have links to one or more items below it.

For local area networks (LANs), a device that is connected to the network and is capable of communicating with other network devices.

For server clusters, a computer system that is an active or inactive member of a cluster.

An entity, such as a file, folder, shared folder, printer, or Active Directory object, described by a distinct, named set of attributes. For example, the attributes of a File object include its name, location, and size; the attributes of an Active Directory User object might include the user's first name, last name, and e-mail address.

For OLE and ActiveX, an object can also be any piece of information that can be linked to, or embedded into, another object.

A Delegated Administration Console user account that is a member of the admins group in a customer organization. This group has administrative privileges over users, groups, and organizational units within the customer domain.

A Delegated Administration Console user account that is a member of the csradmins group account in a customer organization. Members of this group can edit the properties of user accounts and groups and can reset passwords within the organization's domain.

An Active Directory container object used within domains. An organizational unit is a logical container into which users, groups, computers, and other organizational units are placed. It can contain objects only from its parent domain. An organizational unit is the smallest scope to which a Group Policy object can be linked, or over which administrative authority can be delegated.

See definition for: organizational unit

A rule associated with an object to regulate which users can gain access to the object and in what manner. Permissions are granted or denied by the object's owner.

For Microsoft Provisioning System, an XML element that is used in several XML templates to define security permissions for Active Directory objects. The policy name element can contain the following values: default, hosting, reseller, and customer, corresponding to the organization type. When an Active Directory object is created, security permissions are applied to it based on the values passed in the policy name element.

A property made available to the Microsoft Provisioning Framework (MPF) client that specifies the target account for which a Kerberos token needs to be generated for delegation. This should be set to the account under which the provisioning engine runs.

A user's right to perform a specific task, usually one that affects an entire computer system rather than a particular object. Privileges are assigned by administrators to individual users or groups of users as part of the security settings for the computer.

In a program, a named sequence of statements, often with associated constants, data types, and variables, that usually performs a single task. A procedure can be called (executed) by other procedures, as well as by the main body of the program.

For Microsoft Provisioning System (MPF), an XML entity called by an incoming provisioning request to invoke specific functionality. Procedures can call the programmatic procedures of an underlying provider, such as the provider that is used to implement Active Directory.

For Microsoft Provisioning Framework (MPF), a component object model (COM) object with one or more procedures. These procedures invoke the functionality required to complete provisioning tasks for specific resources, such as the resources implemented using Active Directory. A provider publishes one or more MPF namespaces for exposing the provisioning procedures it implements.

For Microsoft Provisioning System, a namespace containing procedures that implement the functionality of an underlying provider.

The implementation of the steps, actions, and operations required to automate Web-based operations, in particular, the allocation of resources to users.

A Microsoft Provisioning Framework (MPF) provisioning server that acts as a transaction manager to parse provisioning requests and invoke the functionality required to implement the requested action.

The Microsoft Management Console (MMC) component of Microsoft Provisioning Framework (MPF) that provides the user interface for managing many MPF components, including provisioning servers, namespaces, and credentials.

A Microsoft Provisioning Framework (MPF) server that implements functionality to support provisioning.

A list of programs or tasks waiting for execution. In Windows printing terminology, a queue refers to a group of documents waiting to be printed. In NetWare and OS/2 environments, queues are the primary software interface between the application and print device; users submit documents to a queue. With Windows, however, the printer is that interface; the document is sent to a printer, not a queue.

A Microsoft Provisioning Framework (MPF) server running the Provisioning Queue Manager service for processing queued provisioning requests. The first request in the queue is the first executed.

A Microsoft Provisioning Framework (MPF) request, often submitted as part of batch operations, that is queued to run at a later time.

A method used to standardize and categorize fault-tolerant disk systems. RAID levels provide various mixes of performance, reliability, and cost. Some servers provide three of the RAID levels: Level 0 (striping), Level 1 (mirroring), and Level 5 (RAID-5).

An XML document containing data, a procedure, and contextual information that calls procedures to execute a provisioning task.

A Delegated Administration Console user account that is a member of the "admins" group within a reseller domain. This group has administrative privileges over users, groups, customer organizations, and organizational units within the reseller domain.

A Delegated Administration Console user account that is a member of the "csradmins" group within a reseller domain. This group has administrative privileges over users, groups, customer organizations, and organizational units within the reseller domain.

For Delegated Administration Console, an organization that contains customer organizations and provisions services to them. Reseller organizations can be created only within the "hosting" organizational unit of the service provider.

For Resource Manager in Microsoft Provisioning Framework (MPF), a consumable entity such as disk space, IP addresses, or mailboxes that can be assigned to a consumer.

For Resource Manager in Microsoft Provisioning Framework (MPF), a group of resource instances that share similarities which are important for management purposes. For example, servers in a particular data center might be defined as a resource type and managed as a resource group.

For Resource Manager in Microsoft Provisioning Framework (MPF), a single representation of a resource. For example, a particular server is considered an instance. A consumer instance in one situation can be a resource instance in another, but each usage must be defined separately in Resource Manager. Resource instances inherit their default properties from their respective resource types.

A component of Microsoft Provisioning System that keeps track of Internet Information Services (IIS) resources and Exchange Server resources. It records which server resources are allocated to reseller and customer organizations and which resources are available for provisioning. Resource Manager does not allocate resources; it only tracks them.

The SQL database that is used by Microsoft Provisioning Framework (MPF) to maintain records of resource allocations.

The Microsoft Provisioning Framework (MPF) component that is used to provision the allocation of resources.

For Resource Manager in Microsoft Provisioning Framework (MPF), a set of attributes common to a particular kind of resource.

An Active Directory security group that is associated with a specific set of privileges in Delegated Administration Console. When user accounts are made members of a security group, they are automatically granted the privileges associated with the role of that group. When users log on to Delegated Administration Console, they can access and use the features according to the privileges associated with the group or groups to which their user account belongs.

The removal of the updates performed by one or more partially completed transactions. Rollbacks are required to restore the integrity of a database after an application, database, or system failure.

A domain-unique security principal name in Windows NT 4.0 and earlier.

The set of definitions for the universe of objects that can be stored in a directory. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which other object classes can be its parent object class.

The verification that the XML of a procedure conforms to the provisioning schema of Microsoft Provisioning Framework (MPF). This schema contains the generic XML elements and attributes available to invoke specific provisioning functionality.

A protocol that supplies secure data communication through data encryption and decryption. This protocol enables communications privacy over networks through a combination of public-key cryptography and bulk data encryption.

A Windows service used during the logon process. SAM maintains user account information, including groups to which a user belongs.

A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account's SID rather than the account's user or group name.

In general, a computer that provides shared resources to network users.

A group of independent computer systems, known as nodes, working together as a single system to ensure that mission-critical applications and resources remain available to clients. A server cluster is the type of cluster that Cluster service implements.

The process of setting up computer hardware and software, including the installation and configuration of the required operating system, so that it can be used for application processing.

A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication service, and Routing and Remote Access service.

A Delegated Administration Console user account that is a member of the admins group within the service provider domain. This group has administrative privileges over users, groups, customer organizations, and organizational units within the service provider domain.

A Delegated Administration Console user account that is a member of the csradmins group within the service provider domain. This group has administrative privileges over users, groups, customer organizations, and organizational units within the service provider domain.

In Delegated Administration Console, the hosting organization, which contains all reseller and customer organizations and provisions services to them.

The steps and actions required to implement an end-to-end service and to deliver it to the user, including application provisioning, server provisioning, device and network provisioning, and user provisioning.

A tool that is available with Microsoft FrontPage 2002 and later that enables teams to create ad hoc workspaces on their corporate intranet or on the Internet where they can collaborate and share information. Microsoft Provisioning System includes provisioning support for SharePoint Team Services.

An XML/HTTP-based protocol for platform-independent access to objects and services on the Web. SOAP defines a message format in XML that travels over the Internet using HTTP. By using existing Web protocols (HTTP) and languages (XML), SOAP runs over the existing Internet infrastructure without being tied to any operating system, language, or object model.

A background thread that runs within the Provisioning Queue Manager service of Microsoft Provisioning Framework (MPF) to pick up queued jobs in the persistent store that are ready for execution.

The presentation of the client’s identity to a downstream server, setting the original client identity only once for each proxy. This client identity is presented as a server thread token to be used on subsequent method calls.

In Microsoft Provisioning Framework (MPF), a unit of work in which a series of related actions occurs during an application process. A transaction executes exactly once and is atomic, meaning either all of the work is done or none of it is.

The SQL database that is used by Microsoft Provisioning Framework (MPF) to maintain records for each transaction being executed. If a transaction fails and error recovery support is implemented, the information is used to roll back the transaction.

A request that defines a complete provisioning procedure to be executed, unlike a standard request, which refers to an existing procedure stored in the configuration database. A trusted request may include additional contextual information and it must include the procedure, in addition to data. A user must be granted special permissions to execute a trusted request.

A protocol used in distributed transactions to ensure that the outcome of a transaction is consistent across all transaction managers participating in the transaction. The protocol operates in two distinct phases to ultimately commit or abort a transaction: Phase one evaluates the condition of each Resource Manager, and phase two completes the transaction.

A cache that stores information that is used by Delegated Administration Console. The UI cache selectively makes user interface elements available to users based on their logon credentials. By default, the information is stored in the cache for five minutes, but this property is configurable.

A record that consists of all the information that defines a user to Windows 2000. This includes the user name and password required for the user to log on, the groups to which the user account has membership, and the rights and permissions the user has for using the computer and network and accessing their resources. For Microsoft Provisioning System, user accounts are managed with Microsoft Active Directory Users and Computers.

In Delegated Administration Console, a user’s rights and permissions determine which administration elements the user can access.

A user account name (sometimes referred to as the user logon name) and a domain name identifying the domain in which the user account is located. This is the standard usage for logging on to a Windows domain. The format is as follows: someone@example.com (as for an e-mail address).

The process of creating user entries in the directory, including group memberships and permissions. User provisioning can also include the process of creating billing records and other service elements.

A resource-allocation model in which allocations can be based on either virtual used or actual used capacity. Virtual used capacity is the maximum amount that a consumer is entitled to have, such as an amount that is guaranteed in a service-level agreement. Conversely, actual used capacity is a forecast of average actual consumption, perhaps derived from consumption statistics collected over time.

Includes World Wide Web (WWW) services, File Transfer Protocol (FTP) services, Simple Mail Transfer Protocol (SMTP) services, and Network News Transfer Protocol (NNTP) services. In Microsoft Provisioning System, Web services are provided by Internet Information Services (IIS).

The use of the expression language defined by the XPath method to select elements for conditional processing and to generate text. Microsoft Provisioning Framework (MPF) allows the use of XSL transformations for manipulating the data format before and after procedure execution while calling provisioning procedures.

There are no glossary terms that begin with this letter.

There are no glossary terms that begin with this letter.