The Guide
Explain It Like I'm 5Active Directory

Object Attributes

What is it? How does it help us?

What Is An AD Object Attribute?

Every object in AD has attributes, each attribute can mean different things

In a user object, you can have givenName and surname attributes while you won't have them on a computer object for example

So some objects have more attributes than others but they all have the same base attributes that every object has in AD:

  • Common Name (CN)
  • Distinguished Name (DN) -> Common name + the full path of the object
  • Object GUID (Global unique identifier) -> DN is specific but can also change while the GUID always remains the same
  • Object SID (Security Identifier) -> Also unique per object; Used for permission management
  • When Created
  • When Changed
  • uSNChanged -> Used to let other DC servers know if they need to update the object in their DB
  • nTSecurityDescriptor -> Contains the permissions to this object (who can view or edit it)

What Attributes Can We Use?

Well it depends what you're trying to do

Here's a list of available attributes (that are part of AD and not custom ones)

Why Do We Even Need It?

  1. To diffrentiate between different Objects
  2. Standardize it so no matter where you'll work, as long as they are using the same system (AD), you'll be able to continue without re-learning everything
  3. Manage permissions

Active Directory

A quick introduction to Microsoft Active Directory

AD Object

What are they?

On this page

What Is An AD Object Attribute?What Attributes Can We Use?Why Do We Even Need It?