One of the big benefits of Active Directory over the "flat" domain structure of Windows NT 4 (and earlier) domains is that objects can be stored in a hierarchical folder-like structure.

In earlier domains, however, at least you knew where all of the objects were - they were in one big long list - no searching for them, just scrolling (and scrolling, and scrolling).

In Active Directory, objects can be stored down in several layers of Organizational Units (OUs). So how does Active Directory keep track of where these objects are? It uses LDAP (Lightweight Directory Access Protocol) naming paths. These naming paths can take three forms:

• Distinguished Names
• Relative Distinguished Names
• Canonical Names

Distinguished Names
Each AD object has a distinguished name - and no, that does not mean they are called "Sir" or "Madam." By distinguished, we mean that the name itself distinguishes the exact location of the object in the directory. There are several notations that are used in the distinguished name:

DC	Domain Component	Part of the DNS name of the domain such as COM or ORG
OU	Organizational Unit	One of the containers in AD that holds other objects
CN	Common Name	Objects in AD, such as users, computers, printers, etc

These components can be used more than once in a distinguished name, if necessary, to accurately name the path to the object. For instance, the user Bob Marley in Accounts Receivable, in Accounting at My Company might have a distinguished name like this:

CN=Bob Marley,OU=AR,OU=Accounting,DC=mycompany,DC=com

In this example, you can see that there are two OU components, and two DC components.

Relative Distinguished Names
The Relative Distinguished Name is simply the portion of the Distinguished Name that uniquely identifies an object within the object’s parent container. For instance, Bob’s Relative Distinguished Name from the example above, would be:

CN=Bob Marley

Keep in mind that the user Bob Marley in the Shipping department might also have the exact same Relative Distinguished Name, though his Distinguished name would, of course, indicate that his account was in a different OU.

Canonical Names
There is a third naming path that Microsoft sometimes refers to. This is just a different way of displaying the distinguished name (that is easier to read), and looks like this:

mycompany.com/Accounting/AR/Bob Marley

It not only removes the notation for the Distinguished Name (e.g.: DC=) it is also the reverse order of the Distinguished Name.