Introduction
Active Directory is based on the Lightweight Directory
Access Protocol (LDAP) and supports the LDAP v3 specification defined
in RFC 2251. And while many of the AD tools
and interfaces, such as ADSI, abstract
and streamline LDAP operations to make things easier, any good AD
administrator or developer must have a thorough understanding of LDAP
to fully utilize Active Directory. This chapter will cover the some
of the basic LDAP-related tasks you may need to do with Active
Directory, along with other items related to searching and
manipulating objects in the directory.
The Anatomy of an Object
The Active Directory schema is composed of a hierarchy of classes. These classes
support inheritance, which enables reuse of existing class
definitions. At the top of the inheritance tree is the
top class, from which every class in the schema is
derived. Table 4-1 contains a list of some of the
attributes that are available from the top class,
and subsequently are defined on every object that is created in
Active Directory.
Table 4-1. Common attributes of objects|
cn
|
Relative distinguished name (RDN) attribute for most object classes
|
createTimestamp
|
Timestamp when the object was created. See Recipe 4.22 for more information
|
description
|
Multivalued attribute that can be used as a generic field for storing
a description of the object
|
displayName
|
Name of the object displayed in administrative interfaces
|
distinguishedName
|
Distinguished name of the object
|
modifyTimestamp
|
Timestamp when the object was last changed. See Recipe 4.22 for more information
|
name
|
RDN of the object. The value of this attribute will mirror the naming
attribute (e.g., cn, ou, dc)
|
nTSecurityDescriptor
|
Security descriptor assigned to the object
|
objectCategory
|
Used as a grouping mechanism for objects with a similar purpose
(e.g., Person)
|
objectClass
|
List of classes from which the object's class was
derived
|
objectGUID
|
Globally unique identifier for the object
|
uSNChanged
|
Update sequence number (USN) assigned by the local server after the
last change to the object (can include creation)
|
uSNCreated
|
USN assigned when the object was created
|
|