At this point, we know enough about a generic LDAP directory service to begin applying the terms and concepts to Active Directory.
Let's start with what we need to store in Active Directory. You can classify the required information into three general categories:
Information about network security entities. This includes users, computers, and groups along with applications such as group policies, DNS, RAS, COM and so forth.
Information about the Active Directory mechanisms. This includes replication, network services, permissions, and user interface displays.
Information about the Active Directory schema. This includes objects that define the classes and attributes in Active Directory.
Microsoft had to devise ...