Windows Active Directory step by step (4) ------ entry, object, class and attribute

From now on, I will be using a GUI LDAP client called "Apache Directory Studio" to explore AD.

It's much more convenient than the command line tool "ldapsearch".

Active Directory stores data in a certain format called DIT. ( Directory Information Tree)
As the name means AD's data is arranged as a TREE. The root of the tree usually is the domain name of a company, like "dc=smallstrong, dc=org".

The Root of DIT is also called the "naming context", under which other information is placed in multiple layers.

AD is OO like any modern programming language such as C++, Java, PHP, Python. So AD store every piece of information as an Object which belongs to a certain Class.

The most important classes in AD are "User" and "Computer".

Each object placed in AD is called an "Entry".

All of the defined classes in an AD forest is called a "Schema". The name "schema" is also used in Oracle and PostgreSQL for table definition collection.

Like a C++ object has "properties", an AD object has "attributes". But there are significant differences between AD "attributes" and C++ "properties".

e.g.

// C++ class
class User : public Top
{
        char cn[];
        char telephoneNumber[][];
        int uid;
} 

The special characteristics of AD objectClass:

• some "attributes" are mandatory while others are optional.
• every attribute has its own definition, for every attribute type, all classes share the same attribute name. e.g. "uid" attribute has the type of "uid", "cn" attribute has the type of "cn". This is different from Database Tables and C++ classes, which have limited general data types as attribute types.
• AD has builtin objectClasses which are required by the LDAP standard, while it has many extended classes defined in DIT as well.
• AD objectClasses are categorized into 3 types: structural, auxiliary, and abstract, which is similar to C++. Only a structural object can be an entry.
• All DCs in an AD forest share the same "schema", which is important when designing AD.
• All AD classes and attributes can be read from AD itself under a "cn=schema" subtree.

For compatibility, customized objectClasses are not recommended. But due to the dominance of AD in LDAP market, many other implementations have to tolerate AD.