Friday, November 12, 2004
Part 3: Active Directory Objects
So far we've briefly touched on Active Directory in general, and the benefits of using it, but what does it really do? In simplest terms, Active Directory is really just a database of information about Objects. In Active Directory, every resource is represented as an object. This includes real physical objects, such as printers, computers, servers, etc., as well as logical, or virtual (cyber?) objects, such as users, groups, sites, domains, etc. No matter what it is, if it goes in Active Directory, it is pretty much an object.
Furthermore, each object that resides in AD has properties, or attributes. These attributes are different depending on the type of object. For instance, user objects have such attributes as "First Name" or "Zip Code" or "Title" to name only a few. Computer objects, on the other hand, have such attributes as "Role" or "Description" or "Location." Objects can and do have hundreds of attributes, some of which can be manipulated or changed, and some of which are assigned by the system. One of the handy things about an object's attributes is that you can search on them. For instance, if you are looking for a nearby printer, you can search on the location attribute for printer objects.
The tool used most commonly for working with AD objects is the Active Directory Users and Computers tool. You can view or modify the attributes of many objects in this tool by simply right-clicking an object and choosing Properties (or by simply double-clicking the object in most cases). Of course, what you can do with an object, including simply viewing its attributes, depends on the permissions that you have to the object.
Since all resources in the network are represented in AD as objects in a centralized database, these resources can easily be administered from a central location (or locations), and by a single or multiple administrators
Furthermore, each object that resides in AD has properties, or attributes. These attributes are different depending on the type of object. For instance, user objects have such attributes as "First Name" or "Zip Code" or "Title" to name only a few. Computer objects, on the other hand, have such attributes as "Role" or "Description" or "Location." Objects can and do have hundreds of attributes, some of which can be manipulated or changed, and some of which are assigned by the system. One of the handy things about an object's attributes is that you can search on them. For instance, if you are looking for a nearby printer, you can search on the location attribute for printer objects.
The tool used most commonly for working with AD objects is the Active Directory Users and Computers tool. You can view or modify the attributes of many objects in this tool by simply right-clicking an object and choosing Properties (or by simply double-clicking the object in most cases). Of course, what you can do with an object, including simply viewing its attributes, depends on the permissions that you have to the object.
Since all resources in the network are represented in AD as objects in a centralized database, these resources can easily be administered from a central location (or locations), and by a single or multiple administrators
# posted by e247net : 1:12 AM
