Fork me on GitHub

Users inside an Active Directory domain can be identified by different properties like their

  • GUID
  • object SID
  • distinguished name
  • sAMAccountName
  • userPrincipalName


  • The userPrinicipalName consists upon the username and its suffix. Both parts are separated by an '@' character.
  • There can only be a unique username part of the userPrincipalName. It is not possible to have the UPN AND
  • For an Active Directory domain there can be multiple suffixes defined (UPN suffixes).
  • In Active Directory Users and Computers the userPrincipalName is the User logon name. The administrator can select one of the defined UPN suffixes.


  • Inside a domain there can be only a unique sAMAccountName. It is not possible to have to multiple users with the same sAMAccountName.
  • In Active Directory Users and Computers the sAMAccountName is the User logon name (pre-Windows 2000).

Relation between userPrincipalName and sAMAccountName

There is no direct relationship between both identifiers. The username part of userPrincipalName can be completely different from the sAMAccountName.


Users can log-in with their userPrincipalName or their sAMAccountName.