I hope you all are enjoying the initial posts about Active Directory. So far we have understood the concept, installation and configuration of AD. In this post, we will discuss about the most common Active Directory objects. Many of us know what they are, let’s have a basic understanding.
- Users: The most common object belongs to the users of any company. Users can be anyone who are part of the enterprise. It consists almost all information about the users, mainly name, username, password, office and contact information. Since users are password protected, they need to change the password in certain time interval, according to the group policies. There are few user accounts which don’t belong to any specific user but we need them to run various services. These account’s password never expires and we call them as “Service Accounts”.
- Contacts: Like Users, contacts also contains information about users. The main difference between them is that contacts shows that the user is however associated with the organization but not part of it. Means if there is a contractor which needs to finish some small task and he needs to be associated with the organization for only 1 month, in that case we prefer to create a contact for that contrator/temporary employee, instead of a full flezed user account. Unlike Users, a contact will not have any access to the network resources within the organization. This enhances the security of the company.
- Computers: Any computer, Windows, Linux or Mac, if they are part of the domain, an associated Computer object will be created. Means if we have installed a server and then join them into the domain, the computer record for the same will be created, which eventually will identify and authenticate that computer to the domain/network. If we delete the computer object, that server won’t be able to login, access or perform any task. Computer object also show the Operating System version of the servers, so you can easily identify whether that is Windows Server, Linux or Mac.
- Groups: It can group almost anything in AD. Suppose you want to give 100 users, access to a specific server or resource. Now instead of giving them access one by one, you can create a User Group and then give access to that group only. It will replicate the access to each and every objects inside that group. Group concept in AD is however quite complicated because we have various types and scope of the AD group. We will disucss this in details in separate post.
- Printers: Any network printer, part of your organization will be listed in Printers section in AD. This is only for the “Network” printer which will be available across the organization over the network. If you are installing a local stand-alone printer, it will not be visible in AD.
- Shared Folders: Any shared folder across the organization will be visible here. We generally creates many shared folders for various purpose and we can search all of them in AD too. If we have setup DFS (Distributed File System) in our organization, that will also be available in the AD.
- Organizational Units: OU really can solve and simplify our AD structure. An OU acts as a separate small organization and we can group all users, computers etc., in separate OU. Many people get confused between Group and OU. There are many difference but the main reason why we prefer OU over Group is that we can’t implement Group Policies on Group, but we can define specific GPO for an OU. OU is quite big topic and we will discuss it in detail in different post.
Hope it will give you a basic outlook about AD objects. Enjoy!