NIST's guidance for a Zero Trust Architecture

Active Directory Objects

Active Directory Object Class

An object class is a component of Active Directory schema which defines the “type” for an object or in other words it defines the set of mandatory and optional attributes an object can have.

Say for example when a new user object is being created, it will be of the type(or stem from an object class called)User, which defines that the attributes cn, ObjectCategory, ObjectClass, sAMAccountName are mandatory and other attributes such as accountExpires, title, info, initials etc. are optional for a user object.

active directory object class

The object class of an object can be viewed in the objectclass attribute in the attribute editor tab of object properties window.

There are 3 types of objectclasses in AD

Abstract: This class is a mere template used to derive a new object, the new class can be of any object class type. One abstract class can be a subclass of another abstract class only.

Structural: The objects of the structural class are usually those that form the logical framework of AD. It can be a subclass of abstract or structural class.

Auxiliary: It is included in the definition of structural, abstract or auxiliary classes, for which the mustContain, systemmustContain, mayContain and systemmayContain values of the auxiliary class are added to the class. It can be a subclass of abstract or auxiliary class.

active directory object class

Schema: The Active Directory schema defines what objects and object attributes can exist in Active Directory.

Related posts
Active Directory Objects

Active Directory User properties – General tab

Active Directory Objects

AD computer object security tab

Active Directory Objects

Active Directory Computer Delegation tab

Active Directory Objects

Active Directory Computer Objects Tabs

Leave a Reply

Your email address will not be published. Required fields are marked *