Common Active Directory Objects

In Active Directory domains we have active directory objects. In this article we will mention basic objects, the ones we’ll probably work with on a day-to-day basis, but there are more of them. We already talked about Active Directory structure, but here we talk about objects.


User account is what allows ur to log on to the domain and access resources throughout, based on our username and password.


We are also granted access to resource permissions based on our group memberships. We have to create an active directory objects known as a group and then we have to place users or other groups nested inside of that group.


We can also have a computer objects. Once we create a domain we will add our workstations and other servers to the domain. Those computer accounts will then become part of the domain and they will also usually belong to organizational units. In fact, users, groups and computers normally will belong to organizational unit or OU as we normally call it.

Organizational unit

OU contains other objects. The reason why we want to organize things like that is to make it easier for administrators to find what they need to work with and it helps us to divide up our users and computers into things such as geographical areas, division, specialties and things like that.

Sites and site links

Let’s say that we have a single domain, but on two sites, for example in two different cities.

Let’s say that we started our company in Site 1, for example, in Berlin. So in Berlin we started with single domain and single site. Note that we have a specific IP address range associated with that particular site. One of the way sites are defined is by the IP address range that they have. Keep in mind that we can have multiple domain controllers on one site.

Let’s say that we open an office in Zagreb and we want to keep the same domain there. So, we can install additional domain controller in Zagreb, but for the same exact domain. It will have its own unique IP address range.

Note that site is an area of high-speed netowrk connectivity, it is local area network speed, 100Mbps or more. Sites are separated by some type of WAN link. It could be a dedicated WAN link, or trough public Internet using VPN.  Virtual Private Network or a VPN across the public Internet simply protects the data so that people can’t sniff it off the public Internet.


Why do we have to create separate sites? We actually could put all that in a single site, but the problem there is that will create replication traffic that we don’t want. If DCs are in the same site, they generate a lot replication traffic which be an inefficient on the slower bandwidth on the WAN link. With site link, replication is done more efficiently. So, site is also an object in AD.