Data Model

The Active Directory data model is derived from the X.500 model of objects and attributes. An object is a distinct, named set of attributes that represents something concrete, such as a user, a printer, or an application. Thus, Active Directory holds objects that represent entities of various sorts, which are described by attributes (also called "properties"). For example, attributes of a user object might include the user's given name, surname, and e-mail address.

The universe of objects that can be stored in Active Directory is defined in the schema. For each object class, the schema defines what mandatory attributes an instance of the class is required to have, what optional additional attributes it can have, and what object class can be a parent of the current object class. LDAP defines the protocol that is used for accessing and modifying directory information.

note-icon Note

Active Directory is not an X.500 directory; as such, it does not support X.500 protocols.