Friday, November 12, 2004
Part 5: Active Directory Naming Paths
One of the big benefits of Active Directory over the "flat" domain structure of Windows NT 4 (and earlier) domains is that objects can be stored in a hierarchical folder-like structure. In earlier domains, however, at least you knew where all of the objects were - they were in one big long list - no searching for them, just scrolling (and scrolling, and scrolling). In Active Directory, objects can be stored down in several layers of Organizational Units (OUs). So how does Active Directory keep track of where these objects are? It uses LDAP (Lightweight Directory Access Protocol) naming paths. These naming paths can take three forms: Distinguished Names, Relative Distinguished Names and Canonical Names.
Distinguished NamesEach AD object has a distinguished name - and no, that doesn't mean they are called "Sir" or "Madam." By distinguished, we mean that the name itself distinguishes the exact location of the object in the directory. There are several notations that are used in the distinguished name:
DC
Domain Component
Part of the DNS name of the domain such as COM or EDU
OU
Organizational Unit
One of the containers in AD that holds other objects
CN
Common Name
Objects in AD, such as users, computers, printers, etc.
These components can be used more than once in a distinguished name, if necessary, to accurately name the path to the object. For instance, the user Fred Jones in Accounts Receivable, in Accounting at My Company might have a distinguished name like this:
CN=Fred Jones,OU=AR,OU=Accounting,DC=mycompany,DC=com
In this example, you can see that there are two OU components, and to DC components.
Relative Distinguished NamesThe Relative Distinguished Name is simply the portion of the Distinguished Name that uniquely identifies an object within the object's parent container. For instance, Fred's Relative Distinguished Name from the example above, would be:
CD=Fred Jones
Keep in mind that the user Fred Jones in the Shipping department might also have the exact same Relative Distinguished Name, though his Distinguished name would, of course, indicate that his account was in a different OU.
Canonical NamesThere is a third naming path that Microsoft sometimes refers to. This is just a different way of displaying the distinguished name (that is easier to read), and looks like this:
mycompany.com/Accounting/AR/Fred Jones
It not only removes the notation for the Distinguished Name (e.g.: DC=) it is also the reverse order of the Distinguished Name.
Distinguished NamesEach AD object has a distinguished name - and no, that doesn't mean they are called "Sir" or "Madam." By distinguished, we mean that the name itself distinguishes the exact location of the object in the directory. There are several notations that are used in the distinguished name:
DC
Domain Component
Part of the DNS name of the domain such as COM or EDU
OU
Organizational Unit
One of the containers in AD that holds other objects
CN
Common Name
Objects in AD, such as users, computers, printers, etc.
These components can be used more than once in a distinguished name, if necessary, to accurately name the path to the object. For instance, the user Fred Jones in Accounts Receivable, in Accounting at My Company might have a distinguished name like this:
CN=Fred Jones,OU=AR,OU=Accounting,DC=mycompany,DC=com
In this example, you can see that there are two OU components, and to DC components.
Relative Distinguished NamesThe Relative Distinguished Name is simply the portion of the Distinguished Name that uniquely identifies an object within the object's parent container. For instance, Fred's Relative Distinguished Name from the example above, would be:
CD=Fred Jones
Keep in mind that the user Fred Jones in the Shipping department might also have the exact same Relative Distinguished Name, though his Distinguished name would, of course, indicate that his account was in a different OU.
Canonical NamesThere is a third naming path that Microsoft sometimes refers to. This is just a different way of displaying the distinguished name (that is easier to read), and looks like this:
mycompany.com/Accounting/AR/Fred Jones
It not only removes the notation for the Distinguished Name (e.g.: DC=) it is also the reverse order of the Distinguished Name.
# posted by e247net : 1:14 AM
