When looking at the functions of domains, trees, forests, and OUs, it becomes apparent that each serves as a container. These container objects provide a way to store other components of Active Directory, so that they can be managed as a unit and organized in a way that makes administration easier. OUs also provide the added feature of allowing nesting, so that you can have one OU inside another.
The bulk of components in Active Directory, however, are objects that represent individual elements of the network (in Novell's NDS structure, these are called leaf objects, in keeping with the tree analogy, because they are at the end of the hierarchical "branch" and don't contain any other objects). Objects are divided into classes, and each object class includes a set of attributes, which are properties that hold data on characteristics and configurations. Just as people are defined by their characteristics (for example, eye and hair color, height, weight), attributes define an object. A printer object might have attributes that include the make, model, and configuration information related to that device, whereas a user object would include attributes such as username, password, and other data that defines the user. As we'll see in Chapter 2, these various objects populate the directory, and are used to manage such things as user, computer, and group accounts.
Was this article helpful?