A Global Unique Identifier (GUID) is a unique 128-bit ID assigned to objects like domain users or groups when they are created in Active Directory (AD). Each object receives a GUID stored in the ObjectGUID attribute, which remains consistent throughout the object's lifetime, aiding in reliable identification and accurate searches within AD. An example of a GUID is 6B29FC40-CA47-1067-B31D-00DD010662DA
.
Security principals include users, computer accounts, and processes that the operating system can authenticate. They manage access to domain resources.
A Security Identifier (SID) is a unique ID for a security principal or group, issued by the domain controller in AD and never reused. For local accounts, the Security Accounts Manager (SAM) handles access control.
A Distinguished Name (DN) shows the full path to an AD object, such as cn=semo, ou=IT, ou=Employees, dc=secops, dc=local
, indicating the user's location in the directory.
Summary:
- Active Directory utilizes GUIDs as unique IDs for objects, aiding in accurate searches.
- Security Principals, including SIDs and Distinguished Names, manage access and identification within AD.