Active-Directory object

Objects are the fulcrum of Active Directory. The ease of an organization’s resource management comes from the fact that objects give AD a modular structure.



The individual components of an organization’s network are called objects in Active Directory. The objects in AD model the real world entities in a network environment. This facilitates an incredible ease in management of the network elements. For example, Users in an organization are represented using the user object in AD, and computers using computer objects and so on.

Following are the list of Active Directory objects:


Contains information about users like their first, middle and last names, login credentials etc. For example say Aroma, Paul and Alex are employees of an organization, then a user object can be created for each one of them, This object will store various properties of the user like their name, the manager they report to, their sub-ordinates etc.


Contains contact info about any person associated with the organization like a supplier’s telephone number, mail address etc. For example an organization might want to store details of people who are not directly associated with the organization such as people who help in network maintenance or suppliers etc. These people usually do not need to be given access to AD; only their details need to be stored which in this case is their name and contact information, this can be done using a contact object.


Contains a pointer to the printer on the network.


Contains info about computers on the network

Shared folder

This object is a pointer to a shared folder on the computer.


As the self-explanatory name suggests, this object is meant to represent a group. In AD, a group is an object which can contain a collection of users, or computers, or contacts, or even other groups as members .It simplifies the administrative burden.

For example say in an organization 100 employees need to be given access to a printer, the system administrator, instead of assigning permission to each user(which will be time consuming and hectic), can put them in a group and assign permission to the group.

Organizational units (OUs)

These are container objects that are used for administrative ease and also to build the hierarchical structure of AD. These objects encapsulate other AD leaf objects like users, computers, printers etc. For example an organization might have different departments such as HR department, Finances, Marketing and so on. Each of these departments will have to be administered separately; In AD we can hence create an OU for HR department, Finances, marketing respectively and delegate control to someone over it. The OU for each department will contain the resources (users, computers, printers etc.) of that particular department.


A domain is a group of users, computers and other resources that are accessed and monitored with a certain set of rules. It is a structural component of the AD network. Each domain has a name, its own database, policies that are applicable to all the resources within that domain. A domain controller (DC) maintains the policies and provides the authentication to the users of the domain. Every domain functions as a boundary for policies, authentication and authorization.

For example an organization’s resources can be collectively put in a domain, any user who wants to access resources from the domain will have to be authenticated by the domain, therefore a domain acts like a security boundary.

Domain controller

This object contains info about domain controllers like the owner’s name, DNS name, it’s pre windows 2000 name etc.

Site objects

Site objects are container objects that are implemented in Active Directory to manage and facilitate replication.


These container objects contain the built in local groups.

Foreign security principals

This container object shows the trust relationships with other domains.

Aliyu Garba

The author Aliyu Garba

Leave a Response