The Active Directory schema defines what different types of objects look like within Active Directory. What is a user? What properties does a group have? Active Directory comes with a prepopulated base schema, and it can be modified or extended to meet the needs of custom applications.
Every resource in Active Directory is represented as an object, and each object has a set of attributes that are associated with it. In Active Directory, each object is defined within the Active Directory schema. The schema is a master database that contains definitions of all objects in the Active Directory – in a way, it defines what Active Directory is. The schema has two components: object classes and attributes. Each object that is represented in Active Directory – for example, the user Victor and the printer Laser printer – is an instance of the user and printer object classes, respectively.
- Basic of Active Directory Domain Services
- Benefits of Active Directory Domain Services
- Basic Components of Active Directory Tools
Each object class in the schema is further defined according to a list of attributes that make the object class unique within the database. The list of attributes is defined only once in the schema, but the same attribute can be associated with more than one object class. Some attributes are required attributes that are necessary for the object to be created, such as a user account logon name. Other optional attributes, such as stress address and phone number, provide additional details that can be published for user and administrative purposes.
Understanding the Active Directory Schema in Windows Server 2008
When Active Directory is installed, a number of object classes are created automatically. Some of these object classes include:
- Domain controllers
All object classes have a common set of attributes that help to uniquely each object within the database.
Some of these common attributes are as follow:
- Unique Name: This name identifies the object in the database. A unique name is given to the object upon its creation and includes references to its location within the directory database.
- Globally Unique Identifier (GUID):The GUID is a 128-bit hexadecimal number that is assigned to every object in the Active Directory forest upon its creation. This number does not change, even when the object itself is rename. The number is not used again, even if an object is deleted and recreated with the same display name.
- Required Object Attributes:These attributes are required for the object to function. IN particular, the user account mush have a unique name and password entered upon creation.
- Optional Object Attributes: These attributes add information that is not critical to the object in terms of functionality. This type of information is “nice to know” as opposed to “need to know”. An example of an optional object attribute would be a phone number or street address for a user account.
As you will see, the Active Directory schema can be modified to include additional objects and attributes when necessary. Each object in the schema is protected by access control lists (ACLs) so that only authorized administrators can access and modify the schema. ACLs are implemented by the administrator and used by directory to keep track of which users and groups have permission to access specific objects and to what degree they can use or modify them.