Active Directory Objects


The Active Directory is a database of all resources in a network. And just as all databases are made up of records, the Active Directory is also made up of records which are called Objects. An Object represents a specific network resource. There are four different types of resources – they are indicated in the diagram given below, for your convenience:

Active Directory Objects Defined

Some of the most frequently used Active Directory objects are as given below:

Domain – This is the Root Object, which contains all other objects in the domain.

Organizational Unit – A container object that is used to create logical groupings of Computer objetcs, User objects and Group objects.

User – This represents a network User and is used for identification and authentication data.

Computer – Represents a Computer on the network and provides the machine account for the computer to logon to the domain.

Group – This is a Container Object which represents a logical grouping of Users, Computers and/or other groups.Groups can contain objects from different OUs and domains. (This grouping is generally independent of the Active Directory tree structure.

Shared Folders – These provides AD based network access to a shared folder on a Windows computer.

Printers – Provide AD based network access to a shared printer on a Windows computer.

Every AD (Active Directory) object consists of Attributes.

Attributes are just pieces of information about that object.

Example: A User Object has attributes like the User’s Account name, Password, Address, Phone number etc. Another example would be a Group Object – which may have attributes like the list of users who are members of that group etc. Attributes with administrative functions are ACLs (Access Control Lists) which specify who has permissions to access each object.

The AD component which specifies what types of objects can be created by Administrators and what kind of attribute each object has is called the Schema. Active Directory Schema is extensible.

An AD object which allows other objects to exist beneath it is called a Container Object. Eg.Domains, OUs etc.

An AD object that cannot contain another object is known as a Leaf Object. Eg. User objects, Computer objects etc.

Enhanced by Zemanta