The Lightweight Directory Access Protocol (LDAP) Application Programming Interface (API) will reference an object by its Distinguished Name (DN), which is a comma separated string of Relative Distinguished Names (RDNs).
Windows Server 2008 introduced Fine-Grained Password Policies to Active Directory Domain Services (AD DS), allowing administrators to have much greater control over domain security. The primary benefit to this is that different security groups can now have differing password policies, one of the most common variances being password validity duration.