In Microsoft Windows 2000, an object in Active Directory that can contain other objects. Examples of containers include organizational units (OUs), domains, and local networks. Domains are the core containers for organizing the structure of Active Directory.
The other kinds of objects in Active Directory are leaf objects, which cannot contain other objects.
Objects created in a container inherit the discretionary access control list (DACL) of the container itself. In other words, a child object obtains its permissions from its parent object by inheritance.
Groups are not containers; they are security principals.