desktop security software  
security desktop order software software library technical support

security desktop


Desktop Security

Internet Security

PC Time Limit

Protect Files

Security FAQ

Windows Tips

Internet FAQ


limit, kids, pc, time, security, desktop, child, online, limits, password, control, user, restrict, access, protect, privacy, internet, children




Version for print

Which naming conventions does Active Directory use for objects?

Active Directory (AD) uses several naming conventions for objects. These naming conventions include the distinguished name (DN), relative distinguished name (RDN), Lightweight Directory Access Protocol (LDAP) URL name, LDAP canonical name, user principal name, and SAM account name.

The most popular method for naming AD objects is to use the DN. Every AD object has a DN that uniquely identifies the object in the Directory Service (DS). For example, the DN

/O=Internet/DC=COM/DC=SavillTech/CN=Users/CN=John Savill

identifies an object as follows:

  • /O=Internet - Organization=Internet
  • /DC=COM - Domain Component=COM
  • /DC=SavillTech - Domain Component=SavillTech (the full Domain Component is
  • /CN=Users - Common Names=Users
  • /CN=John Savill - Common Names=John Savill
A DN might also include an organizational unit (OU). For more information about DNs, see RFC 1779 A String Representation of Distinguished Names.

The RDN is also known as the friendly name. The RDN for the above example is CN=John Savill. The RDN for the Users container is CN=Users.

LDAP URL names begin with LDAP://, then include an LDAP server and a modified DN that identifies the object (e.g., LDAP://,cn=JSavill,dc=SavillTech,dc=com).

An LDAP canonical name is the LDAP name without certain information (i.e., ou=, cn=, dc=). An example LDAP canonical name is Many administrative tools use these names.

The user principal name contains the username and DNS domain name, linked with the symbol @ (e.g.,

The SAM account name (e.g., savillj) is in the Windows NT 4.0 format. Because of this nameís single-layer convention, each name must be unique within an organization.

Objects are actually stored as globally unique IDs. A GUID is a 128-bit number that generates at object creation and is stored in the object attribute objectGUID. GUIDs donít change.

Security FAQ

Windows Privacy Tools - http//


l Security Officer l Internet Explorer Security l Protect Files l User Time Control l Security Desktop l Site Map

Copyrights 2006 Eugene Mihailov. All rights reserved