Reputation: 9351
Is the primary identifier of an Active Directory user the 'logonname' attribute?
For security purposes, is the primary identifier of an Active Directory user the 'logonname' attribute?
For example a user with the logonname "bob" is first created then removed from AD, then an another user is created again with the logonname "bob" - is this new user, from a security perspective, equivalent?
The reason I ask this question is due to some recent peculiarities with opening a PST mailfile - as the above example, a user has been removed then recreated with the same loginname, this new user is not permitted to open the previous users pst file despite sharing the same username.
Thanks.
Upvotes: 4
Views: 931
Answers (1)
Reputation: 120704
No, the objectSid (a SID) is the primary ID when it comes to assigning permissions. A new user with the same name will have a different objectSid, and therefore will not be able to access files which the original user had permission to.
Upvotes: 6
Related Questions
- What Active Directory field do I use to uniquely identify a user?
- Does Oracle Unified Directory have a unique identifier for users
- In general with Active Directory, what do most companies use as unique identifier for people?
- What is "Name" in "IdentityType" (System.DirectoryServices.AccountManagement)
- Active Directory user attributes
- What does System.DirectoryServices.AccountManagement.IdentityType.Name specify?
- Is Distinguished name always present for Active Directory objects?
- is AuthenticablePrincipal.LastLogon Property the LastLogOnTimeStamp value?
- does other Directory Services than Active Directory have a unique identifier for each object in the directory?
- Active Directory GUID