LDAP Terminology
Directory Information Tree: A directory information tree (DIT) is the hierarchy of entries contained in a directory server.
Distinguished Name: A distinguished name (DN) is a name that uniquely identifies an entry and its position in the DIT. It is comprised of a series of zero or more relative distinguished names (RDNs) separated by commas.
Relative Distinguished Name: A relative distinguished name (RDN) is comprised of one or more attribute name-value pairs. Distinguished names are comprised of zero or more RDNs, but it is common to use the term RDN to refer to the leftmost component of a DN because the attribute values included in the leftmost RDN component for a DN must also be present in the entry referenced by that DN.
Domain Component (DC): DC objects represent the top (root node) of an LDAP tree.
Organizational Unit (OU): OU objects act as containers that hold other objects. They provide structure to the LDAP namespace. OUs are the only general-purpose container available to administrators in Active Directory. The OU object has the ou attribute that’s then typically used as part of the DN.
Common Name (CN): The common name is an object attribute that contains names that define it within the scope of its parent. Each name is one value of this multi-valued attribute. If the object corresponds to a person, it is typically the person's full name.
(Security) Groups: Security groups allow admins to configure authorization for certain tasks and actions to members of the group. A group is usually defined by a CN as the lowest level of its DN.