Active Directory Objects

Active Directory Objects

Real-world entities such as users, computers are represented as objects in Active Directory. Objects are the fulcrum for the very existence of Active Directory. One important aspect with respect to object characteristics is that some of the objects can contain other objects. On a broader sense, objects that contain other objects are container objects while others are just leaf objects.

Each object consists of a set of attributes which best describes it. For example, consider a user object. A user is described by attributes like Name, Address, Telephone number and so on. Active Directory supports numerous types of objects. To unambiguously identify an object, a global unique identifier is associated with it. The objects that can be authenticated and to which permissions can be assigned are called as security principals. Each security principal object has a security identifier associated with it in addition to the global identifier. User, computer and group objects are referred to as security principal objects.

Active directory supports various types of objects like User, Group, Contact, Computer, Shared Folder, Printer and Organizational Unit. Some of the object types are explained below. User object represents individuals who need access to the resources in a network. Each user account has a user name and a password. The purpose behind creating user accounts is to authenticate the identity of the user and authorize the access to the network resources. Active Directory supports two types of built in user accounts – Administrator and Guest account. A computer object represents a work station or a server in a network. A computer account helps in authenticating and authorizing its access to network resources. A group object represents a collection of user accounts, computer accounts, contacts and other groups that can be managed as a single unit. Groups facilitate role based access to network resources. There are two types of groups – Security and Distribution groups. Security groups are mainly used for the purpose of providing access to network resources. Distribution groups are not security enabled and can be used only for communication purpose. Groups can vary in scope which limits its membership and scope of operation. A contact object contains the contact information about people who are associated with the organization but are not part of it like contractors, suppliers. A contact object does not have a SID associated with it which prevents it from having access to the network resources. A shared folder object is used to share files across the network. It is mapped to a server share. A printer object corresponds to a printer resource in a network.

    • Related Articles

    • Active Directory Objects

      Objects are the building blocks of an Active Directory environment. Watch this video to get a brief idea on Active Directory objects, the different types of objects, along with their properties and permissions. ​ ​
    • Active Directory Objects List

      Objects are the fulcrum of Active Directory. The ease of an organization’s resource management comes from the fact that objects give AD a modular structure. Introduction The individual components of an organization’s network are called objects in ...
    • Active Directory User objects

      A user object in AD is used to represent a real user in an organizational network environment. Say for example Joshua is a new employee in my organization, and I need to allow him accesses to various resources of the organization. All I have to do to ...
    • Creating objects in Active Directory

      You can create objects in Active Directory by using the Active directory users and computers console. Start -> Administrators tools -> Active Directory users and computers. On the Active Directory users and computers console, right click on the ...
    • Locating Objects in Active Directory

      Objects in AD can be traced using two methods. 1. The DSquery command line tool 2. The Find dialogue box in ADUC console DSquery is a directory service search command-line tool. It can be used with appropriate parameters to search objects in Active ...