NIST's guidance for a Zero Trust Architecture

Active Directory Objects

AD object classification

Active directory objects can be classified into two broad types.

1. Security principal objects

2. Resources

Security principal objects

The objects that can be authenticated by AD are called security principal objects. These objects have unique identifiers across the domain called SIDs (security Identifier). User accounts, computer accounts and security groups are the security principal objects in AD.


Objects that are used by the security principal objects such as printers etc. are called resources in AD.

Active Directory Hierarchy: Container and Leaf Objects

Active Directory is, in fact, a hierarchical arrangement of objects. Such an arrangement is possible because AD allows some of its objects to contain other AD objects.

In other words, an AD object can either be a container or a leaf.

  • Container objects: These Roles are objects that encapsulate other objects e.g.  OU, Domain etc.
  • Leaf objects: These objects do not encapsulate other objects. e.g. User, computer etc.
Related posts
Active Directory Objects

Active Directory User properties – General tab

Active Directory Objects

AD computer object security tab

Active Directory Objects

Active Directory Computer Delegation tab

Active Directory Objects

Active Directory Computer Objects Tabs

Leave a Reply

Your email address will not be published. Required fields are marked *