O

object

In ADSI, refers to a COM object that implements one or more interfaces.

In Active Directory®, the basic named unit of storage. A directory object is an instance of an object class, which is defined in the Active Directory Schema.

object class

A formal definition of a specific kind of object that can be stored in the directory. An object class is a distinct, named set of attributes that represents something concrete, such as a user, a printer, or an application. The terms object class and class are used interchangeably.

object class instance

Represents a discreet occurrence of an object class.

object identifier (OID)

A numeric value that unambiguously identifies an object class, attribute, or syntax in a directory service. An OID is represented as a dotted decimal string (for example, "1.2.3.4").

OID

See object identifier.

operation policy

An operation is the interaction that a subject wants to have with an object. For example, when a user (the subject), wants to access (the operation), a given server (the object), over the network, a policy determines whether that access will be allowed.

operational attribute

An attribute implemented internally by a particular directory implementation. Operational attributes do not appear in the schema and must be requested explicitly. Operational Attributes occurred originally in the X.500 specifications for a directory service and have been carried over into the LDAP version 3 specifications (RFC 2251). RFC 2251 requires support for certain operational attributes; a given directory implementation may implement any number of others.