Directory Services

Containers and Leaves

Active Directory is a hierarchy of objects in which every object instance, except the root of the directory hierarchy, is contained by some other object. The structure of this hierarchy is more flexible than a file system where you just have directories and files. Instead, rules, in the Active Directory Schema, determine which object classes can contain instances of which other object classes. For example, the default schema definition of the User object class includes the Organizational-Unit and Container object classes as possible superiors; that is, possible parents or containers of a User object instance. This means that an Organizational-Unit object can contain a User object, but a User object cannot contain another User object, unless the schema definition of the User class is changed.

Except for schema objects, that is, the classSchema or attributeSchema objects that define the classes and attributes that can exist in an Active Directory forest, any object in Active Directory may be a container. Specifically, any object class that appears in the possSuperiors or systemPossSuperiors attribute of an object class definition is potentially a container. For more information about possible superiors of a predefined object class, see Active Directory Reference. You can bind programmatically to the abstract schema and use the IADsClass::get_Containment or IADsClass::get_PossibleSuperiors methods to get the classes that a given class can contain or be contained by. For more information, see Reading the Abstract Schema. You can also read the possibleInferiors attribute of any object instance to determine the object classes that the object can contain. Be aware that possibleInferiors is a constructed attribute, which means it is calculated from the possSuperior/systemPossSuperiors values of the other class definitions and is not actually stored in the directory.

Be aware that the Active Directory Schema defines a Container class. As discussed previously, an object is not required to be an instance of the Container class to be a container. There is also a Leaf class, and although subclasses of this class are typically not containers, there is no reason why they could not be.

Finally, you can set a flag on the display specifier associated with an object class to indicate that user interfaces should always display instances of the class as leaves rather than containers. This helps prevent the user interface from being cluttered by too many containers. For more information, see Viewing Containers as Leaf Nodes.