Fork me on GitHub

Users inside an Active Directory domain can be identified by different properties like their

  • GUID
  • object SID
  • distinguished name
  • sAMAccountName
  • userPrincipalName

userPrinicipalName

  • The userPrinicipalName consists upon the username and its suffix. Both parts are separated by an '@' character.
  • There can only be a unique username part of the userPrincipalName. It is not possible to have the UPN my-username@test.ad AND my-username@some-other-upn-suffix.ad
  • For an Active Directory domain there can be multiple suffixes defined (UPN suffixes).
  • In Active Directory Users and Computers the userPrincipalName is the User logon name. The administrator can select one of the defined UPN suffixes.

sAMAccountName

  • Inside a domain there can be only a unique sAMAccountName. It is not possible to have to multiple users with the same sAMAccountName.
  • In Active Directory Users and Computers the sAMAccountName is the User logon name (pre-Windows 2000).

Relation between userPrincipalName and sAMAccountName

There is no direct relationship between both identifiers. The username part of userPrincipalName can be completely different from the sAMAccountName.

Login

Users can log-in with their userPrincipalName or their sAMAccountName.