Active Directory is based on the Lightweight Directory Access Protocol (LDAP) and supports the LDAP v3 specification defined in RFC 2251. And while many of the AD tools and interfaces, such as ADSI, abstract and streamline LDAP operations to make things easier, any good AD administrator or developer must have a thorough understanding of LDAP to fully utilize Active Directory. This chapter will cover the some of the basic LDAP-related tasks you may need to do with Active Directory, along with other items related to searching and manipulating objects in the directory.

The Anatomy of an Object

The Active Directory schema is composed of a hierarchy of classes. These classes support inheritance, which enables reuse of existing class definitions. At the top of the inheritance tree is the top class, from which every class in the schema is derived. Table 4-1 contains a list of some of the attributes that are available from the top class, and subsequently are defined on every object that is created in Active Directory.

Table 4-1. Common attributes of objects




Relative distinguished name (RDN) attribute for most object classes


Timestamp when the object was created. See Recipe 4.22 for more information


Multivalued attribute that can be used as a generic field for storing a description of the object


Name of the object displayed in administrative interfaces


Distinguished name of the object


Timestamp when the object was last changed. See Recipe 4.22 for more information


RDN of the object. The value of this attribute will mirror the naming attribute (e.g., cn, ou, dc)


Security descriptor assigned to the object


Used as a grouping mechanism for objects with a similar purpose (e.g., Person)


List of classes from which the object's class was derived


Globally unique identifier for the object


Update sequence number (USN) assigned by the local server after the last change to the object (can include creation)


USN assigned when the object was created

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List