User Principal Name (UPN): An alias for a Kerberos user principal that can be used at logon time instead of the canonical Kerberos principal name.
Service Principal Name (SPN): A Kerberos principal that is used by a service.Multiple SPNs can be associated with a single service object in the directory, to account for offering multiple services and naming differences (such as unqualified and qualified host names, or DNS and NetBIOS domain names).
Security Principal: An entity that can be used as an authorization subject and can be an authentication subject for users. In the Windows security model, security principals are identified by a string known as a Security Identifier, or SID.
SID: A unique alphanumeric character string that is assigned during the logon process. A SID is used to identify a subject, such as a user or a group of users. A SID is hierarchical and consists of a component that represents the authority that issued it (usually a domain) and a relative identifier.
Domain: In Active Directory, a subdivision within a tree. An Active Directory domain is both a security boundary and a directory (partition) boundary.
Tree: A set of hierarchically joint domains that are (transitively) trusted.
Forest: In Active Directory forest, a set of possibly disjoint trees that are (transitively) trusted and share a global catalog and schema.
Global Catalog: In an Active Directory Global Catalog, a sparse replica of all domains in a forest.
Services: Services are first-class security principals (users) in Active Directory.
Authentication: The process by which a computer validates a user’s logon information. Active Directory supports two forms of trusted third-party authentication: Kerberos (Needham-Schroeder model) and NTLM/Digest (challenge-response model).