A. Active Directory (AD) uses several naming conventions for objects. These naming conventions include the distinguished name (DN), relative distinguished name (RDN), Lightweight Directory Access Protocol (LDAP) URL name, LDAP canonical name, user principal name, and SAM account name.
The most popular method for naming AD objects is to use the DN. Every AD object has a DN that uniquely identifies the object in the Directory Service (DS). For example, the DN
identifies an object as follows:
- /O=Internet - Organization=Internet
- /DC=COM - Domain Component=COM
- /DC=SavillTech - Domain Component=SavillTech (the full Domain Component is SavillTech.com)
- /CN=Users - Common Names=Users
- /CN=John Savill - Common Names=John Savill
The RDN is also known as the friendly name. The RDN for the above example is CN=John Savill. The RDN for the Users container is CN=Users.
LDAP URL names begin with LDAP://, then include an LDAP server and a modified DN that identifies the object (e.g., LDAP://titanic.savilltech.com/ou=Sales,cn=JSavill,dc=SavillTech,dc=com).
An LDAP canonical name is the LDAP name without certain information (i.e., ou=, cn=, dc=). An example LDAP canonical name is savilltech.com/Sales/Jsavill. Many administrative tools use these names.
The user principal name contains the username and DNS domain name, linked with the symbol @ (e.g., [email protected]).
The SAM account name (e.g., savillj) is in the Windows NT 4.0 format. Because of this name’s single-layer convention, each name must be unique within an organization.
Objects are actually stored as globally unique IDs. A GUID is a 128-bit number that generates at object creation and is stored in the object attribute objectGUID. GUIDs don’t change.