AD object classification

AD object classification

Active directory objects can be classified into two broad types.

1. Security principal objects

2. Resources

Security principal objects

The objects that can be authenticated by AD are called security principal objects. These objects have unique identifiers across the domain called SIDs (security Identifier). User accounts, computer accounts and security groups are the security principal objects in AD.

Resources

Objects that are used by the security principal objects such as printers etc. are called resources in AD.

Active Directory Hierarchy: Container and Leaf Objects

Active Directory is, in fact, a hierarchical arrangement of objects. Such an arrangement is possible because AD allows some of its objects to contain other AD objects.

In other words, an AD object can either be a container or a leaf.

  • Container objects: These Roles are objects that encapsulate other objects e.g.  OU, Domain etc.
  • Leaf objects: These objects do not encapsulate other objects. e.g. User, computer etc.

    • Related Articles

    • AD computer object security tab

      The security tab of the computer properties window allows you to configure access permissions on the computer object. The security tab allows you to grant or deny permissions to other groups and users over the computer object. In the “group or user ...

    • AD Group object properties – Security tab

      The security tab of the group properties window is of high importance because it allows you to configure access permissions on the group object. The security tab allows you to grant or deny permissions to other groups and users over the group object. ...

    • Active Directory Object Class

      An object class is a component of Active Directory schema which defines the “type” for an object or in other words it defines the set of mandatory and optional attributes an object can have. Say for example when a new user object is being created, it ...

    • Active Directory Object attributes

      All AD objects have attributes that take unique or multiple values , these values describe the object characteristics. For example a user object in Active directory will have attributes such as his first name, second name, Manager name etc. The ...

    • Object permissions in Active Directory

      Permission in AD are privileges granted to users or groups to perform certain operations on objects. Permissions are usually granted by object owners or administrators. Users and groups are assigned permissions (to read, write, create child objects ...