7,023 questions
Descendant is child of child of child and so on. Child is only of that specific element.
--please don't forget to upvote and Accept as answer if the reply is helpful--
What is the difference between a child and a descendant?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 54%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH7%3C/text%3E%3C/svg%3E)
Helmut-72
66
Reputation points
Hi,
given a user / computer / group object and an OU, what's the difference between child and descendant, especially in the context of inheritance?
Thank you!
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
4 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2022-08-03T21:32:34.163+00:00 -
Anonymous
2022-08-04T12:40:27.93+00:00 Just checking if there's any progress or updates?
--please don't forget to
upvoteandAccept as answerif the reply is helpful--
Sign in to comment -
-
Gary Reynolds 9,621 Reputation points2022-08-04T12:16:24.257+00:00 Yes they do, most AD objects can have child objects, which objects is controlled by the PossibleInferiors attribute of the ClassSchema for the object.
These lists are based on base Windows 2016 schema, Exchange, Skype, and other schema extensions can add more objects.
Computer objects
Group objects
User Objects
OrganizationalUnit Objects
-
Helmut-72 66 Reputation points
2022-08-04T13:34:23.827+00:00 Once again: Thanks Gary for the detailed information.
Sign in to comment -
-
Helmut-72 66 Reputation points
2022-08-04T07:19:00.48+00:00 Do computer / group / user objects have childs or descendants? And if which? Or only organizational units?
-
Limitless Technology 39,926 Reputation points2022-08-05T07:48:18.493+00:00 Hello
Thank you for your question and reaching out. I can understand you are having query related to AD objects.
When granting permission to an object, you have the option of granting it to all of its child objects, just a few, or the object itself. For instance, your organization's organizational unit (OU) comprises a number of user objects and group objects that represent its employees and departments, as well as a number of computer objects that are assigned to interns who work there. You can configure the permission and select Descendant group objects in the Applies to section to grant the 'Delete child objects' permission to everyone in the OU but the interns. This will make sure that only the groups inside the OU—and not the machines outside the groups—are granted authority to delete child items.
--------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--