Active Directory Objects

Real-world entities such as users, computers are represented as objects in Active Directory. Objects are the fulcrum for the very existence of Active Directory. One important aspect with respect to object characteristics is that some of the objects can contain other objects. On a broader sense, objects that contain other objects are container objects while others are just leaf objects.

Each object consists of a set of attributes which best describes it. For example, consider a user object. A user is described by attributes like Name, Address, Telephone number and so on. Active Directory supports numerous types of objects. To unambiguously identify an object, a global unique identifier is associated with it. The objects that can be authenticated and to which permissions can be assigned are called as security principals. Each security principal object has a security identifier associated with it in addition to the global identifier. User, computer and group objects are referred to as security principal objects.

Active directory supports various types of objects like User, Group, Contact, Computer, Shared Folder, Printer and Organizational Unit. Some of the object types are explained below.

User object represents individuals who need access to the resources in a network. Each user account has a user name and a password. The purpose behind creating user accounts is to authenticate the identity of the user and authorize the access to the network resources. Active Directory supports two types of built in user accounts – Administrator and Guest account.
A computer object represents a work station or a server in a network. A computer account helps in authenticating and authorizing its access to network resources.
A group object represents a collection of user accounts, computer accounts, contacts and other groups that can be managed as a single unit. Groups facilitate role based access to network resources. There are two types of groups – Security and Distribution groups. Security groups are mainly used for the purpose of providing access to network resources. Distribution groups are not security enabled and can be used only for communication purpose. Groups can vary in scope which limits its membership and scope of operation.
A contact object contains the contact information about people who are associated with the organization but are not part of it like contractors, suppliers. A contact object does not have a SID associated with it which prevents it from having access to the network resources.
A shared folder object is used to share files across the network. It is mapped to a server share.
A printer object corresponds to a printer resource in a network.



1 Star2 Stars3 Stars4 Stars5 Stars (25 votes, average: 4.36 out of 5)