Previous Page | Next Page

  1. Introduction
  2. Windows 2000 Professional
  3. Windows 2000 Server
  4. Windows 2000 Advanced Server
  5. Windows 2000 Datacenter Server
  6. Application Support
  7. System Operation
  8. Disks and Volumes
  9. Filesystems
  10. Configuration Files
  11. Security
  12. Network Support
  13. Access Management
  14. Processes
  15. AD Structure
  16. AD Objects
  17. AD Object Naming
  18. AD Schema
  19. AD Sites
  20. Domains
  21. AD Functions
  22. AD Replication
  23. DNS
  24. AD Security
  25. AD Installation
  26. AD Configuration
  27. AD Performance
  28. Installation
  29. Installation Options
  30. Unattended Installation
  31. Software Distribution
  32. Remote Installation Service
  33. Language
  34. Accessibility
  35. File Attributes
  36. Shares
  37. Distributed File System
  38. Control Panel
  39. Active Directory Tools
  40. Computer Management Console Tools
  41. MMC Tools
  42. Network Tools
  43. Network Monitor
  44. System Performance Monitoring
  45. Tools
  46. Managing Services
  47. Connections
  48. TCP/IP
  49. DHCP
  50. Printing
  51. Routing
  52. IPSec
  53. ICS
  54. Fault Tolerance
  55. Backup
  56. System Failure
  57. Services
  58. Remote Access
  59. WINS
  60. IIS
  61. Certificate Server
  62. Terminal Services
  63. Web Services
  64. Authentication
  65. Accounts
  66. Permissions
  67. Groups
  68. User Rights and Auditing
  69. Auditing
  70. User Profiles
  71. Policies
  72. Group Policies
  73. Miscellaneous
  74. Terms
  75. Credits

Active Directory Object Naming

Active Directory Naming is based on Lightweight Directory Application Protocol (LDAP) (RFC 1777) and Domain Name System (DNS).

Distinguished Name

A Distinguished Name (DN) is used to uniquely name an Active Directory Object. All objects can be referenced using a Distinguished Name. A DN has three components:

  • DC - Domain Component
  • O - Organization
  • OU - Organizational Unit
  • CN - Common Name

The Distinguished name takes the form:

/DC=organization/OU=Dept/CN=Win2kserver1

Where "Organization" is the name of the organization, and "Dept" is the department name.

A Relative Distinguished Name (RDN) is assigned by an administrator to an object. A Distinguished Name (DN) is a RDN with the location of the object in Active Directory.

UPN

A User Principal Name (UPN) (defined by RFC 822) is an RDN with a FQDN which is used for email and user logon.

The UPN takes the form:

Win2kserver1@Dept.Organization.org/document_name

Where "Organization" is the name of the organization, and "Dept" is the department name.


Important LDAP RootDSE Object Attributes

Active Directory uses the Lightweight Directory Access Protocol (LDAP) naming method to name objects. The RootDSE search tree can be used to identify the forest root, domain, and various parts of the Active Directory schema. Important attributes of RootDSE:

  • schemaNamingContext - Can be used to send a query to locate the schema.
  • subSchemaSubEntry - Has the location of the subschema. The subschema contains classes and attributes in the Active Directory database.