1

I'm creating some AD LDS objects. In AD I'm prompted with this window.

enter image description here

What's the difference between 'container' and 'group'? Is there a web resource that lists the difference? I haven't been able to find one yet.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
Dylan Klomparens
  • 634
  • 2
  • 9
  • 22

2 Answers2

3

The 'container' class is for AD folders that aren't OUs, e.g. the automatically created 'Users' folder. the 'group' class is for Security or Distribution groups that can have users, computers, or other groups as members.

An object being inside a container affects it's DN. If I put a user with a CN of 'jdoe' in the 'Users' folder, it's DN will be 'CN=jdoe,CN=Users,DC=domain,DC=com'. If 'jdoe' becomes a member of a 'group', that would not change his DN.

1.618
  • 669
  • 1
  • 4
  • 17
  • If a LDAP directory was a file system, organizationalUnit would be folders and users would be files. Groups would be zip files, I guess. Obviously, a directory (LDS) has much more to offer... – ixe013 Dec 12 '12 at 17:49
2

The Active Directory Schema documentation should have everything you need.

The container object has the following definition:

This class is used to hold other classes.

The group object has the following definition:

Stores a list of user names. Used to apply security principals on resources.

MDMarra
  • 100,734
  • 32
  • 197
  • 329