| Lesson 4 || Active Directory naming conventions |
| Objective || Understand the different Naming Conventions and their uses. |
Active Directory Naming Conventions
The naming conventions of a directory service are critically important for the usability and maintenance of your network.
In fact, the Active Directory
is dependent on DNS (domain naming service), and will not install unless the DNS service is installed on the computer.
The DNS namespace
is an important concept in Active Directory. The namespace encompasses the forests, trees and domains that create the logical structure of the network.
Objects within the namespace are identified in several different ways.
Namespace: The namespace encompasses the forests, trees and domains that create the logical structure of the network. Objects within the namespace are identified in several different ways.
Active Directory supports four naming conventions for Active Directory objects:
- Distinguished name
- Relative distinguished name
- User principal name
- Global unique identifier
Remember, names should be unique, so that each object within a directory can be found and accessed without much guesswork-not easy given the number of objects that populate Active Directory.
As you will see below, Active Directory has built in some safeguards to make this aspect of your job a little simpler.
Distinguished name and relative distinguished name
Every object in Active Directory has a distinguished name. The distinguished name 
identifies the domain where the object is located, in
addition to the complete path by which the object is reached. The relative distinguished name
of an object is the part of the distinguished name that is an attribute of the object.
The MouseOver below shows you these two conventions and how they relate within a piece of code:
active Directory Distinguished Name
With regard to their uniqueness, distinguished names are guaranteed to be unique in the forest. Active Directory does not permit two objects
with the same relative distinguished name under the same parent container.
User principal name
The user principal name (UPN) of a user object is composed of the user's logon name and the DNS name of the domain where the user object resides.
For example, user James Smith in the contoso.com domain might have a user principal name of JamesS@contoso.com. The user principal name can
be used to log on to the network. An administrator can define additional suffixes for user principal names, if required.
While user principal names are required to be unique, Active Directory does not enforce this requirement.
Therefore, it's possible to have duplicate user principal names if you are not extremely careful about naming from the start. This could happen, for instance, if you have a
username of James Smith in the Finance OU and another username of James Smith in the Marketing OU. Because the distinguished names will be
different, reflecting the different OUs, this is permitted. However, if both OUs are in the contoso.com domain, both will have the same UPN.
Active Directory will not allow you to assign the same logon name to these two users.
User principal name: The user principal name of a user object is composed of the user\'s logon name and the DNS name of the domain where the
user object resides.
Globally unique identifier
The globally unique identifier (GUID) is a 128-bit number that is guaranteed to be-and by definition unique.
Windows 2000 assigns a GUID to objects when they are created. The GUID never changes, even if you move or rename the object.
Applications can store the GUID of an object and be able to retrieve that object even if the distinguished name of the object changes.
Globally unique identifier: The globally unique identifier (GUID) is a 128-bit number that is guaranteed to be unique.
Windows 2000 assigns a GUID to objects when they are created.
In the next lesson, you will learn about the logical structure of Active Directory.
Active Directory Naming Conventions
Distinguished name: Every object in Active Directory has a distinguished name.
The distinguished name identifies the domain where the object is located, in addition to the complete path by which the object is reached.
Relative distinguished name: The relative distinguished name of an object is the part of the distinguished name that is an attribute of the object.