ManageEngine x Forrester | Workforce Identity Platforms Landscape Report

Active Directory Objects

Active Directory Object Classes and Attributes: An overview

Active Directory stores data in the form of objects. In this article, let us take a complete overview on Active Directory object classes and attributes. An object can be a single element, such as a user, group, OU, sites, contacts or any devices such as a printer or a computer. In Active Directory, the objects are of two types:

  1. Container Objects
  2. Leaf objects

Container objects store other objects in the Active Directory. The organizational unit (OU) is a good example of a container object. Leaf objects, also called terminal objects, on the other hand, cannot store other objects. An example of a leaf object is a printer.

 Active Directory Object Classes, Types, and Attributes 

An object class is a component of the Active Directory schema that defines the “type” for an object or in other words it defines the set of mandatory and optional attributes an object can have.

Objects attributes are a set of fields that define and describe the additional data that can be attributed to the object. For example, a user object in Active Directory will have attributes such as their First Name, Second Name, Manager Name etc. A few of these attributes cannot be left empty while other attributes are optional. In the case of a user object, the ObjectCategory, ObjectClass, sAMAccountName are mandatory, while other attributes like the accountExpires, title, info, initials etc. are optional.  

Figure showing the user class viewed with the Active Directory Schema snap-in.
User class schema entry – General Settings

Types of Active Directory Object Classes 

The object class of an object can be viewed in the objectclass attribute in the attribute editor tab of object properties window. There are 3 types of objectclasses in Active Directory.

  1. Abstract Class
  2. Structural Class
  3. Auxiliary Class

 Abstract Class 

This class is a mere template that is used to derive a new object. The derived class can be of any object class type. One abstract class can be a subclass of another abstract class.

 Structural Class 

The objects of the structural class are usually those that form the logical framework of AD. Structural classes can be a subclass of an abstract or structural class.

 Auxiliary Class 

An auxiliary class is used to store sets of attributes that other classes can inherit. It is primarily a grouping mechanism. Auxiliary classes can be a subclass of an abstract or auxiliary class.

ObjectClass Vs ObjectCategory Property

The objectClass property does not include Statically Linked Auxiliary Classes in the list. The system sets the objectClass value when the object instance is created and it cannot be changed. Prior to Windows Server 2008, the objectClass attribute is not indexed. This is because it has multiple values and is highly non-unique; that is, every instance of the objectClass attribute includes the top class. This means an index would be very large and ineffective. To locate objects of a given class, use the objectCategory attribute, which is single-valued and indexed.

Each instance of an object class also has an objectCategory property, which is a single-valued property that contains the distinguished name of either the class of which the object is an instance or one of its superclasses. When an object is created, the system sets its objectCategory property to the value specified by the defaultObjectCategory property of its object class. An object’s objectCategory property cannot be changed.

People also read

Active Directory Object Attributes

AD object classification

Creating objects in Active Directory

Related posts
Active Directory Objects

Active Directory User properties – General tab

Active Directory Objects

Active Directory (AD) Computer Object

Active Directory Objects

Active Directory Computer Objects Tabs

Active Directory Objects

Active Directory Computer Object Management


There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.