Active Directory Names

Objects that reside within a given namespace, are identified by a unique name. For example, files stored on a PC disk drive reside in the file system namespace. The unique name of a file is based on where it is stored in the file system namespace, for example:


C:\public\documents\ole_ds\oleds_functional_spec_v1.doc 

Directory service namespaces also identify the objects they contain by unique names, which are usually based on the location in the directory where the object can be found. For example, in a DCE3 directory, a given object might have a name like this:


/.../C=US/O=SomeOrg/OU=Accounting/Services/GL/Server1

Different directory services use different forms for naming the objects they contain. This makes dealing with different namespaces challenging, especially for developers, considering all of the different environments the code might be running on.

A goal of Active Directory is to minimize the code's knowledge of an object's path so that programs can be namespace-portable.

Active Directory defines a naming convention that can uniquely identify an Active Directory object in a heterogeneous environment. These names are called OleDsPath strings. OleDsPath strings take one of three forms:


"@OLEDS!"
or
"@<NamespaceIdentifier>!"
or
"@<NamespaceIdentifier!<ProviderSpecificPath>"

"@OLEDS!" identifies the namespaces Container object. This is a special container, implemented by Active Directory, that contains the namespace identifiers of the namespaces for which an Active Directory provider is available. If Active Directory providers for an LDAP-based directory, Windows NT, NetWare 4.1, and Banyan VINES are all installed on a given system, the Active Directory namespaces container will contain the namespace identifier for each provider, for example:

"LDAP-Based Directory", "WINNT", "NW41", "VINES."

The second form, "@<NamespaceIdentifier>!", identifies the top-level container for the namespace in question. This is sometimes called the "namespace root." Active Directory uses this form to identify the Active Directory provider that understands the rest of the name. For example,


"@NW41!"

directs Active Directory to the NetWare 4.1 provider.

The third form, "@<NamespaceIdentifier >!< ProviderSpecificPath >", identifies the target component as an Active Directory object in the namespace indicated by <NamespaceIdentifier>. The <ProviderSpecificPath> is a string value that must uniquely identify a directory service object in the given namespace. Each provider is responsible for determining the semantics of this string. A typical string for Windows NT would be:


"@WINNT!SomeDomainName\ADomainUser"

which identifies a user object for "ADomainUser" in the "SomeDomainName" domain.

3 Open Software Foundation's Distributed Computing Environment