O

object

In ADSI, an object refers to a COM object that implements one or more interfaces. For more information, see The Component Object Model.

In Active Directory™, an object is the basic named unit of storage. A directory object is an instance of an object class, which is defined in the Active Directory schema.

object class

An object class is a formal definition of a specific kind of object that can be stored in the directory. An object class is a distinct, named set of attributes that represents something concrete, such as a user, a printer, or an application. The attributes hold data describing the thing that is identified by the directory object. Attributes of a user might include the user's given name, surname, and e-mail address. The terms object class and class are used interchangeably.

object class instance

An object class instance is an object with a given object class. This term is used to distinguish between the definition of a class and a discrete occurrence of the class. For example, storing a user object for "James Smith" in the directory service creates an instance of user. Typically, you'd just say "object" rather than "object class instance."

object identifier (OID)

An object identifier (OID) is a numeric value that unambiguously identifies an object class, attribute, or syntax in a directory service. An OID is represented as a dotted decimal string (for example, "1.2.3.4"). Enterprises (and individuals) can obtain a root OID from an issuing authority and use it to allocate additional OIDs. See Object Identifiers (OIDs).

OID

See object identifier.

operation policy

An operation is the interaction that a subject wants to have with an object. For example, when a user (the subject), wants to access (the operation), a given server (the object), over the network, a policy determines whether that access will be allowed.

operational attribute

An operation attribute is an attribute implemented internally by a particular directory implementation. Operational attributes do not appear in the schema and must be requested explicitly. Operational Attributes occurred originally in the X.500 specifications for a directory service and have been carried over into the LDAP version 3 specifications (RFC 2251). RFC 2251 requires support for certain operational attributes; a given directory implementation may implement any number of others.