Did you find this useful?
Socialize it today.


Object Naming Convention

Wednesday, October 26, 2011

Active Directory is an LDAP compliant directory service. Network clients use the LDAP protocol to query Active Directory for information. Every object in Active Directory is identified by one or more names. Active Directory uses a variety of object naming conventions.

  • Distinguished Names
  • Relative Distinguished Names
  • Globally Unique Identifiers
  • User Principal Names

Distinguished Name (DN)

Every object in Active Directory has a distinguished name (DN) that uniquely identifies the object. This naming convention contains enough information for a client to retrieve information about the object. The DN contains the complete path of where the object is located in the hierarchy. Here is an example of a DN for a user object.

CN=John Smith,OU=Users,OU=Sales,DC=itgeared,DC=com

Another example of a computer located in the Computers Container (notice that the Containers use CN, rather than OU).

CN=Computer1,CN=Computers,DC=itgeared,DC=com

In this example, you will notice that there are three LDAP abbreviations used to help identify the name and location of this object. Active Directory does not allow duplicate DNs.

  • CN: Common Name
  • OU: Organizational Unit
  • DC: Domain Component

Relative Distinguished Name (RDN)

The Relative Distinguished Name of an object is the part of the name that is an attribute of the object itself. It is the common name for the object. In the previous example, the RDN for John Smith is John Smith. The RDN for the Organizational Unit, Users, is Users. Active Directory does not allow an RDN to be duplicated within the same container.

Globally Unique Identifier (GUID)

A globally unique identifier is a 128 bit hexadecimal number that is guaranteed to be unique within the Forest. GUIDs are assigned to all objects at the time of object creation. The GUID will never change, even if you rename the object. Nor is it changed when the object is moved among the various domains within the forest boundary. The GUID object is needed in Active Directory, because unlike Windows NT, Active Directory requires an object that can be unique in the forest. The SID can no longer provide that requirement since multiple domains can exist within the forest boundary.

User Principal Name (UPN)

The user principal name is also known as the “friendly” name. The UPN consists of the user account name and a domain naming suffix (generally the domain naming suffix for the domain that the user is a member of). In the previous example, John Smith’s UPN may be john.smith@itgeared.com. It is possible for a user to have a UPN that includes a domain suffix that does not match the domain name where the object is located in. This is common for organizations that have an Active Directory infrastructure with an empty root domain along with many child domains. The UPN for all of the users in the forest would use the root domain suffix.

Please help us spread the word by socializing it today!

email contact us

Did you find something wrong with the information on this page? Please take a moment to report it to us so that we can continue to improve the quality of the information on this site. Click here to report an issue with this page.



Recommended Books & Training Resources

MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647 Windows Server 2008 R2 Unleashed