TOPIC Active Directory Object Identity SHORT DESCRIPTION The Active Directory module for Windows PowerShell objects have a range of identifying attributes that are used for search and retrieval. LONG DESCRIPTION In order to identify the objects in Active Directory, each object has attributes that can be used as identifiers. In the Active Directory module, the value of the identity of an object can be passed using the Identity parameter. Each object type has its own set of possible types and values for use by the Identity parameter. See the detailed description of the Identity parameter of the given cmdlet for more information about its usage. When searching with the Active Directory module cmdlets, the value of the Identity parameter, along with the values of the Server and Partition parameters, is used to uniquely identify a single object. The Server parameter is used to locate which server to connect with. The Partition parameter further narrows the search to a specific partition. The Identity parameter then resolves to a single unique object in the partition. If more than one object is found using identity resolution, the Active Directory module throws an error. For more information about the Server and Partition parameters, see the help topics for the individual cmdlets where they are used, such as Get-ADUser, by typing: get-help Get-ADUser Objects and Identities Each object has a list of attributes that can be used as an identity for that object. Additionally, if the object inherits from another object, then the parent object's identities can also be used as the child object's identities. For more information on the Active Directory object hierarchy, see about_ActiveDirectory_ObjectModel. Note: For Active Directory Provider cmdlets, only an object's 'Distinguished Name' or 'Relative Distinguished Name' can be used as the identity. For a list of Active Directory Provider cmdlets, see ActiveDirectory. Identity Attributes The following is a list of identity attributes by object type. ADAccount Distinguished Name GUID (objectGUID) Security Identifier (objectSid) SAM Account Name (sAMAccountName) ADComputer Distinguished Name GUID (objectGUID) Security Identifier (objectSid) Security Accounts Manager Account Name (sAMAccountName) ADDirectoryServer Name of the server object (name) For AD LDS instances the syntax of a name is $ For other Active Directory instances, use the value of the name property. Distinguished Name of the NTDS Settings object Distinguished Name of the server object that represents the directory server. GUID (objectGUID) of server object under the configuration partition. GUID (objectGUID) of NTDS settings object under the configuration partition ADDomain Distinguished Name GUID Security Identifier DNS domain name NetBIOS domain name ADDomainController GUID (objectGUID) IPV4Address Global IPV6Address DNS Host Name (dNSHostName) Name of the server object Distinguished Name of the NTDS Settings object Distinguished Name of the server object that represents the domain controller GUID of NTDS settings object under the configuration partition GUID of server object under the configuration partition Distinguished Name of the computer object that represents the domain controller. ADFineGrainedPasswordPolicy Distinguished Name GUID (objectGUID) Name (name) ADForest Fully qualified domain name DNS host name NetBIOS name ADGroup Distinguished Name GUID (objectGUID) Security Identifier (objectSid) Security Accounts Manager (SAM) Account Name (sAMAccountName) ADObject Distinguished Name GUID (objectGUID) ADOptionalFeature Distinguished Name Name (name) Feature GUID (featureGUID) GUID (objectGUID) ADOrganizationalUnit Distinguished Name GUID (objectGUID) ADPrincipal Distinguished Name GUID (objectGUID) Security Identifier (objectSid) SAM Account Name (sAMAccountName) ADServiceAccount Distinguished Name GUID (objectGUID) Security Identifier (objectSid) SAM Account Name (sAMAccountName) ADUser Distinguished Name GUID (objectGUID) Security Identifier (objectSid) SAM User Name (sAMUserName) Identities Formats Active Directory module objects have a range of identity attributes. Below is a list of these, their types and formats. Distinguished Name Example: CN=SaraDavis,CN=Europe,CN=Users, DC=corp,DC=contoso,DC=com DNS domain name Example: redmond.corp.contoso.com DNS Host Name (dNSHostName) Example: corp-DC01.corp.contoso.com Feature GUID (featureGUID) Example: 599c3d2e-f72d-4d20-8a88-030d99495f20 Fully qualified domain name Example: corp.contoso.com Global IPV6Address Example: 2001:4898:0:fff:200:5efe:157.59.132.61 GUID (objectGUID) Example: 599c3d2e-f72d-4d20-8a88-030d99495f20 IPV4Address Example:157.59.132.61 NetBIOS domain name Example: redmond Name of the server object Example: corp-DC01$ Security Accounts Manager (SAM) Account Name (sAMAccountName) Example: saradavisreports Security Identifier (objectSid) Example: S-1-5-21-3165297888-301567370-576410423-1103 Name Example: Recycle Bin Feature SEE ALSO about_ActiveDirectory about_ActiveDirectory_ObjectModel