Understanding the Active Directory Schema

All the objects that you can create in Active Directory and all their properties are defined in the Active Directory Schema. In Microsoft Windows Server 2003 and Windows 2000, the only copy of the schema is hosted by the domain controller that holds the schema flexible single-master operation (FSMO) role, which by default is the first domain controller in the forest. The schema is replicated from the schema master to all domain controllers in the forest through normal Active Directory replication. In the schema, objects and properties are defined as object classes and attributes. Once an object class has been defined and attributes assigned to it, you can instantiate, or create, objects of that class. ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.