14-17Lesson 2 Important Active Directory Concepts
What Is a Namespace?
Active Directory, like all directory services, is primarily a namespace, which is any
bounded area in which a name can be resolved. Name resolution is the process of
translating a name into some object or information that the name represents. The
Active Directory namespace is based on the DNS naming scheme, which allows for
interoperability with Internet technologies. An example namespace is shown in Fig-
ure 14-8.
microsoft.comdiv1.microsoft.com div2.microsoft.comdept1.div1.microsoft.com dept1.div2.microsoft.comdept2.div1.microsoft.com dept2.div2.microsoft.com
F14us08
Figure 14-8 A namespace is a bounded area in which a name can be resolved.
Using a common namespace allows you to unify and manage multiple hardware and
software environments in your network. There are two types of namespaces:
Contiguous namespace The name of the child object in an object hierarchy always
contains the name of the parent domain. A tree is a contiguous namespace.
Disjointed namespace The names of a parent object and a child of the same parent
object are not directly related to one another. A forest is a disjointed namespace.
!
Exam Tip The word namespace is often used. Remember that, at its simplest, a namespace is a structure (often a database) in which all objects are named similarly but are still uniquely identified.
Naming Conventions
Every object in Active Directory is identified by a name. Active Directory uses a variety
of naming conventions: distinguished names, relative distinguished names, globally
unique identifiers, and user principal names.
Distinguished Name
Every object in Active Directory has a distinguished name (DN), which uniquely
identifies an object and contains sufficient information for a client to retrieve the object
from the directory. The DN includes the name of the domain that holds the object, as
well as the complete path through the container hierarchy to the object.
For example, the following DN identifies the Firstname Lastname user object in the
microsoft.com domain (where Firstname and Lastname represent the actual first and
last names of a user account):
/DC=COM/DC=microsoft/OU=dev/CN=Users/CN=Firstname Lastname
Table 14-1 describes the attributes in the example.
Table 14-1 Distinguished Name Attributes
Attribute DescriptionDC The DC, or DomainComponentName, indicates the domain in which the object is
defined.
OU The OU, or OrganizationalUnitName, indicates the organizational unit in which
the object exists.
CN The CN, or CommonName, is the actual name of the object.
DNs must be unique because Active Directory does not allow duplicate DNs.
Relative Distinguished Name
Active Directory supports querying by attributes, so you can locate an object even if
the exact DN is unknown or has changed. The relative distinguished name (RDN) of
an object is the part of the name that is an attribute of the object itself. In the preceding
example, the RDN of the Firstname Lastname user object is Firstname Lastname. The
RDN of the parent object is Users.
You can have duplicate RDNs for Active Directory objects, but you cannot have two
objects with the same RDN in the same OU. For example, if a user account is named
Jane Doe, you cannot have another user account called Jane Doe in the same OU.
However, objects with duplicate RDNs can exist in separate OUs because they have
different DNs (see Figure 14-9).