Active Directory Logical Structure |
Active Directory objects represent the physical entities that make up a network. An object is an instance of storage of a class. A class is defined in the Active Directory schema as a specific set of mandatory and optional attributes — that is, an attribute can be present in an object in Active Directory only when that attribute is permitted by the object's class. Classes also contain rules that determine which classes of objects can be superior to (parents of) a particular object of the class. Each attribute is also defined in the directory schema. The attribute definitions determine the syntax for the values the attribute can have.
When you create an object in Active Directory, you provide values for the attributes of the object in its particular class, and you do so according to the rules of the directory schema. For example, when you create a user object, you provide alphanumeric values for the user's first and last names, the logon identifier, and perhaps other values, such as telephone number and address. You cannot create the user object successfully without providing acceptable values for the user name and logon name because these attributes are mandatory, according to the directory schema.
Applications that create or modify objects in Active Directory use the directory schema to determine what attributes the object must and might have, and what those attributes can look like in terms of data structures and syntax constraints. For this reason, the directory schema is maintained forest-wide so that all objects created in the directory conform to the same rules.
Objects are either container objects or leaf objects. A container object stores other objects, and, as such, it occupies a specific level in a subtree hierarchy. An object class is a container if at least one other class specifies it as a possible superior; thus, any object class defined in the schema can become a container. A leaf object does not store other objects, and, as such, it occupies the endpoint of a subtree.
For more information about how Active Directory objects are stored, see "Active Directory Data Storage" in this book. For more information about the directory schema, see "Active Directory Schema" in this book.