The Active Directory data model is
derived from the X.500 model of objects and attributes. An object
is a distinct, named set of attributes that represents something
concrete, such as a user, a printer, or an application. Thus, Active
Directory holds objects that represent entities of various sorts,
which are described by attributes (also called "properties").
For example, attributes of a user object might include the user's
given name, surname, and e-mail address.
The universe of objects that can be
stored in Active Directory is defined in the schema. For each object
class, the schema defines what mandatory attributes an instance of
the class is required to have, what optional additional attributes
it can have, and what object class can be a parent of the current
object class. LDAP defines the protocol that is used for accessing
and modifying directory information.
Active Directory is not an X.500
directory; as such, it does not support X.500 protocols.