Both users and applications are affected by the naming conventions that directory services use. To locate network resources, users and applications must know the name or some property of the resource. Active Directory supports many naming conventions, which allows users and applications to use the format with which they are most familiar when accessing resources in Active Directory.

Distinguished Name

Every object in Active Directory has a distinguished name. The distinguished name identifies the domain where the object is located, in addition to the complete path by which the object is reached. A typical distinguished name is:

DC=com,DC=contoso,CN=Users,CN=James Smith

This distinguished name identifies the James Smith user object in the contoso.com domain. (In the distinguished name, DC is the abbreviation for domain component, and CN is the abbreviation for common name.)

Relative Distinguished Name

The relative distinguished name of an object is the part of the distinguished name that is an attribute of the object. In the preceding example, the relative distinguished name of the James Smith user object is James Smith. The relative distinguished name of the parent object is Users.

User Principal Name

The user principal name of a user object is composed of the user's logon name and the DNS name of the domain where the user object resides. For example, user James Smith in the contoso.com domain might have a user principal name of JamesS@contoso.com. The user principal name can be used to log on to the network. An administrator can define additional suffixes for user principal names, if required.

Globally Unique Identifier

The globally unique identifier (GUID) is a 128-bit number that is guaranteed to be unique. Windows 2000 assigns a GUID to objects when they are created. The GUID never changes, even if you move or rename the object. Applications can store the GUID of an object and be able to retrieve that object even if the distinguished name of the object changes.

Uniqueness of Names

Distinguished names are guaranteed to be unique in the forest. Active Directory does not permit two objects with the same relative distinguished name under the same parent container. By definition, GUIDs are unique. User principal names are required to be unique, but Active Directory does not enforce this requirement, so it is possible to have duplicate user principal names.