AD domain-related understanding (data from the network)

Differences between organizational units and groups in an ad domain
Groups (group) and organizational units (OUs) are significantly different.
Group is mainly used for permission setting, while organizational unit is mainly used for network construction;
In addition, an organizational unit represents only a collection of objects in a single domain (which can include group objects), while a group can contain users, computers, shared resources on the local server, a single domain, a domain tree, or a forest.
An organizational unit is an OU, a group, a directory, and the latter to set permissions.
An organizational unit is a class of directory objects contained within a domain, such as users, computers and groups, files and printers, and a container for deploying Group Policy on OUs
A group can be understood as a permission directory in AD, it specifies some attributes that the user has in the ad, and can be understood as a collection of permissions.
An organizational unit is a class of directory objects, such as users, computers, and groups, files, and printers, that are contained in a domain. is a container. The organizational unit also has a hierarchical structure that can be used to establish a hierarchical model of the domain, which in turn allows users to minimize the number of domains required for the network (this should be well understood, the organizational unit hierarchy is certainly better than forest management bar ^_^). Organizational units have inheritance, and subunits can inherit the ACLs of parent cells.
At the same time, domain administrators can grant users administrative rights to all organizational units or individual organizational units in a domain. Like the head of a company's various departments, the power of averaging can be managed more effectively.


AD Domain Related instance
CN, OU, DC are the distinguished names in the end strings of the LDAP connection server (DN, distinguished name)

The connection string format for the LDAP connection server is: Ldap://servername (or 192.168.xxx.xx address)/dn The DN has three properties, respectively CN,OU,DC

LDAP is a communication protocol, as HTTP is a protocol.

String ldap = "ldap://192.168.xxx.xx/cn= Pan Yuyu, ou=developer,dc=example,dc=local";

Dim Root as New DirectoryEntry (LDAP, "Pan_xy", "123456")

In the LDAP directory, · DC (domain Controller) domain Controller example: domainname.com
· CN (Common name) is a user name or server name, up to 80 characters long, can be Chinese; for example: Pan_xy
· OUs (organizational unit) are organizational units with a maximum of four levels, up to 32 characters per level, and can be Chinese; for example: Developer

An LDAP directory is similar to a file system directory.
The following directories:
Dc=redmond,dc=wa,dc=microsoft,dc=com
If we compare the file system, it can be considered as the following file path:
Com\microsoft\wa\redmond

For example: cn=test,ou=developer,dc=domainname,dc=com
In the code above
Cn=test may represent a user name,
Ou=developer represents an organizational unit in Active Directory.

The meaning of this sentence may be that the test object is in the Developer organizational unit of the domainname.com domain.