Introduction

Active Directory is based on the Lightweight Directory Access Protocol (LDAP) and supports the LDAP v3 specification defined in RFC 2251. And while many of the AD tools and interfaces, such as ADSI, abstract and streamline LDAP operations to make things easier, any good AD administrator or developer must have a thorough understanding of LDAP to fully utilize Active Directory. This chapter will cover the some of the basic LDAP-related tasks you may need to do with Active Directory, along with other items related to searching and manipulating objects in the directory.

The Anatomy of an Object

The Active Directory schema is composed of a hierarchy of classes. These classes support inheritance, which enables reuse of existing class definitions. At the top of the inheritance tree is the top class, from which every class in the schema is derived. Table 4-1 contains a list of some of the attributes that are available from the top class, and subsequently are defined on every object that is created in Active Directory.

Table 4-1. Common attributes of objects

Attribute

Description

cn

Relative distinguished name (RDN) attribute for most object classes

createTimestamp

Timestamp when the object was created. See Recipe 4.22 for more information

description

Multivalued attribute that can be used as a generic field for storing a description of the object

displayName

Name of the object displayed in administrative interfaces

distinguishedName

Distinguished name of the object

modifyTimestamp

Timestamp when the object was last changed. See Recipe 4.22 for more information

name

RDN of the object. The value of this attribute will mirror the naming attribute (e.g., cn, ou, dc)

nTSecurityDescriptor

Security descriptor assigned to the object

objectCategory

Used as a grouping mechanism for objects with a similar purpose (e.g., Person)

objectClass

List of classes from which the object's class was derived

objectGUID

Globally unique identifier for the object

uSNChanged

Update sequence number (USN) assigned by the local server after the last change to the object (can include creation)

uSNCreated

USN assigned when the object was created



    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List