The basic element of Active Directory in Microsoft Windows 2000 that represents something on the network, such as a user, a group, a computer, an application, a printer, or a shared folder.
Objects have attributes that define and describe them. For example, the attributes of a user object might include the user’s name, e-mail address, and phone number. All objects of the same type or class have the same set of attributes, but they are distinguished from each other by having different values for at least one of these attributes. Some attributes are required to have values (such as the First Name attribute of a user object), while other attributes can be optional (such as Telephone Number).
You can group objects by placing them into container objects (containers) such as the ones following:
Access to an object in Active Directory is based on the object’s discretionary access control lists (DACLs), which list the users and groups authorized to access the object and their access levels. You can group objects with similar security requirements into OUs to simplify assignment of permissions to the objects and to facilitate administration and control of network resources. You can assign permissions to objects by using Active Directory Users and Computers, a snap-in for Microsoft Management Console (MMC).
Objects can be referenced by name by using
The most common types of objects in Active Directory are as follows:
When you use Active Directory Users and Computers to view the property sheet for an object, the Security tab, which displays the Active Directory permissions assigned to that object, is usually not visible. Choose Advanced Features from the View menu to make this tab visible.
If you have resources such as shared folders or printers on computers that are not running Windows 2000, you must manually publish information about these resources in Active Directory if you want users to be able to locate and access them through Active Directory. You do this by adding the appropriate type of object for that resource to Active Directory and having it point to where the resource is located on the network.
When you create a new Active Directory object, you usually use a wizard to specify values for the important attributes of the object. You can specify other attributes after the object is created by opening the property sheet for that object.