Chapter 4. Searching and Manipulating Objects
Introduction
Active Directory is based on Lightweight Directory Access Protocol (LDAP) and supports the LDAP version 3 specification defined in RFC 2251. And while many of the AD tools and interfaces, such as ADSI, abstract and streamline LDAP operations to make things easier, any good AD administrator or developer must have a thorough understanding of LDAP to fully utilize Active Directory. This chapter will cover some of the LDAP-related tasks you may need to perform when working with Active Directory, along with other tasks related to searching and manipulating objects within the directory.
The Anatomy of an Object
The Active Directory schema is composed of a hierarchy of classes
that define the types of objects that can be created within Active
Directory, as well as the different attributes they can possess. These
classes support inheritance, which enables
developers to reuse existing class definitions for more than one type of
object; for example, the description
attribute is available with every type of AD object, but the attribute
itself is defined only once within the schema. At
the top of the inheritance tree is the top class, from which every class in the
schema is derived. Table 4-1
contains a list of some of the attributes that are available from the
top class, and subsequently are
defined on every object that is created in Active Directory.
Table 4-1. Common attributes of objects
Attribute | Description |
|---|---|
| RDN attribute for most object ... |
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access