Active Directory Objects

AD object classification

March 2, 2021

Active directory objects can be classified into two broad types.

1. Security principal objects

2. Resources

Security principal objects

The objects that can be authenticated by AD are called security principal objects. These objects have unique identifiers across the domain called SIDs (security Identifier). User accounts, computer accounts and security groups are the security principal objects in AD.

Resources

Objects that are used by the security principal objects such as printers etc. are called resources in AD.

Active Directory Hierarchy: Container and Leaf Objects

Active Directory is, in fact, a hierarchical arrangement of objects. Such an arrangement is possible because AD allows some of its objects to contain other AD objects.

In other words, an AD object can either be a container or a leaf.

  • Container objects: These Roles are objects that encapsulate other objects e.g.  OU, Domain etc.
  • Leaf objects: These objects do not encapsulate other objects. e.g. User, computer etc.
Related posts
Active Directory FundamentalsActive Directory Objects

Recovering deleted users and groups in Entra

November 21, 2025
Active Directory FundamentalsActive Directory Objects

Site replication tuning and SRV record importance

October 3, 2025
Active Directory FundamentalsActive Directory Objects

Global catalog placement for large enterprise sites

October 3, 2025
Active Directory ObjectsActive Directory PoliciesUncategorized

Understanding group nesting limits and token size

October 3, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

×

There are over 8,500 people who are getting towards perfection in Active Directory, IT Management & Cyber security through our insights from Identitude.

Wanna be a part of our bimonthly curation of IAM knowledge?

  • -Select-
  • By clicking 'Become an insider', you agree to processing of personal data according to the Privacy Policy.