I've been thinking about this for several hours now... In our environment, we rarely, RARELY, ever change a person's unique identifiers such as sAMAccountName and userPrincipalName. We also have one master domain where all sAMAccountNames are guaranteed to be unique. As such, all userPrincipalNames are also unique. I could choose either as a unique identifier.
If you have multiple domains, and users with each domain, you probably could not use the sAMAccountName. Either way, you could use the userPrincipalName and be totally safe. The only times we change the userPrincipalName is if we goofed when creating the account, or a woman gets married and changes her last name. In either instance, we would only do this if the account was created within the last few days and has not yet had time to get permissions set in multiple locations. If we do need to change a userPrincipalName, we simply delete the account and re-create it. That said, if I used our sAMAccountName value for a unique ID, rather than uSNCreated, I'm just as happy since, if we delete an account, both the sAMAccountName AND uSNCreated will be different values. Therefore, any other relationships, you created, will now be broken. Maybe you are trying too hard to make it perfect when there will always be an exception, no matter how small, that you may need to attend to, manually. M!ke -----Original Message----- From: Brian Dumbledore [mailto:[EMAIL PROTECTED] Sent: Monday, June 26, 2006 5:36 PM To: CF-Talk Subject: Re: how to retrieve objectguid (LDAP) in a legible format Here is what I found after a bit of searching on the web.. Instead of using objectGuid to be the unique id, you can use another id, "usnCreated" which is not binary but just a 64bit integer value. However the catch is, usnCreated is like a autoincrement value which is unique for one domain controller. Meaning if your AD environment has more than one domain controller, then you will have two sets of usncreated "spaces", and these might have duplicate values. In my environment I have only one dc but I am hesitant to use usncreated since don't know what will happen in the future.. What do you'll think I should do??? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244826 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
