Does Active Directory users have unique IDs?

hi, does Active Directory users have unique IDs? if so what the name of this property?
Who is Participating?
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

For the SID in ASP .NET using DirectoryServices this example is good enough:

If you look at the code for "ConvertByteToStringSid" you'll see that it isn't a pleasant field to work with. The same can be said of objectGUID to an extent, but it has some converters...


Dim adUser As New DirectoryEntry("LDAP://CN=Some users,OU=Somewhere,DC=domain,DC=com")
Dim objectGUID As Byte() = adUser.Properties("objectGuid").Value
Dim GUID As New System.Guid(objectGUID)
' GUID String is held in:
' GUID.ToString()

systemagicConnect With a Mentor Commented:
All Active directory objects have unique security identifiers which are referred to as SID numbers.
Cameron_SConnect With a Mentor Commented:
Systemagic is correct. Also, sAMAccountName is the unique name (login name, essentially) specifically to users, if you needed a logical reference outside a numerical one.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Mike KlineConnect With a Mentor Commented:
Yes a SID is the name, every user has one, there are also well known SIDs. More on that here
Well-known security identifiers in Windows operating systems
Want to quickly find the SID of a user object.  Use adfind by MVP Joe Richards
use one of the shortcuts Joe has provided for a user
adfind -sc u:USERNAME objectsid

Chris DentConnect With a Mentor PowerShell DeveloperCommented:

These are the unique properties:

objectGUID - Unique within a Forest. Cannot be changed.

sAMAccountName - Unique within a Domain. Can be changed.

sID (Security Identifier) - Unique within a Forest. Cannot be changed, may have an additional entry in sIDHistory.

userPrincipalName - Unique within a Forest. Can be changed.

There are a few others, but those are the most reliable. Depending on your goal the objectGUID may be the best for a couple of reasons:

1. It never changes unless the account object is destroyed (rename or move the account and it'll still be there)
2. You can bind to an account using the GUID

Abdu_AllahAuthor Commented:
And how do I retreive this sID using scripts?
Point raised to 500
Abdu_AllahAuthor Commented:
ASP or ASP.NET script please.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.