It is tough getting started with Active Directory. There are lots of reasons for this: the years of cruft, the inherent complexity, the intimidating raw power… and the fact that everything has about six different names.

To help make sense of this, we’ve translated AD terms back into something a human might use when conversing with another Active-Directory-using-human. We hope you find it useful.

We hope you find it useful.

Term What it’s Like How you’d describe it over a beer
Attribute (Property) A field on a form The details that make up an Active Directory Object.
Attribute Instance What you write into a field on a form The actual value of an attribute. It’s not “Name” it’s “Jim Smith”
Class A form (User, Group) that has all the fields Top category of everything in Active Directory.
Class Instance A filled out form One particular user “jsmith”.
Content Rules Required fields on a form The rules about what a class must have. Can’t create a user without a username and password.
Derivation (Inheritance) Photocopying a form and changing some stuff As if you wanted to create one “standard” user and make all the new ones match that.
Directory Information Tree (DIT) A file cabinet with all your forms in it Like a family tree, but without all the circular references.
Control Access Rights Stopping someone from reading, modifying or shredding your form. It’s the actions, not the objects.
Lightweight Directory Access Protocol (LDAP) A standard for how information is listed in a tree. It’s like SMTP or HTTP – a generic protocol implemented by a bunch of different systems.
Class-Schema Category of form. That it’s a User not a Printer or Group form.
Attribute-Schema List of data in the form. That Description is of the User, not a group or some other object.
Object Identifier Internet Domain Names There’s TLDs like .com, .net, etc. – and there are domains like microrosoft.com, and subs like support.microsoft.com – except it’s all numbers so nobody who isn’t an android can read them quickly.
Poss-Superiors Rules about military ranks. You can’t have a Father after a Son in a family tree. You can’t have a General under a Sergeant in the Army.
Must-Contain Required Form Fields. Rules for the bare minimum set of information you need to create an object.
May-Contain Optional Form Fields. Stuff you only enter if you are feeling fancy.
Back Link A form field (attribute) that gets updated when a “forward” link is updated. Kind of like a database trigger
Canonical Name A path name that uniquely identifies the object The version of the name that looks like a URL you’d put into a web browser.
Distinguished Name The label and the value for all parts of a name. The version of the name that looks like an algebra problem.
Domain Functional Level Minimum requirements to be in charge. Check what versions of Windows Server are allowed to be a domain controller on the network.
Domain Controller Master set of records for a domain. Database of active directory objects for a domain.
Filtered Attribute Set Do not fly list for certain fields. It’s inefficient to move all the data around, so to Read Only Domain Controllers it makes sense to not send everything.
Forward Link A form field that when it’s changed updates other linked fields It’s like the authoritative domain entry in DNS.
Group A folder with a bunch of forms in it A basket you put other objects into: users, contacts or computers.
Link Table A linked list
Member Server A windows server that handles tasks on the network. Any server that is not a Domain Controller.
Mixed Mode That one old adapter you keep for the odd bit of kit. Don’t worry about this unless you’re still doing something with Windows NT.
Native Mode A new clean server room. Woohooo – no Windows NT domain controllers.
Naming Context The drawers you keep your different folders in. Top level sanity organization elements for all the objects in a network.
Relative Distinguished Name A nickname to where something is at It’s like saying “your Desktop folder” – it’s relative to the user who is logged in.
Michael Buckbee

Michael Buckbee

Michael has worked as a syadmin and software developer for Silicon Valley startups to the US Navy and everything in between.