User guide
Glossary 261
referral
The LDAP searchResult returned by an LDAP server when it does not hold the base Object of a search
Request. A referral is specific in the sense that it always points to a server that holds the desired
baseObject (this is in contrast to Continuation Reference, which are non-specific in the sense that the
Continuation References returned in a searchResult always list all of the immediate child domains below
the domain that is generating the searchResult. Therefore, some of the domains listed in a response
containing Continuation References might not hold any of the target objects).
Relative Distinguished Name
This is a term used extensively in the X.500 standards to denote the name used to uniquely reference an
object relative to its parent container and the domain that holds the object. In Microsoft active directory,
the term "RDN" is rarely used explicitly, but the concept is frequently used. It is instantiated by the
rDNAttID attribute. For the object classes person, computer, and group, the value of rDNAttID is set to cn.
Similarly, for the object class organizationalUnit, the value of rDNAttID is set to OU. For example, if a
person distinguishedName of an object is: cn=John Smith,cn=users,dc=widget,dc=com, then that RDN is:
cn=John Smith.
Note that in this example, the RDN appears to be the concatenation of two attribute values: the user's
givenName and his surname (sn). However, in the default Microsoft® active directory schema, an object
of class person uses the displayName attribute value as the value of the RDN of the object. In the example
of John Smith, when the administrator created the user account, the Logon Name was set to JohnSmith.
The Logon Name gets stored in the attribute named sAMAccountName. Note that "Logon Name" is what
the field is called in the ADUC interface. Similarly, the fields in the ADUC interface labeled "First Name"
and "Last Name" are stored in the attributes names givenName and sn, respectively, as well as in
displayName. In Microsoft active directory, for objects of class person, Common-Name (cn) and Display-
Name (displayName) get assigned the same value.
root domain
A domain that is not a child domain of any domain in the forest. A root domain can have child domains.
Each root domain might be a forest root. Each forest has only one root domain. See also domain tree root
and forest root.
SAM Account Name
See Relative Distinguished Name.
schema
The rules used to control the structure of active directory data within a domain. The schema defines the
object classes that can be used to create objects in a domain. For each object class, the schema defines
exactly what attributes an instance of that class must have, what additional attributes it might have, and
what object class can be its parent within nested hierarchies. Within an active directory forest, all
domains have the same schema. How objects may be arranged in hierarchal relationships within a
domain is left to the discretion of each vendor selling an LDAP-enabled Directory Service product. The
default hierarchies allowed by each vendor are controlled by that vendor's default schema.
subdomains
See descendant domains.
tree depth
Refers to the number of generational levels in a specific subtree of a specific domain. For a given forest,
the forest root domain is said to be at Tree Depth = 1. The immediate child domains of the forest root, if